Tenreijo | 19.07.2012 03:59 | Hier sind die Logs von:
Osam Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 03:03:31 on 19.07.2012
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 13.0.1
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVAST Software" - C:\WINDOWS\system32\aswBoot.exe
[Common]
-----( %SystemRoot%\Tasks )-----
"avast! Emergency Update.job" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"azu36ve8" (azu36ve8) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\azu36ve8.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\DOCUME~1\******\LOCALS~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"KeyScrambler" (KeyScrambler) - "QFX Software Corporation" - C:\WINDOWS\System32\drivers\keyscrambler.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MGHwCtrl" (MGHwCtrl) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\MGHwCtrl.sys
"pbfilter" (pbfilter) - ? - C:\Program Files\PeerBlock\pbfilter.sys (File found, but it contains no detailed information)
"PCAMPR5 NDIS Protocol Driver" (PCAMPR5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCAMPR5.SYS
"PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"Ralink 802.11n USB Wireless LAN Card Driver" (rt2870) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt2870.sys
"Realtek Intermediate Driver for Ethernet Extended Features" (RTLTEAMING) - ? - C:\WINDOWS\System32\DRIVERS\RTLTEAMING.SYS (File not found)
"Realtek NDIS Protocol Driver" (RtNdPt5x) - ? - C:\WINDOWS\System32\DRIVERS\RtNdPt5x.sys (File not found)
"Realtek VLAN Intermediate Driver" (RTLVLAN) - ? - C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys
"SSHDRV85" (SSHDRV85) - ? - C:\WINDOWS\system32\drivers\SSHDRV85.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Extension Affichage Panorama du Panneau de configuration" - ? - (File not found | COM-object registry key not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Extensions de l'environnement de compression de fichiers" - ? - (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Menu contextuel de cryptage" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information)
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found)
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found)
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 DragDrop Shell Extension" - ? - (File not found | COM-object registry key not found)
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Property Sheet Shell Extension" - ? - (File not found | COM-object registry key not found)
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_22\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B745F984-EF2E-40D6-A9AC-D8CED7230E61} "ClsidExtension" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} "CKeyScramblerBHO Object" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
[Logon]
-----( %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-----( %UserProfile%\Menu Démarrer\Programmes\Démarrage )-----
"desktop.ini" - ? - C:\Documents and Settings\******\Menu Démarrer\Programmes\Démarrage\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"PeerBlock" - "PeerBlock, LLC" - C:\Program Files\PeerBlock\peerblock.exe
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Gestion d'applications" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"O2Micro Flash Memory" (O2Flash) - ? - C:\WINDOWS\system32\o2flash.exe (File found, but it contains no detailed information)
"SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe (File found, but it contains no detailed information)
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe
"Service d'état ASP.NET" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Installation de logiciel" - ? - appmgmts.dll (File not found)
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Gmer Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-19 04:28:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 ExcelStor_Technology_J880S rev.PF2OA60A
Running: 30fhpqri.exe; Driver: C:\DOCUME~1\******\LOCALS~1\Temp\fglcrfow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEE66A536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEE73B7BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xEE66AF52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEE6AAC31]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEE675D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEE675DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEE675F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEE6AA5E5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEE675CE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEE675E0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEE675D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xEE66B146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEE675F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xEE66B8CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEE66A584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEE6AB2F7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEE6AB5AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEE66EF36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEE6AB162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEE6AAFCD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEE73B89E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEE66A1EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEE66A5D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEE66F2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEE66C292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEE675DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEE675DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEE675F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEE6AA941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEE675D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEE66EAAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEE675E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEE675D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEE66ECDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEE675F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEE73BA1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEE6AAE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEE66C15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEE6AAC9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xEE66BD08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEE747338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEE6A9C58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEE66A620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEE66A66E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xEE66B74A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEE66A276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEE66A426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEE6AB3FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEE66A3CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xEE66BA2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xEE66BB88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEE66A496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xEE66B468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xEE66B5CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEE66A6BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xEE66AF96]
INT 0x63 ? FAF54E54
INT 0x73 ? FA5EFE54
INT 0x83 ? FAFB6C3C
INT 0x84 ? FA977E54
INT 0x92 ? FAA587E4
INT 0x93 ? FAD4B2AC
INT 0x94 ? FA95E644
INT 0xA4 ? FAA227A4
INT 0xB1 ? FAF5A2AC
INT 0xB4 ? FAADF644
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE753744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 122 E0B9497C 4 Bytes CALL A3A7B0DD
.text ntoskrnl.exe!ZwYieldExecution + 25E E0B94AB8 4 Bytes JMP 84F6EE66
.text ntoskrnl.exe!ZwYieldExecution + 3C2 E0B94C1C 12 Bytes [20, A6, 66, EE, 6E, A6, 66, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A E0B94CC4 12 Bytes [2C, BA, 66, EE, 88, BB, 66, ...]
