| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungs-Trojaner auf Win7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.06.2012, 14:31
| #1 |
 |  Windows-Verschlüsselungs-Trojaner auf Win7 Hallo, auch wir haben uns den Trojaner eingefangen. System: Windows 7, 32bit-Version Hier die Daten des Scans: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.03 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Ari :: ARI-MSI [Administrator] Schutz: Deaktiviert 12.06.2012 14:46:40 mbam-log-2012-06-12 (14-46-40).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366120 Laufzeit: 33 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1470A94A (Trojan.Agent.SZ) -> Daten: C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Gruß Dennis Nach dem verschieben der Funde in Quarantäne kann ich zumindest wieder im normalen Windows-Modus arbeiten, ohne dass das Fenster zum bezahlen kommt. OTL.txt Code:
ATTFilter OTL logfile created on: 6/13/2012 2:19:37 PM - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ari\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.17 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 66.40% Memory free 6.34 Gb Paging File | 5.01 Gb Available in Paging File | 79.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 273.39 Gb Total Space | 229.00 Gb Free Space | 83.76% Space Free | Partition Type: NTFS Drive D: | 182.27 Gb Total Space | 168.82 Gb Free Space | 92.62% Space Free | Partition Type: NTFS Computer Name: ARI-MSI | User Name: Ari | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/03/31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe PRC - [2012/03/28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe PRC - [2012/03/28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe ========== Modules (No Company Name) ========== MOD - [2012/05/12 09:21:21 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll MOD - [2012/05/09 19:00:53 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012/05/09 19:00:52 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c06efd2e3e05e4e3231904d543240c20\System.ServiceProcess.ni.dll MOD - [2012/05/09 19:00:36 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\fe88a64f62eb6afc6dfc945fc335b92b\System.Web.ni.dll MOD - [2012/05/09 19:00:23 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 19:00:20 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll MOD - [2012/05/09 19:00:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012/05/09 19:00:14 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012/05/09 18:59:38 | 014,325,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\64e140108933b8090472da1a76b78c20\PresentationFramework.ni.dll MOD - [2012/05/09 18:59:22 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9e953ea4e76b62ab1c4a1874abae2961\System.Windows.Forms.ni.dll MOD - [2012/05/09 18:59:15 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bbf2cf8dd0409f1ccc989406e2942dac\System.Drawing.ni.dll MOD - [2012/05/09 18:59:11 | 012,218,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b6370d1903505abc171c968e357fe1bf\PresentationCore.ni.dll MOD - [2012/05/09 18:59:01 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/09 18:58:55 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/09 18:58:51 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/09 18:58:49 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/09 18:58:38 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012/03/30 03:23:38 | 000,079,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll MOD - [2012/03/30 03:21:48 | 014,144,512 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll MOD - [2012/03/30 03:21:18 | 000,486,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll MOD - [2012/03/30 03:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2012/03/29 18:44:34 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll MOD - [2012/03/28 22:13:12 | 000,037,376 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll MOD - [2012/03/28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll MOD - [2012/03/28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll MOD - [2012/03/28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll MOD - [2012/03/28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll MOD - [2010/01/29 23:30:10 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/01/29 23:30:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2010/01/29 23:29:59 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010/01/29 23:29:56 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/01/29 23:29:55 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/01/29 23:29:53 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010/01/29 23:20:28 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3630.42316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/01/29 23:20:28 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/01/29 23:20:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3630.42330__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3630.42360__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3630.42380__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3630.42372__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3630.42385__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3630.42324__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3630.42367__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3630.42427__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3630.42325__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,019,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3630.42428__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3630.42336__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3630.42354__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3630.42366__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/01/29 23:20:26 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3630.42365__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/01/29 23:20:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/01/29 23:20:26 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/01/29 23:20:25 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3630.42320__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/01/29 23:20:25 | 000,741,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3630.42427__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,565,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3630.42393__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/01/29 23:20:25 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3630.42329__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/01/29 23:20:25 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3630.42398__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3630.42397__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3630.42314__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3630.42312__90ba9c70f846762e\APM.Server.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3630.42315__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3630.42313__90ba9c70f846762e\AEM.Server.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3630.42409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/01/29 23:20:25 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3630.42398__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/01/29 23:20:25 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3630.42313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009/08/31 23:56:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2006/09/14 09:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\rarext.