| |
| |||||||
Log-Analyse und Auswertung: Sicherheitswarnung der Telekom wegen HackingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
30.01.2013, 15:04
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Sicherheitswarnung der Telekom wegen Hacking Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2013, 17:05
| #2 |
 | Sicherheitswarnung der Telekom wegen Hacking gmer hat prima funktioniert - hier das Ergebnis:
__________________Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-30 17:02:31
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD400VE-75HDT1 rev.11.07D11 37,26GB
Running: gmer_2.0.18454.exe; Driver: C:\DOKUME~1\STEFFI~1\LOKALE~1\Temp\pxtdapob.sys
---- System - GMER 2.0 ----
SSDT F8B31154 ZwClose
SSDT F8B3110E ZwCreateKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF82AC282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF82AC474]
SSDT F8B3115E ZwCreateSection
SSDT F8B31104 ZwCreateThread
SSDT F8B31113 ZwDeleteKey
SSDT F8B3111D ZwDeleteValueKey
SSDT F8B3114F ZwDuplicateObject
SSDT F8B31122 ZwLoadKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF82BC3FA]
SSDT F8B310F0 ZwOpenProcess
SSDT F8B310F5 ZwOpenThread
SSDT F8B31177 ZwQueryValueKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF82BE422]
SSDT F8B3112C ZwReplaceKey
SSDT F8B31168 ZwRequestWaitReplyPort
SSDT F8B31127 ZwRestoreKey
SSDT F8B31163 ZwSetContextThread
SSDT F8B3116D ZwSetSecurityObject
SSDT F8B31118 ZwSetValueKey
SSDT F8B31172 ZwSystemDebugControl
SSDT F8B310FF ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xAA3FC384]
---- Kernel code sections - GMER 2.0 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 2.0 ----
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe[188] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 044E0001
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 0044AB89 C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Spyware Doctor\pctsTray.exe[208] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F040F5A
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[276] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\StarMoney Business 5.0\ouservice\StarMoneyOnlineUpdate.exe[420] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[508] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wdfmgr.exe[508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00670001
.text C:\WINDOWS\system32\wdfmgr.exe[508] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wdfmgr.exe[508] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
.text C:\WINDOWS\system32\winlogon.exe[628] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\winlogon.exe[628] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text C:\WINDOWS\system32\services.exe[672] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\services.exe[672] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[696] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[872] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01EA0001
.text C:\WINDOWS\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Spyware Doctor\pctsAuxs.exe[1096] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A60001
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wltrysvc.exe[1472] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\wltrysvc.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\WINDOWS\System32\wltrysvc.exe[1472] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\wltrysvc.exe[1472] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\bcmwltry.exe[1552] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\bcmwltry.exe[1552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01690001
