| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Generic 14.DNHWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
26.07.2009, 20:20
| #1 |
 |  Generic 14.DNH Hijackthis Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:17:23, on 26.07.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\PC Tools AntiVirus\PCTAV.exe C:\Programme\ThreatFire\TFTray.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe C:\Programme\ThreatFire\TFService.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Opera\opera.exe C:\PROGRA~1\ICQ6.5\ICQ.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [PCTAVApp] "C:\Programme\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Programme\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Programme\ThreatFire\TFService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5559 bytes |
|
26.07.2009, 20:25
| #2 |
| | Generic 14.DNHCode:
ATTFilter Adobe Photoshop CS2
Adobe Reader 9.1 - Deutsch
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
AusLogics BoostSpeed
Avira AntiVir Personal - Free Antivirus
AVIVO Codecs
CCleaner (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
High Definition Audio Driver Package - KB888111
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
HijackThis 2.0.2
ICQ6.5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Macromedia Flash MX 2004
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.1)
MSXML 6.0 Parser (KB933579)
Opera 9.64
PC Tools AntiVirus 6.0
Realtek High Definition Audio Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
TeamViewer 4
ThreatFire
TuneUp Utilities 2006
VLC media player 0.9.9
WinRAR
ZoneAlarm Pro
|
|
26.07.2009, 20:30
| #3 | |
| /// Helfer-Team    | Generic 14.DNH Hi,
__________________solange Du deine Kiste damit neu aufsetzt Zitat:
Karl |
|
26.07.2009, 21:28
| #4 |
| | Generic 14.DNHCode:
ATTFilter GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-26 22:14:53
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xA7B65B70]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6CE514]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xA7B7D760]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xA7B7D980]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xA7B80610]
SSDT BAFF4444 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xA7B66180]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6CED00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6CEFB8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xA7B7D080]
SSDT BAFF4462 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xA7B65FD0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6CD3FA]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xA7B7CE80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xA7B7CC40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6CF422]
SSDT BAFF446C ZwReplaceKey
SSDT BAFF4467 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xA7B68E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xA7B662F0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6CE7D8]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xA7B7DBB0]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys
|
|
26.07.2009, 21:32
| #5 |
| | Generic 14.DNHCode:
ATTFilter Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C20001
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[116] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\ctfmon.exe[116] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01B20001
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ThreatFire\TFService.exe[360] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00CD0001
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\Explorer.EXE[540] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[540] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[540] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[540] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:33
| #6 |
| | Generic 14.DNHCode:
ATTFilter .text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B40001
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jusched.exe[680] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\Programme\Java\jre6\bin\jusched.exe[680] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00FE0001
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ThreatFire\TFTray.exe[704] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 04B80001
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[728] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\RTHDCPL.EXE[728] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:34
| #7 |
| | Generic 14.DNHCode:
ATTFilter .text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C30001
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe[752] SHELL32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtLoadDriver 7C91DB6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtLoadDriver + 4 7C91DB72 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtSuspendProcess 7C91E83A 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ntdll.dll!NtSuspendProcess + 4 7C91E83E 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F730F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F7C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F130F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 04800001