PAGE ntoskrnl.exe!ObInsertObject E0C1DA64 5 Bytes JMP EE7520FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC E0C26705 4 Bytes CALL EE66C943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx E0C3B7F4 7 Bytes JMP EE753748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject E0C90536 5 Bytes JMP EE75061C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF6842B2E]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF579F000, 0x275B27, 0xE8000020]
.text azu36ve8.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 F569E900 48 Bytes [3D, 54, DB, 53, 6D, 8B, 1F, ...]
? C:\WINDOWS\System32\Drivers\azu36ve8.SYS suspicious PE modification
.text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xEEA1B000, 0x24A24, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xEEA4E000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xEEA64000, 0x8E, 0x42000040]
.text win32k.sys!EngFreeUserMem + 674 DE00992D 5 Bytes JMP EE6708C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 DE00C889 5 Bytes JMP EE6707B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 DE013921 5 Bytes JMP EE67076A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 DE01C58B 5 Bytes JMP EE66FE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 DE0240FB 5 Bytes JMP EE66F538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C DE028A65 5 Bytes JMP EE670A2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 DE0314B0 5 Bytes JMP EE670C32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 DE039EE7 5 Bytes JMP EE670670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED DE051775 5 Bytes JMP EE66F3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 DE05BCAA 5 Bytes JMP EE66FEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 DE05E314 5 Bytes JMP EE66F992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C DE05E39F 5 Bytes JMP EE66FC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 DE05F612 5 Bytes JMP EE66F3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 DE0649E1 5 Bytes JMP EE6707FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB DE0731DB 5 Bytes JMP EE66FA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 DE073D18 5 Bytes JMP EE66FC12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 DE090E16 5 Bytes JMP EE66FEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE DE0943C1 5 Bytes JMP EE670972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 DE094E99 5 Bytes JMP EE670B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 DE09C24E 5 Bytes JMP EE66FE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 DE09D7E3 5 Bytes JMP EE66F5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 DE0C1D20 5 Bytes JMP EE66F6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 DE0CA1B1 2 Bytes JMP EE66F790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 151A DE0CA1B4 2 Bytes [5A, 10]
.text win32k.sys!EngFillPath + 1797 DE0CA431 5 Bytes JMP EE66F8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3AFB DE0EBDB4 5 Bytes JMP EE66F2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB0D DE0F4DC6 5 Bytes JMP EE66FE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F DE1142E4 5 Bytes JMP EE66F4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 DE114EB8 5 Bytes JMP EE66F664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C DE117831 5 Bytes JMP EE66FD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 DE147980 5 Bytes JMP EE670AE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[824] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[888] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[904] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1440] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\System Control Manager\edd.exe[1636] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\Program Files\System Control Manager\edd.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\System Control Manager\edd.exe[1636] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\Program Files\System Control Manager\edd.exe[1636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\o2flash.exe[1980] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\o2flash.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\o2flash.exe[1980] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\o2flash.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\RTHDCPL.EXE[2120] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[2120] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2120] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[2120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002C03FC
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003A1014
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003A0804
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003A0A08
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003A0C0C
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003A0E10
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003A01F8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003A03FC
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003A0600
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 003B0804
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 3 Bytes JMP 003B0A08
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!UnhookWindowsHookEx + 4 7E3AD5F7 1 Byte [82]
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 003B0600
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 003B01F8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 001501F8
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 001503FC
.text C:\Program Files\Secunia\PSI\sua.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 3 Bytes JMP 00391014
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E06D85 1 Byte [88]
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00390804
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00390A08
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00390C0C
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00390E10
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003901F8
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003903FC
