| Giulietta | 14.04.2012 10:46 |
So, geschafft:
GMER
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-14 09:35:41
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: x2qt5p9s.exe; Driver: C:\Users\Mini-ZZ\AppData\Local\Temp\pxliyfoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8B957DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8C443A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8B95885E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8B95D2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8B95D330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8B95D422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8B95D252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8B95D374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8B95D29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8B95D3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8B957E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8C443B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8B957AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8B957E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8B95AD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8B958B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8B95D30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8B95D352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8B95D446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8B95D278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8B95D3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8B95D2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8B95D400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8C443CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8B9589CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8B957EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8B957F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8B957B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8B957CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8B957C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8B957D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8C443D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8B957F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8C443BE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C459D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 81C913D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CCAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 81CD1DC0 4 Bytes [F8, 7D, 95, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 81CD1DE8 4 Bytes [5A, 3A, 44, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 81CD1E48 4 Bytes [5E, 88, 95, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 81CD1E9C 8 Bytes [E4, D2, 95, 8B, 30, D3, 95, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 81CD1EA8 4 Bytes JMP 95D42281
.text ...
.text kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text C:\ProgramData\DatacardService\DCService.exe[268] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\ProgramData\DatacardService\DCService.exe[268] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\ProgramData\DatacardService\DCService.exe[268] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[496] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll 7777223E 3 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll + 4 77772242 1 Byte [88]
.text C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[512] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00200A08
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002003FC
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00200804
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002001F8
.text C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[600] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll 7777223E 3 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll + 4 77772242 1 Byte [88]
.text C:\Windows\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00050600
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000803FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00080804
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000801F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[744] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00470A08
.text C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 004703FC
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00470804
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 004701F8
.text C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00470600
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00540A08
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 005403FC
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00540804
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 005401F8
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00540600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000F03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000F0804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00200A08
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002003FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00200804
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002001F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\AUDIODG.EXE[1156] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[1248] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1300] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1444] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 003E0A08
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 003E03FC
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 003E0804
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 003E01F8
.text C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 003E0600
.text C:\Windows\Explorer.EXE[1532] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1532] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1532] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1532] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00120A08
.text C:\Windows\Explorer.EXE[1532] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001203FC
.text C:\Windows\Explorer.EXE[1532] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00120804
.text C:\Windows\Explorer.EXE[1532] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001201F8
.text C:\Windows\Explorer.EXE[1532] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00120600
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00310A08
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 003103FC
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00310804
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 003101F8
.text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00310600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!SetUnhandledExceptionFilter 7637F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[1684] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1748] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1748] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1748] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\taskhost.exe[1760] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1760] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1760] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000E0600
.text C:\Program Files\IDT\WDM\aestsrv.exe[1888] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\aestsrv.exe[1888] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\aestsrv.exe[1888] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001403FC
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00140804
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001103FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00110804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001101F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2484] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2484] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2484] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00210A08
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002103FC
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00210804
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002101F8