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F1F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F190F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetStartupInfoA 7C801EEE 6 Bytes JMP 5F0A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F1C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F2E0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F2B0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F610F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F220F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateMutexA 7C80EB3F 6 Bytes JMP 5F040F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateRemoteThread 7C810626 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [11, 5F]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateFileW 7C810976 6 Bytes JMP 5F700F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetCommandLineA 7C812C8D 6 Bytes JMP 5F0D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F460F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F640F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F490F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F3D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F760F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegOpenKeyExA 77DA761B 6 Bytes JMP 5F6A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegCreateKeyExA 77DAEAF4 6 Bytes JMP 5F670F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!RegSetValueExA 77DAEBE7 6 Bytes JMP 5F6D0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!OpenSCManagerA 77DBADA7 6 Bytes JMP 5F7F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes JMP 5F160F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes JMP 5F580F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetKeyState 77D1C505 6 Bytes JMP 5F4C0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!ShowWindow 77D1D8A4 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!ShowWindow + 4 77D1D8A8 2 Bytes [86, 5F]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes JMP 5F4F0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes JMP 5F280F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes JMP 5F250F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!SetWinEventHook 77D317C8 6 Bytes JMP 5F5B0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!GetWindowTextA 77D3213C 6 Bytes JMP 5F820F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!DdeConnect 77D57D7B 6 Bytes JMP 5F520F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!EndTask 77D59C5D 6 Bytes JMP 5F400F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!RegisterRawInputDevices 77D6C9C6 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] USER32.dll!RegisterRawInputDevices + 4 77D6C9CA 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteExW 7CA1172B 6 Bytes JMP 5F3A0F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteEx 7CA50AED 6 Bytes JMP 5F370F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteA 7CA50E18 6 Bytes JMP 5F310F5A
.text C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE[768] shell32.dll!ShellExecuteW 7CAC4A18 6 Bytes JMP 5F340F5A
|
|
26.07.2009, 21:46
| #8 | |
| | Generic 14.DNHZitat:
Der hat noch ein paar extraprogramme die mit installiert werden die aber bei der ersten Installation auch keine Probleme verursacht haben. Ich kenne Gimp und auch diverse andere kostenlose Bearbeitungssoftware nur brauche ich die nicht, ich will nur surfen und zocken mehr nicht |
|
26.07.2009, 22:06
| #9 |
| | Generic 14.DNHCode:
ATTFilter ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/26 23:03
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA8C8000 Size: 53248 File Visible: - Signed: Yes
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA778000 Size: 188800 File Visible: - Signed: Yes
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2146304 File Visible: - Signed: Yes
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA7B2B000 Size: 138496 File Visible: - Signed: Yes
Status: -
Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xBA9D8000 Size: 57344 File Visible: - Signed: Yes
Status: -
Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xBAAF8000 Size: 60800 File Visible: - Signed: Yes
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA70A000 Size: 95360 File Visible: - Signed: Yes
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA17000 Size: 290816 File Visible: - Signed: Yes
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D4000 Size: 274432 File Visible: - Signed: Yes
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB83B9000 Size: 1802240 File Visible: - Signed: Yes
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFAA4000 Size: 2404352 File Visible: - Signed: Yes
Status: -
Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA5E000 Size: 286720 File Visible: - Signed: Yes
Status: -
Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFCEF000 Size: 2510848 File Visible: - Signed: Yes
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: Yes
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAEBB000 Size: 3072 File Visible: - Signed: Yes
Status: -
Name: AVFilter.sys
Image Path: C:\WINDOWS\system32\drivers\AVFilter.sys
Address: 0xA4C0F000 Size: 94208 File Visible: - Signed: Yes
Status: -
Name: avgio.sys
Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xBADD6000 Size: 6144 File Visible: - Signed: Yes
Status: -
Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xA5641000 Size: 81920 File Visible: - Signed: Yes
Status: -
Name: AVHook.sys
Image Path: C:\WINDOWS\system32\drivers\AVHook.sys
Address: 0xA4E30000 Size: 40960 File Visible: - Signed: Yes
Status: -
Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA7A75000 Size: 114688 File Visible: - Signed: Yes
Status: -
Name: AVRec.sys
Image Path: C:\WINDOWS\system32\drivers\AVRec.sys
Address: 0xBAC78000 Size: 32768 File Visible: - Signed: Yes
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADC8000 Size: 4224 File Visible: - Signed: Yes
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: Yes
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA988000 Size: 63744 File Visible: - Signed: Yes
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA9F8000 Size: 49536 File Visible: - Signed: Yes
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA908000 Size: 53248 File Visible: - Signed: Yes
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xBA8F8000 Size: 36352 File Visible: - Signed: Yes
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xBA722000 Size: 154112 File Visible: - Signed: Yes
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xBADAC000 Size: 5888 File Visible: - Signed: Yes
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAAD8000 Size: 61440 File Visible: - Signed: Yes