.text C:\WINDOWS\System32\bcmwltry.exe[1552] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\System32\bcmwltry.exe[1552] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Ad-Aware\aawservice.exe[1560] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Ad-Aware\aawservice.exe[1560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04A20001
.text C:\Programme\Ad-Aware\aawservice.exe[1560] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Ad-Aware\aawservice.exe[1560] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1572] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 018E0001
.text C:\WINDOWS\Explorer.EXE[1572] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\Explorer.EXE[1572] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Spyware Doctor\pctsSvc.exe[1872] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 0044AD11 C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2164] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00980001
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2488] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[2628] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[2628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\WINDOWS\system32\wscntfy.exe[2628] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wscntfy.exe[2628] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\wscntfy.exe[2628] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\gmer_2.0.18454.exe[2796] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[3112] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3204] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3212] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\hkcmd.exe[3212] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\WINDOWS\system32\hkcmd.exe[3212] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\hkcmd.exe[3212] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\hkcmd.exe[3212] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3252] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxpers.exe[3252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\WINDOWS\system32\igfxpers.exe[3252] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxpers.exe[3252] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\igfxpers.exe[3252] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe[3272] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3308] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\stsystra.exe[3308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\stsystra.exe[3308] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\stsystra.exe[3308] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\stsystra.exe[3308] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[3316] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\WLTRAY.exe[3316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\WINDOWS\system32\WLTRAY.exe[3316] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\WLTRAY.exe[3316] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\WLTRAY.exe[3316] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Dell\QuickSet\quickset.exe[3368] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe[3388] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Dell\Media Experience\DMXLauncher.exe[3412] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3432] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe[3504] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3684] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[3684] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00880001
.text C:\WINDOWS\system32\svchost.exe[3684] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[3684] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\svchost.exe[3684] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DF0001