.text C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00210600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001A03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001A0804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2616] KERNEL32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2724] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[2724] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[2724] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00200600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\hkcmd.exe[2836] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[2836] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[2836] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxpers.exe[2852] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[2852] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[2852] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00210A08
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002103FC
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00210804
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002101F8
.text C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00210600
.text C:\Program Files\IDT\WDM\sttray.exe[2896] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\sttray.exe[2896] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\sttray.exe[2896] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[3144] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[3144] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[3144] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00180600
.text C:\Users\Mini-ZZ\Downloads\x2qt5p9s.exe[3172] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3204] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 002603FC
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 002601F8
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00330A08
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 003303FC
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00330804
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 003301F8
.text C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00330600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002203FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00220804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002201F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00220600
.text C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrLoadDll 7777223E 3 Bytes JMP 000301F8
.text C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrLoadDll + 4 77772242 1 Byte [88]
.text C:\Windows\system32\conhost.exe[3292] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 000A0600
.text C:\Windows\system32\wbem\wmiprvse.exe[3584] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\ctfmon.exe[3604] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchIndexer.exe[3760] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3760] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3760] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[3920] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[3920] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[3920] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3972] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3972] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3972] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00230A08
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 002303FC
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00230804
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 002301F8
.text C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00230600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] ntdll.dll!LdrUnloadDll 7776C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] ntdll.dll!LdrLoadDll 7777223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] kernel32.dll!GetBinaryTypeW + 70 763969F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!UnhookWindowsHookEx 75EAADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!UnhookWinEvent 75EAB750 5 Bytes JMP 001903FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWindowsHookExW 75EAE30C 5 Bytes JMP 00190804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWinEventHook 75EB24DC 5 Bytes JMP 001901F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWindowsHookExA 75ED6D0C 5 Bytes JMP 00190600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7136F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7136F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
--- --- ---
und OSAM
OSAM Logfile: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:27:35 on 14.04.2012
OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"HP Documentation.cpl" - "Hewlett-Packard" - C:\Windows\system32\HP Documentation.cpl
"HPWA.cpl" - "Hewlett-Packard" - C:\Windows\system32\HPWA.cpl
"QuickWebConfTool.cpl" - "DeviceVM, Inc." - C:\Windows\system32\QuickWebConfTool.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"catchme" (catchme) - ? - C:\Users\Mini-ZZ\AppData\Local\Temp\catchme.sys (File not found)
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} "StubPath" - "ArcSoft Inc." - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe "/installer"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} "NSE_WithSubFld" - ? - C:\Program Files\Hewlett-Packard\Recovery\Protect.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
{855156F0-2A0F-11DE-8C30-0800200C9A66} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
{B3C78E40-6B64-47C3-AE34-60B770881EB8} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
{D25B32FE-CB96-491A-98FF-AD59DA382D69} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} "Add to Evernote" - "Evernote Corporation" - C:\Program Files\Evernote\Evernote3.5\enbar.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Media Suite.lnk" - "ArcSoft Inc." - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"HP Quick Launch" - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"HPWirelessAssistant" - ? - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden (File found, but it contains no detailed information)
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ZumoDrive" - ? - "C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"DCService.exe" (DCService.exe) - ? - C:\ProgramData\DatacardService\DCService.exe
"DeviceVM Meta Data Export Service" (DvmMDES) - "DeviceVM, Inc." - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"HP Wireless Assistant Service" (HP Wireless Assistant Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
"HPWMISVC" (HPWMISVC) - ? - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]
und aswMBR Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-14 11:31:38
-----------------------------
11:31:38.618 OS Version: Windows 6.1.7601 Service Pack 1
11:31:38.618 Number of processors: 2 586 0x1C0A
11:31:38.618 ComputerName: HP-MINI-ZZ UserName: Mini-ZZ
11:31:44.843 Initialize success
11:31:45.841 AVAST engine defs: 12041301
11:32:20.832 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:32:20.848 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
11:32:20.879 Disk 0 MBR read successfully
11:32:20.894 Disk 0 MBR scan
11:32:20.894 Disk 0 unknown MBR code
11:32:20.910 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:32:20.941 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220817 MB offset 409600
11:32:20.972 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17354 MB offset 452642816
11:32:21.004 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
11:32:21.035 Disk 0 scanning sectors +488395120
11:32:21.097 Disk 0 scanning C:\Windows\system32\drivers
11:32:42.890 Service scanning
11:33:24.152 Modules scanning
11:33:55.134 Disk 0 trace - called modules:
11:33:55.197 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:33:55.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85575030]
11:33:55.243 3 CLASSPNP.SYS[887b359e] -> nt!IofCallDriver -> [0x84b46890]
11:33:55.259 5 ACPI.sys[8808c3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b35028]
11:33:59.346 AVAST engine scan C:\Windows
11:34:07.552 AVAST engine scan C:\Windows\system32
11:37:39.463 AVAST engine scan C:\Windows\system32\drivers
11:38:00.632 AVAST engine scan C:\Users\Mini-ZZ
11:39:11.097 AVAST engine scan C:\ProgramData
11:42:02.604 Scan finished successfully
11:44:09.323 Disk 0 MBR has been saved successfully to "C:\Users\Mini-ZZ\Desktop\MBR.dat"
11:44:09.338 The log file has been saved successfully to "C:\Users\Mini-ZZ\Desktop\aswMBR.txt"
|