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7995000 Size: 98304 File Visible: No Signed: No
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE12000 Size: 8192 File Visible: No Signed: No
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA7C9A000 Size: 12288 File Visible: - Signed: Yes
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C2000 Size: 73728 File Visible: - Signed: Yes
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAF47000 Size: 4096 File Visible: - Signed: Yes
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA948000 Size: 35072 File Visible: - Signed: Yes
Status: -
Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xBA6EB000 Size: 124800 File Visible: - Signed: Yes
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADC6000 Size: 7936 File Visible: - Signed: Yes
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA748000 Size: 126336 File Visible: - Signed: Yes
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E3000 Size: 134400 File Visible: - Signed: Yes
Status: -
Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8325000 Size: 151552 File Visible: - Signed: Yes
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA958000 Size: 36864 File Visible: - Signed: Yes
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBAC00000 Size: 28672 File Visible: - Signed: Yes
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA813F000 Size: 9600 File Visible: - Signed: Yes
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA48AE000 Size: 262400 File Visible: - Signed: Yes
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA9E8000 Size: 41856 File Visible: - Signed: Yes
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA7C4F000 Size: 74752 File Visible: - Signed: Yes
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 36224 File Visible: - Signed: Yes
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBABB8000 Size: 25216 File Visible: - Signed: Yes
Status: -
Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xA8137000 Size: 14848 File Visible: - Signed: Yes
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: Yes
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA45B4000 Size: 171776 File Visible: - Signed: Yes
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB834A000 Size: 143360 File Visible: - Signed: Yes
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA68E000 Size: 92032 File Visible: - Signed: Yes
Status: -
Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xBAFB6000 Size: 2560 File Visible: No Signed: No
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADCC000 Size: 4224 File Visible: - Signed: Yes
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBABC0000 Size: 23552 File Visible: - Signed: Yes
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA813B000 Size: 12288 File Visible: - Signed: Yes
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8D8000 Size: 42240 File Visible: - Signed: Yes
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA50D8000 Size: 181248 File Visible: - Signed: Yes
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA7A91000 Size: 451584 File Visible: - Signed: Yes
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBAC10000 Size: 19072 File Visible: - Signed: Yes
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBAA68000 Size: 35072 File Visible: - Signed: Yes
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAD8C000 Size: 15488 File Visible: - Signed: Yes
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA5B9000 Size: 107904 File Visible: - Signed: Yes
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA5D4000 Size: 182912 File Visible: - Signed: Yes
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAD6C000 Size: 9600 File Visible: - Signed: Yes
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA5661000 Size: 12928 File Visible: - Signed: Yes
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB82D4000 Size: 91776 File Visible: - Signed: Yes
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAA98000 Size: 38016 File Visible: - Signed: Yes
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAB08000 Size: 34560 File Visible: - Signed: Yes
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA7BA7000 Size: 162816 File Visible: - Signed: Yes
Status: -
Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBAA28000 Size: 61824 File Visible: - Signed: Yes
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBAC18000 Size: 30848 File Visible: - Signed: Yes
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA601000 Size: 574592 File Visible: - Signed: Yes
Status: -
Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2146304 File Visible: - Signed: Yes
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAED4000 Size: 2944 File Visible: - Signed: Yes
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8B8000 Size: 61056 File Visible: - Signed: Yes
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB8300000 Size: 80384 File Visible: - Signed: Yes
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 18688 File Visible: - Signed: Yes
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xBADD8000 Size: 7040 File Visible: - Signed: Yes
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xBA767000 Size: 68224 File Visible: - Signed: Yes
Status: -
Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: Yes
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: Yes
Status: -
Name: PCTCore.sys
Image Path: PCTCore.sys
Address: 0xBA6B6000 Size: 143360 File Visible: - Signed: Yes
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2146304 File Visible: - Signed: Yes
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA7CAA000 Size: 139264 File Visible: - Signed: Yes
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB82C3000 Size: 69120 File Visible: - Signed: Yes
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBABD0000 Size: 17792 File Visible: - Signed: Yes
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBAB38000 Size: 20000 File Visible: - Signed: No