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3724] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3792] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[3792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001
.text C:\WINDOWS\system32\ctfmon.exe[3792] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[3792] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\WINDOWS\system32\ctfmon.exe[3792] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\NetWaiting\netwaiting.exe[3832] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\NetWaiting\netwaiting.exe[3832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\Programme\NetWaiting\netwaiting.exe[3832] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\NetWaiting\netwaiting.exe[3832] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\NetWaiting\netwaiting.exe[3832] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtCreateSection 7C91D17E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtCreateSection + 4 7C91D182 2 Bytes [05, 5F]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] ntdll.dll!NtWriteVirtualMemory + 4 7C91DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F140F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3924] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F100F5A
---- Files - GMER 2.0 ----
File C:\WINDOWS\A0106606.dll 77569 bytes executable
File C:\WINDOWS\A0106607.dll 2064384 bytes executable
File C:\WINDOWS\A0106608.ini 294 bytes
File C:\WINDOWS\A0106609.dll 81920 bytes executable
File C:\WINDOWS\A0106610.ini 284 bytes
File C:\WINDOWS\A0106611.dll 471040 bytes executable
File C:\WINDOWS\A0106612.ini 282 bytes
File C:\WINDOWS\A0106613.dll 1269760 bytes executable
File C:\WINDOWS\A0106614.ini 274 bytes
File C:\WINDOWS\A0106615.dll 1232896 bytes executable
File C:\WINDOWS\A0106616.ini 266 bytes
File C:\WINDOWS\A0106617.rbf 24576 bytes executable
File C:\WINDOWS\A0106618.rbf 258048 bytes executable
File C:\WINDOWS\A0106619.rbf 32768 bytes executable
File C:\WINDOWS\A0106620.rbf 81920 bytes executable
File C:\WINDOWS\A0106621.rbf 86016 bytes executable
File C:\WINDOWS\A0106622.rbf 315392 bytes executable
File C:\WINDOWS\A0106624.rbf 2142208 bytes executable
File C:\WINDOWS\A0106625.rbf 77824 bytes executable
File C:\WINDOWS\A0106626.rbf 2527232 bytes executable
File C:\WINDOWS\A0106627.rbf 1232896 bytes executable
File C:\WINDOWS\A0106628.rbf 471040 bytes executable
File C:\WINDOWS\A0106629.rbf 81920 bytes executable
File C:\WINDOWS\A0106630.rbf 2064384 bytes executable
File C:\WINDOWS\A0106631.rbf 2514944 bytes executable
File C:\WINDOWS\A0106632.rbf 1269760 bytes executable
File C:\WINDOWS\A0106633.dll 3391488 bytes executable
File C:\WINDOWS\A0106634.ini 91 bytes
File C:\WINDOWS\A0106635.dll 1966080 bytes executable
File C:\WINDOWS\A0106636.ini 90 bytes
File C:\WINDOWS\A0106637.dll 61440 bytes executable
File C:\WINDOWS\A0106638.ini 90 bytes
File C:\WINDOWS\A0106639.dll 90112 bytes executable
File C:\WINDOWS\A0106640.ini 90 bytes
File C:\WINDOWS\A0106642.ini 90 bytes
File C:\WINDOWS\A0106643.dll 2088960 bytes executable
File C:\WINDOWS\A0106644.ini 90 bytes
File C:\WINDOWS\A0106645.dll 1466368 bytes executable
File C:\WINDOWS\A0106646.ini 90 bytes
File C:\WINDOWS\A0106647.dll 843776 bytes executable
File C:\WINDOWS\A0106648.ini 90 bytes
File C:\WINDOWS\A0106649.dll 926 bytes
File C:\WINDOWS\A0106650.dll 18808 bytes executable
File C:\WINDOWS\A0106651.dll 8396 bytes
File C:\WINDOWS\A0106652.dll 1372672 bytes executable
File C:\WINDOWS\A0106653.dll 1372672 bytes executable
File C:\WINDOWS\A0106654.dll 926 bytes
File C:\WINDOWS\A0106655.dll 18808 bytes executable
File C:\WINDOWS\A0106656.dll 8398 bytes
File C:\WINDOWS\A0106657.dll 3618816 bytes executable
File C:\WINDOWS\A0106658.ini 190 bytes
File C:\WINDOWS\A0106660.ini 62 bytes