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi) DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/11 19:25:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/07/04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/07/04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/07/04 14:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/07/04 14:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/10/05 03:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{9606359B-FBEA-4B26-98FB-5C31BB188E00}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:31:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] [2010/07/02 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Extensions [2012/06/12 14:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions [2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com [2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL [2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus [2010/08/23 19:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/11/15 19:09:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/15 15:00:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/22 19:56:44 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/15 14:51:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/15 15:00:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/15 15:00:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/15 15:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/15 15:00:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5FA4A3-4169-43CD-B417-D638ADEBE03F}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB108C4-C3A3-4681-A8BC-B4F03C71BD96}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/13 14:11:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe [2012/06/12 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/06/12 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/06/12 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes [2012/06/12 14:43:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/26 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Avira [2012/05/26 21:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/05/26 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/05/26 21:04:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/05/26 21:04:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/05/26 21:04:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012/05/26 21:04:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/05/21 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012/05/20 13:52:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/05/20 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/05/20 13:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/05/17 20:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012/05/17 20:36:24 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Local\HP [2012/05/17 20:33:26 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\HP [2012/05/17 20:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012/05/17 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012/05/17 20:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012/05/17 20:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012/05/17 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012/05/17 20:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/13 14:17:54 | 000,000,156 | ---- | M] () -- C:\Users\Ari\defogger_reenable [2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe [2012/06/13 14:10:33 | 000,050,477 | ---- | M] () -- C:\Users\Ari\Desktop\Defogger.exe [2012/06/13 14:01:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/13 14:01:19 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys [2012/06/12 14:06:45 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/26 21:06:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/25 13:47:34 | 000,014,033 | ---- | M] () -- C:\Users\Ari\Desktop\LUaVplOssqxGQasfX [2012/05/18 16:17:53 | 000,378,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/05/17 20:33:13 | 000,181,697 | ---- | M] () -- C:\windows\hpoins28.dat [2012/05/17 20:27:08 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2012/05/17 20:26:45 | 000,001,319 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/05/17 20:26:28 | 000,002,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/05/14 16:56:27 | 000,694,430 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2012/05/14 16:56:27 | 000,693,454 | ---- | M] () -- C:\windows\System32\perfh00A.dat [2012/05/14 16:56:27 | 000,689,108 | ---- | M] () -- C:\windows\System32\perfh010.dat [2012/05/14 16:56:27 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/05/14 16:56:27 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/05/14 16:56:27 | 000,137,062 | ---- | M] () -- C:\windows\System32\perfc00A.dat [2012/05/14 16:56:27 | 000,130,140 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2012/05/14 16:56:27 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/05/14 16:56:27 | 000,127,144 | ---- | M] () -- C:\windows\System32\perfc010.dat [2012/05/14 16:56:27 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/13 14:17:53 | 000,000,156 | ---- | C] () -- C:\Users\Ari\defogger_reenable [2012/06/13 14:10:32 | 000,050,477 | ---- | C] () -- C:\Users\Ari\Desktop\Defogger.exe [2012/05/26 21:06:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/17 20:27:54 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/17 20:27:08 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2012/05/17 20:26:45 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/05/17 20:26:28 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/05/17 20:23:52 | 000,181,697 | ---- | C] () -- C:\windows\hpoins28.dat [2012/05/17 20:23:52 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2012/03/11 19:56:26 | 000,025,432 | ---- | C] () -- C:\windows\System32\drivers\aswRdr.sys ========== LOP Check ========== [2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite [2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung [2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF [2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/21 18:37:25 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und hier Gmer.txt: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 16:24:59
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: q0ncg1sr.exe; Driver: C:\Users\Ari\AppData\Local\Temp\fxldrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x94995D8C]
SSDT 94EC864E ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x94995E3C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94995ED4]
SSDT 94EC8658 ZwRequestWaitReplyPort
SSDT 94EC8653 ZwSetContextThread
SSDT 94EC865D ZwSetSecurityObject
SSDT 94EC8662 ZwSystemDebugControl
SSDT 94EC85EF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 8345D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83482092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8348988C 4 Bytes [8C, 5D, 99, 94] {MOV WORD [EBP-0x67], DS; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 83489990 4 Bytes [4E, 86, EC, 94] {DEC ESI; XCHG AH, CH; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 83489A4C 4 Bytes [3C, 5E, 99, 94] {CMP AL, 0x5e; CDQ ; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 54C 83489B9C 4 Bytes [D4, 5E, 99, 94] {AAM 0x5e; CDQ ; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 83489CEC 4 Bytes [58, 86, EC, 94] {POP EAX; XCHG AH, CH; XCHG ESP, EAX}
.text ...