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB828A000 Size: 8832 File Visible: - Signed: Yes
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBAA38000 Size: 51328 File Visible: - Signed: Yes
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBAA48000 Size: 41472 File Visible: - Signed: Yes
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBAA58000 Size: 48384 File Visible: - Signed: Yes
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBABD8000 Size: 16512 File Visible: - Signed: Yes
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2146304 File Visible: - Signed: Yes
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA7B00000 Size: 174592 File Visible: - Signed: Yes
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADCE000 Size: 4224 File Visible: - Signed: Yes
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB8292000 Size: 196864 File Visible: - Signed: Yes
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBAA08000 Size: 57600 File Visible: - Signed: Yes
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA46BE000 Size: 49152 File Visible: No Signed: No
Status: -
Name: Rtenicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Address: 0xB8390000 Size: 82432 File Visible: - Signed: Yes
Status: -
Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA7CCC000 Size: 4534272 File Visible: - Signed: Yes
Status: -
Name: Rtnicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Address: 0xB82EB000 Size: 83968 File Visible: - Signed: Yes
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBAD68000 Size: 15488 File Visible: - Signed: Yes
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB8314000 Size: 65920 File Visible: - Signed: Yes
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xBA6D9000 Size: 73472 File Visible: - Signed: Yes
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA4D66000 Size: 332544 File Visible: - Signed: Yes
Status: -
Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xBAC20000 Size: 23040 File Visible: - Signed: Yes
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADBC000 Size: 4352 File Visible: - Signed: Yes
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA55B1000 Size: 60800 File Visible: - Signed: Yes
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA7BF7000 Size: 359808 File Visible: - Signed: Yes
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBABC8000 Size: 20480 File Visible: - Signed: Yes
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBAA78000 Size: 40704 File Visible: - Signed: Yes
Status: -
Name: TfFsMon.sys
Image Path: TfFsMon.sys
Address: 0xBA6A5000 Size: 69632 File Visible: - Signed: Yes
Status: -
Name: TfKbMon.sys
Image Path: C:\WINDOWS\System32\Drivers\TfKbMon.sys
Address: 0xBAC38000 Size: 32768 File Visible: - Signed: Yes
Status: -
Name: TfNetMon.sys
Image Path: C:\WINDOWS\system32\drivers\TfNetMon.sys
Address: 0xA49F7000 Size: 45056 File Visible: - Signed: Yes
Status: -
Name: TfSysMon.sys
Image Path: TfSysMon.sys
Address: 0xBA918000 Size: 53248 File Visible: - Signed: Yes
Status: -
Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8196000 Size: 209280 File Visible: - Signed: Yes
Status: -
Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBAC30000 Size: 31616 File Visible: - Signed: Yes
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADC2000 Size: 8192 File Visible: - Signed: Yes
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBABA8000 Size: 26624 File Visible: - Signed: Yes
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAAC8000 Size: 57600 File Visible: - Signed: Yes
Status: -
Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBABA0000 Size: 17024 File Visible: - Signed: Yes
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB836D000 Size: 143360 File Visible: - Signed: Yes
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBAC08000 Size: 20992 File Visible: - Signed: Yes
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB83A5000 Size: 81920 File Visible: - Signed: Yes
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8E8000 Size: 53760 File Visible: - Signed: Yes
Status: -
Name: vsdatant.sys
Image Path: C:\WINDOWS\System32\vsdatant.sys
Address: 0xA7B4D000 Size: 366912 File Visible: - Signed: Yes
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAAE8000 Size: 34560 File Visible: - Signed: Yes
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBAC50000 Size: 20480 File Visible: - Signed: Yes
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA530C000 Size: 82944 File Visible: - Signed: Yes
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1843200 File Visible: - Signed: Yes
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1843200 File Visible: - Signed: Yes
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: Yes
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2146304 File Visible: - Signed: Yes
Status: -
Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xB826E000 Size: 12032 File Visible: - Signed: Yes
Status: -
|
|
28.07.2009, 14:03
| #10 |
| /// Helfer-Team | Generic 14.DNH danke KarlKarl..hab glatt übersehen  Hallo Scars! Nur halt da gibt es ein "Problem", Cracks & Serials, Keygen sind immer verseucht mit Trojaner und diverse Schädlinge, es gibt keine Seite mit Serials oder Cracks wo Viren frei ist! Ausserdem wir leisten generell keine Beihilfe, zur unerlaubten Installation (wie Cracks, Spiele, Programme, Serials etc.) durch Nutzung von Internet-Tauschbörsen...& *WarezFreeFullDownloads* dann ist ja eine saubere Lösung des Problems ist: Windows erneut `ohne`...komplett neu zu installieren und hoffentlich hast du was draus gelernt und in Zukunft lässt Du die Finger davon  |
|
| Themen zu Generic 14.DNH |
| angemeldet, anti-malware, combofix, dateien, desktop, erstellt, explorer, generic, icons, internet, internet explorer, log, malwarebytes, neu, neu aufgesetzt, programme, protection system, rechner, registrierungsschlüssel, rogue.protectionsystem, security, service, software, stopzilla, system, taskmanager, version, virus |
Hybrid-Darstellung