File C:\WINDOWS\A0106661.ini 62 bytes
File C:\WINDOWS\A0106662.ini 62 bytes
File C:\WINDOWS\A0106663.cfg 28952 bytes
File C:\WINDOWS\A0106664.ini 4334 bytes
File C:\WINDOWS\A0106665.ini 583 bytes
File C:\WINDOWS\A0106666.inf 0 bytes
File C:\WINDOWS\A0106667.PNF 0 bytes
File C:\WINDOWS\A0106668.INI 303 bytes
File C:\WINDOWS\A0106669.ini 139 bytes
File C:\WINDOWS\A0106670.ini 944 bytes
File C:\WINDOWS\A0106671.ini 0 bytes
File C:\WINDOWS\A0106672.ini 0 bytes
File C:\WINDOWS\A0106673.ini 1020 bytes
File C:\WINDOWS\A0106674.dll 434548 bytes executable
File C:\WINDOWS\A0106675.dll 5665144 bytes executable
File C:\WINDOWS\A0106676.dll 467323 bytes executable
File C:\WINDOWS\A0106678.dll 152576 bytes executable
File C:\WINDOWS\A0106679.dll 53619 bytes executable
File C:\WINDOWS\A0106680.dll 201079 bytes executable
File C:\WINDOWS\A0106681.dll 393587 bytes executable
File C:\WINDOWS\A0106682.dll 434548 bytes executable
File C:\WINDOWS\A0106683.dll 258423 bytes executable
File C:\WINDOWS\A0106684.dll 5665144 bytes executable
File C:\WINDOWS\A0106685.dll 201084 bytes executable
File C:\WINDOWS\A0106686.dll 819574 bytes executable
File C:\WINDOWS\A0106687.dll 643444 bytes executable
File C:\WINDOWS\A0106688.dll 131445 bytes executable
File C:\WINDOWS\A0106689.dll 467323 bytes executable
File C:\WINDOWS\A0106690.dll 102772 bytes executable
File C:\WINDOWS\A0106691.dll 606578 bytes executable
File C:\WINDOWS\A0106692.dll 188789 bytes executable
File C:\WINDOWS\A0106693.dll 77569 bytes executable
File C:\WINDOWS\A0106694.dll 300032 bytes
File C:\WINDOWS\A0106605.dll 188789 bytes executable
File C:\WINDOWS\A0106623.rbf 102400 bytes executable
File C:\WINDOWS\A0106641.dll 3035136 bytes executable
File C:\WINDOWS\A0106659.dll 3618816 bytes executable
File C:\WINDOWS\A0106677.dll 188789 bytes executable
File C:\WINDOWS\A0106695.dll 2125824 bytes executable
File C:\WINDOWS\A0106713.dll 87040 bytes
File C:\WINDOWS\A0106731.INF 256 bytes
File C:\WINDOWS\A0106749.exe 1998336 bytes executable
File C:\WINDOWS\A0106767.dll 2125824 bytes executable
File C:\WINDOWS\A0106785.dll 392192 bytes
File C:\WINDOWS\A0107665.ini 583 bytes
File C:\WINDOWS\A0108671.ini 0 bytes
File C:\WINDOWS\change.log.2 1048212 bytes
File C:\WINDOWS\A0106696.dll 610304 bytes executable
File C:\WINDOWS\A0106697.dll 177664 bytes executable
File C:\WINDOWS\A0106698.dll 28160 bytes
File C:\WINDOWS\A0106699.dll 413696 bytes executable
File C:\WINDOWS\A0106700.DLL 488960 bytes
File C:\WINDOWS\A0106701.dll 151552 bytes executable
File C:\WINDOWS\A0106702.dll 1005056 bytes
File C:\WINDOWS\A0106703.DLL 524288 bytes
File C:\WINDOWS\A0106704.dll 291840 bytes
File C:\WINDOWS\A0106705.dll 65536 bytes executable
File C:\WINDOWS\A0106706.dll 355840 bytes executable
File C:\WINDOWS\A0106707.DLL 453632 bytes
File C:\WINDOWS\A0106708.INF 256 bytes
File C:\WINDOWS\A0106709.INF 256 bytes
File C:\WINDOWS\A0106710.INF 256 bytes
File C:\WINDOWS\A0106711.EXE 394384 bytes
File C:\WINDOWS\A0106712.dll 349184 bytes
File C:\WINDOWS\A0106714.DLL 146496 bytes
File C:\WINDOWS\A0106715.DLL 10800 bytes
File C:\WINDOWS\A0106716.dll 172032 bytes executable
File C:\WINDOWS\A0106717.dll 62976 bytes executable
File C:\WINDOWS\A0106718.dll 1047040 bytes executable
File C:\WINDOWS\A0106719.DLL 516096 bytes
File C:\WINDOWS\A0106720.dll 4342088 bytes executable
File C:\WINDOWS\A0106721.dll 64336 bytes executable
File C:\WINDOWS\A0106722.dll 421200 bytes executable
File C:\WINDOWS\A0106723.dll 770384 bytes executable
File C:\WINDOWS\A0106724.dll 570880 bytes
File C:\WINDOWS\A0106725.dll 370176 bytes executable
File C:\WINDOWS\A0106726.dll 897024 bytes executable
File C:\WINDOWS\A0106727.INF 256 bytes
File C:\WINDOWS\A0106728.INF 256 bytes
File C:\WINDOWS\A0106729.INF 256 bytes