.text C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3604] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3604] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3604] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3604] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3604] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 002C0600
.text C:\Documents and Settings\******\Bureau\30fhpqri.exe[3684] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Documents and Settings\******\Bureau\30fhpqri.exe[3684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F674E232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F674D730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F674DF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F674D730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F674D914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F674D856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F674E0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F674DF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!KeInsertQueueDpc] FADCC5E8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] FADCC2F8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F6761EB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] FAC4E2F8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[972] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT C:\WINDOWS\system32\services.exe[972] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs FAF901E8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom FAAF0430
Device \Driver\usbstor \Device\0000008e FAE1E430
Device \Driver\usbstor \Device\0000008f FAE1E430
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{C4C5D9D8-EF89-402D-AE7C-D249AB041AE4} FA9AD430
Device \Driver\usbuhci \Device\USBPDO-0 FAD101E8
Device \Driver\usbuhci \Device\USBPDO-1 FAD101E8
Device \Driver\usbehci \Device\USBPDO-2 FAD031E8
Device \Driver\usbuhci \Device\USBPDO-3 FAD101E8
Device \Driver\PCI_PNP5646 \Device\00000054 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\usbuhci \Device\USBPDO-4 FAD101E8
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBPDO-5 FAD101E8
Device \Driver\usbuhci \Device\USBPDO-6 FAD101E8
Device \Driver\usbehci \Device\USBPDO-7 FAD031E8
Device \Driver\Cdrom \Device\CdRom0 FADF4430
Device \Driver\atapi \Device\Ide\IdePort0 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 FADF4430
Device \Driver\Cdrom \Device\CdRom2 FADF4430
Device \Driver\usbstor \Device\00000090 FAE1E430
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl FAB9D430
Device \Driver\NetBT \Device\NetBt_Wins_Export FA9AD430
Device \Driver\usbstor \Device\00000091 FAE1E430
Device \Driver\usbstor \Device\00000092 FAE1E430
Device \Driver\NetBT \Device\NetbiosSmb FA9AD430
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\usbuhci \Device\USBFDO-0 FAD101E8
Device \Driver\usbuhci \Device\USBFDO-1 FAD101E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FAAAD430
Device \Driver\usbehci \Device\USBFDO-2 FAD031E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FAAAD430
Device \Driver\usbuhci \Device\USBFDO-3 FAD101E8
Device \Driver\usbuhci \Device\USBFDO-4 FAD101E8
Device \Driver\usbuhci \Device\USBFDO-5 FAD101E8
Device \Driver\usbstor \Device\0000008b FAE1E430
Device \Driver\usbuhci \Device\USBFDO-6 FAD101E8
Device \Driver\usbstor \Device\0000008c FAE1E430
Device \Driver\usbehci \Device\USBFDO-7 FAD031E8
Device \Driver\azu36ve8 \Device\Scsi\azu36ve81Port6Path0Target0Lun0 FAC3A1E8
Device \Driver\azu36ve8 \Device\Scsi\azu36ve81 FAC3A1E8
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Fastfat \Fat FAAF0430
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Cdfs \Cdfs FAC01430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0x34 0x85 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x68 0x7C 0x9A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2D 0xA2 0x20 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xA4 0xB9 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x68 0x7C 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0xAA 0xCA 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0xE5 0x53 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x68 0x7C 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x04 0x0D 0xD3 ...
---- EOF - GMER 1.0.15 ----
aswMBR Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-19 04:33:37
-----------------------------
04:33:37.328 OS Version: Windows 5.1.2600 Service Pack 3
04:33:37.328 Number of processors: 2 586 0x409
04:33:37.328 ComputerName: *****-37AD7B7B3 UserName: ******
04:33:38.000 Initialize success
04:33:41.515 AVAST engine defs: 12071900
04:34:33.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
04:34:33.562 Disk 0 Vendor: ExcelStor_Technology_J880S PF2OA60A Size: 78533MB BusType: 3
04:34:33.578 Disk 0 MBR read successfully
04:34:33.578 Disk 0 MBR scan
04:34:33.578 Disk 0 Windows XP default MBR code
04:34:33.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78520 MB offset 63
04:34:33.593 Disk 0 scanning sectors +160810650
04:34:33.703 Disk 0 scanning C:\WINDOWS\system32\drivers
04:34:46.593 Service scanning
04:35:01.171 Modules scanning
04:35:08.859 Disk 0 trace - called modules:
04:35:08.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
04:35:08.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfaf43ab8]
04:35:08.906 3 CLASSPNP.SYS[f68c7fd7] -> nt!IofCallDriver -> \Device\0000007c[0xfaf089e8]
04:35:08.906 5 ACPI.sys[f6722620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0xfaeedd98]
04:35:09.500 AVAST engine scan C:\WINDOWS
04:35:15.031 AVAST engine scan C:\WINDOWS\system32
04:37:38.218 AVAST engine scan C:\WINDOWS\system32\drivers
04:37:56.796 AVAST engine scan C:\Documents and Settings\******
04:40:25.906 AVAST engine scan C:\Documents and Settings\All Users
04:40:38.953 Scan finished successfully
04:40:46.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\******\Bureau\MBR.dat"
04:40:46.593 The log file has been saved successfully to "C:\Documents and Settings\******\Bureau\aswMBR.txt" Und eine kleine Frage: Seit dem Scan von ComboFix startet der Hintergrundwächter von Avast nicht mehr automatisch, muss jedesmal auf den Avast Shortcut drücken um ihn zu aktivieren (er erscheint auch nicht mehr ihm Startup, wenn ich unter CCleaner überprüfe), ist dies normal/geplannt... und wenn ja, kannst du mir sagen wie ich ihn später wieder als Autorun aktivieren kann (und ab wann)? |