.text C:\windows\system32\DRIVERS\atipmdag.sys section is writeable [0x95440000, 0x2CBE50, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wininit.exe[548] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[548] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[548] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00050A08
.text C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000503FC
.text C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00050804
.text C:\windows\system32\wininit.exe[548] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000501F8
.text C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00050600
.text C:\windows\system32\csrss.exe[560] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\services.exe[600] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[600] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00130A08
.text C:\windows\system32\services.exe[600] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001303FC
.text C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00130804
.text C:\windows\system32\services.exe[600] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001301F8
.text C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00130600
.text C:\windows\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[612] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00420A08
.text C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 004203FC
.text C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00420804
.text C:\windows\system32\svchost.exe[612] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 004201F8
.text C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00420600
.text C:\windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000C0A08
.text C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000C03FC
.text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000C0804
.text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000C01F8
.text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001C0A08
.text C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001C03FC
.text C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001C0804
.text C:\windows\system32\svchost.exe[788] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001C01F8
.text C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001C0600
.text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[900] user32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00330A08
.text C:\windows\system32\svchost.exe[900] user32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003303FC
.text C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00330804
.text C:\windows\system32\svchost.exe[900] user32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003301F8
.text C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00330600
.text C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\windows\system32\atiesrxx.exe[948] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000A03FC
.text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000A01F8
.text C:\windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00510A08
.text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005103FC
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00510804
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005101F8
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00510600
.text C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 003B0A08
.text C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003B03FC
.text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 003B0804
.text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003B01F8
.text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 003B0600
.text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00A30A08
.text C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 00A303FC
.text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00A30804
.text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 00A301F8
.text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00A30600
.text C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\System Control Manager\MSIService.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00550A08
.text C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005503FC
.text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00550804
.text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005501F8
.text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00550600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\windows\system32\atieclxx.exe[1308] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1484] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00090804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00090600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 76CD30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[1596] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000E0600
.text C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00240A08
.text C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002403FC
.text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00240804
.text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002401F8
.text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00240600
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\windows\Explorer.EXE[2036] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[2036] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[2036] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00150A08
.text C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001503FC
.text C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00150804
.text C:\windows\Explorer.EXE[2036] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001501F8
.text C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00150600
.text C:\Program Files\Samsung\Kies\KiesHelper.exe[2080] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] ntdll.dll!DbgUiRemoteBreakin 7755D5CB 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000503FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000501F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000803FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00080804
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000801F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00080600
.text C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC
.text C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8
.text C:\windows\system32\conhost.exe[2472] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00100A08
.text C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001003FC
.text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00100804
.text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001001F8
.text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00100600
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2824] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00190A08
.text C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001903FC
.text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00190804
.text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001901F8
.text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[2936] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[2964] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxsrvc.exe[2972] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3056] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\AUDIODG.EXE[3120] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00300A08
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003003FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00300804
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003001F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00540A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005403FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00540804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005401F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00540600
.text C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\unsecapp.exe[3476] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Windows\WindowsMobile\wmdc.exe[3520] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600
.text C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[3532] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600
.text C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000D03FC
.text C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000D01F8
.text C:\windows\system32\SearchIndexer.exe[3572] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00170A08
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001703FC
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00170804
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001701F8
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00170600
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3700] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000703FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000701F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001003FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00100804
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001001F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00100600
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001103FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00110804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001101F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00110600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000703FC
.text C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000701F8
.text C:\windows\system32\wuauclt.exe[4188] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00110A08
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001103FC
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00110804
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001101F8
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00110600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!SetUnhandledExceptionFilter 76CD30E2 5 Bytes JMP 00468140 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.)
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[4536] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00130A08
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001303FC
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00130804
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001301F8
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00130600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00AB0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 00AB03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00AB0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 00AB01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00AB0600
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00340A08
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003403FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00340804
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003401F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00340600
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:1660] BCE32F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d25b11
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d25b11 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
| Themen zu Windows-Verschlüsselungs-Trojaner auf Win7 |
| administrator, anti-malware, appdata, audiodg.exe, autostart, avira searchfree toolbar, branding, bösartige, ccc.exe, code, dateien, dateisystem, daten, device driver, document, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, locker, malwarebytes, microsoft, minute, mom.exe, ntdll.dll, plug-in, quarantäne, registrierung, roaming, searchscopes, software, speicher, test, trojan.fakealert, trojaner, version, version=1.0, win7, windows |
Baum-Darstellung