File C:\WINDOWS\A0106730.INF 256 bytes
File C:\WINDOWS\A0106732.INF 256 bytes
File C:\WINDOWS\A0106733.INF 256 bytes
File C:\WINDOWS\A0106734.INF 256 bytes
File C:\WINDOWS\A0106735.dll 224256 bytes
File C:\WINDOWS\A0106736.dll 40960 bytes executable
File C:\WINDOWS\A0106737.dll 53300 bytes executable
File C:\WINDOWS\A0106738.dll 61440 bytes executable
File C:\WINDOWS\A0106739.dll 11141120 bytes executable
File C:\WINDOWS\A0106740.dll 6627328 bytes executable
File C:\WINDOWS\A0106741.dll 488448 bytes executable
File C:\WINDOWS\A0106742.exe 91136 bytes executable
File C:\WINDOWS\A0106743.dll 666624 bytes executable
File C:\WINDOWS\A0106744.exe 742400 bytes
File C:\WINDOWS\A0106745.dll 416256 bytes
File C:\WINDOWS\A0106746.dll 392192 bytes
File C:\WINDOWS\A0106747.dll 4967424 bytes executable
File C:\WINDOWS\A0106748.dll 249856 bytes executable
File C:\WINDOWS\A0106750.dll 1199616 bytes executable
File C:\WINDOWS\A0106751.dll 1354240 bytes
File C:\WINDOWS\A0106752.dll 38400 bytes executable
File C:\WINDOWS\A0106753.dll 133120 bytes
File C:\WINDOWS\A0106754.exe 244736 bytes executable
File C:\WINDOWS\A0106755.dll 105472 bytes
File C:\WINDOWS\A0106756.dll 65536 bytes executable
File C:\WINDOWS\A0106757.exe 1136640 bytes
File C:\WINDOWS\A0106758.dll 17408 bytes executable
File C:\WINDOWS\A0106759.dll 941568 bytes executable
File C:\WINDOWS\A0106760.dll 49152 bytes executable
File C:\WINDOWS\A0106761.INF 256 bytes
File C:\WINDOWS\A0106762.INF 256 bytes
File C:\WINDOWS\A0106763.INF 256 bytes
File C:\WINDOWS\A0106764.INF 256 bytes
File C:\WINDOWS\A0106765.dll 57344 bytes executable
File C:\WINDOWS\A0106766.dll 300032 bytes
File C:\WINDOWS\A0106768.dll 610304 bytes executable
File C:\WINDOWS\A0106769.dll 177664 bytes executable
File C:\WINDOWS\A0106770.dll 28160 bytes
File C:\WINDOWS\A0106771.dll 1005056 bytes
File C:\WINDOWS\A0106772.dll 291840 bytes
File C:\WINDOWS\A0106773.dll 355840 bytes executable
File C:\WINDOWS\A0106774.dll 62976 bytes executable
File C:\WINDOWS\A0106775.dll 1047040 bytes executable
File C:\WINDOWS\A0106776.dll 516096 bytes
File C:\WINDOWS\A0106777.dll 570880 bytes
File C:\WINDOWS\A0106778.dll 370176 bytes executable
File C:\WINDOWS\A0106779.dll 224256 bytes
File C:\WINDOWS\A0106780.dll 53300 bytes executable
File C:\WINDOWS\A0106781.dll 6627328 bytes executable
File C:\WINDOWS\A0106782.dll 487424 bytes executable
File C:\WINDOWS\A0106783.dll 666624 bytes executable
File C:\WINDOWS\A0106784.dll 416256 bytes
File C:\WINDOWS\A0106786.dll 4967424 bytes executable
File C:\WINDOWS\A0106787.exe 1998336 bytes executable
File C:\WINDOWS\A0106788.dll 1199616 bytes executable
File C:\WINDOWS\A0106789.dll 1354240 bytes
File C:\WINDOWS\A0106790.dll 38400 bytes executable
File C:\WINDOWS\A0106791.dll 133120 bytes
File C:\WINDOWS\A0106792.dll 105472 bytes
File C:\WINDOWS\A0106793.dll 65536 bytes executable
File C:\WINDOWS\A0106794.exe 1136640 bytes
File C:\WINDOWS\A0106795.dll 17408 bytes executable
File C:\WINDOWS\A0106796.dll 941568 bytes executable
File C:\WINDOWS\A0107659.ini 62 bytes
File C:\WINDOWS\A0107660.ini 62 bytes
File C:\WINDOWS\A0107661.ini 62 bytes
File C:\WINDOWS\A0107662.sys 142152 bytes executable
File C:\WINDOWS\A0107663.cfg 28952 bytes
File C:\WINDOWS\A0107664.ini 4334 bytes
File C:\WINDOWS\A0107666.sys 35144 bytes executable
File C:\WINDOWS\A0107667.INI 303 bytes
File C:\WINDOWS\A0107668.ini 139 bytes
File C:\WINDOWS\A0107669.ini 944 bytes
File C:\WINDOWS\A0107670.ref 6935827 bytes
File C:\WINDOWS\A0108659.ini 62 bytes
File C:\WINDOWS\A0108660.ini 62 bytes
File C:\WINDOWS\A0108661.ini 62 bytes
File C:\WINDOWS\A0108662.sys 142152 bytes executable
File C:\WINDOWS\A0108663.cfg 28952 bytes
File C:\WINDOWS\A0108664.ini 4334 bytes
File C:\WINDOWS\A0108665.ini 583 bytes
File C:\WINDOWS\A0108666.sys 35144 bytes executable
File C:\WINDOWS\A0108667.INI 303 bytes
File C:\WINDOWS\A0108668.ini 139 bytes
File C:\WINDOWS\A0108669.ini 944 bytes
File C:\WINDOWS\A0108670.ini 0 bytes
File C:\WINDOWS\A0108672.lnk 504 bytes
File C:\WINDOWS\A0108673.ini 190 bytes
File C:\WINDOWS\A0108674.ini 62 bytes
File C:\WINDOWS\A0108675.ini 62 bytes
File C:\WINDOWS\A0108676.ini 62 bytes
File C:\WINDOWS\A0108677.cfg 28952 bytes
File C:\WINDOWS\A0108678.ini 4334 bytes
File C:\WINDOWS\A0108679.ini 190 bytes
File C:\WINDOWS\A0108680.ini 583 bytes
File C:\WINDOWS\A0108681.ini 62 bytes
File C:\WINDOWS\A0108682.ini 62 bytes
File C:\WINDOWS\A0108683.ini 62 bytes
File C:\WINDOWS\A0108684.cfg 28952 bytes
File C:\WINDOWS\A0108685.ini 583 bytes
File C:\WINDOWS\A0109681.ini 62 bytes
File C:\WINDOWS\A0109682.ini 62 bytes
File C:\WINDOWS\A0109683.ini 62 bytes
File C:\WINDOWS\A0109684.cfg 28952 bytes
File C:\WINDOWS\A0109685.ini 4334 bytes
File C:\WINDOWS\A0109686.ini 583 bytes
File C:\WINDOWS\A0109687.INI 303 bytes
File C:\WINDOWS\A0109688.ini 139 bytes
File C:\WINDOWS\A0109689.ini 944 bytes
File C:\WINDOWS\change.log 25842 bytes
File C:\WINDOWS\change.log.1 1048412 bytes
File C:\WINDOWS\change.log.3 763020 bytes
File C:\WINDOWS\change.log.4 168548 bytes
File C:\WINDOWS\change.log.5 90206 bytes
File C:\WINDOWS\change.log.6 22238 bytes
File C:\WINDOWS\change.log.7 7872 bytes
File C:\WINDOWS\change.log.8 5420 bytes
File C:\WINDOWS\RestorePointSize 8 bytes
File C:\WINDOWS\rp.log 536 bytes
File C:\WINDOWS\snapshot 0 bytes
---- EOF - GMER 2.0 ----
Das Ergebnis der awMBR.exe: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-30 17:06:36
-----------------------------
17:06:36.796 OS Version: Windows 5.1.2600 Service Pack 3
17:06:36.796 Number of processors: 1 586 0xD08
17:06:36.796 ComputerName: PQ1 UserName:
17:06:38.281 Initialize success
17:11:44.937 AVAST engine defs: 13013000
17:12:34.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:12:34.609 Disk 0 Vendor: WDC_WD400VE-75HDT1 11.07D11 Size: 38154MB BusType: 3
17:12:34.750 Disk 0 MBR read successfully
17:12:34.750 Disk 0 MBR scan
17:12:52.640 Disk 0 unknown MBR code
17:12:52.687 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
17:12:58.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34993 MB offset 160650
17:12:59.734 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 71826615
17:13:00.296 Disk 0 scanning sectors +78124095
17:13:01.078 Disk 0 scanning C:\WINDOWS\system32\drivers
17:14:35.468 Service scanning
17:15:15.359 Modules scanning
17:16:08.171 Disk 0 trace - called modules:
17:16:08.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:16:08.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b805e0]
17:16:08.843 3 CLASSPNP.SYS[f84b2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82b80b58]
17:16:10.562 AVAST engine scan C:\WINDOWS
17:17:39.546 AVAST engine scan C:\WINDOWS\system32
17:27:45.937 AVAST engine scan C:\WINDOWS\system32\drivers
17:29:12.609 AVAST engine scan C:\Dokumente und Einstellungen\Steffi Dahnke
17:35:17.765 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:39:07.703 Scan finished successfully
18:14:13.078 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\MBR.dat"
18:14:13.234 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Steffi Dahnke\Desktop\aswMBR.txt"
|
|
| Themen zu Sicherheitswarnung der Telekom wegen Hacking |
| adobe, antivirus, autorun, avast, behandlung, bho, bingbar, converter, defender, email, explorer, feedback, firefox, flash player, google, home, ideapad, install.exe, logfile, lotus, monitor, mp3, object, pdf, plug-in, realtek, recycle.bin, registry, scan, security, senden, sinkhole, software, taskhost.exe, windows |
Hybrid-Darstellung
