Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner.LowZones (https://www.trojaner-board.de/62979-trojaner-lowzones.html)

Silent sharK 27.10.2008 15:29
Hm,
und das ist im Safe Mode dasselbe? :confused:
Naja, legen wir das mal beiseite.
Ein Rootkitscan kann evtl. auch Aufklärung bringen:

Blacklight scannen lassen
  • Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link.
  • Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen.
  • Klick "I accept the agreement", "next", "Scan".
  • Wenn der Scan fertig ist beende Blacklight mit "Close".
  • Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern.


Sophos scannen lassen
  • Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe.
  • Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht.
  • Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme.
  • Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse.
  • Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten.


Gmer scannen lassen

Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
  • Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.
  • Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist
  • (Wichtig: "Show all" darf nicht angehakt sein)
  • Starte den Durchlauf mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
  • Füge das Log aus der Zwischenablage in deine Antwort hier ein.

Scara 27.10.2008 15:54
hab nun Gmer scannen lassen, ich kops in mehreren antworten da es sonst zu lange ist.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-27 15:50:34
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8D355D50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8D356B38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8D35617C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0x8D355346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0x8D355964]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0x8D3550A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0x8D3557D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8D355F36]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0x8D354C78]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0x8D354B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0x8D3567D8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0x8D355B74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0x8D35484A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0x8D35567A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0x8D3549D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8D3551BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0x8D3565B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0x8D356978]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0x8D355508]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0x8D35556E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0x8D354F72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0x8D354E40]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThreadEx [0x8D356282]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateUserProcess [0x8D356D82]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!KeInsertQueue + 309 820B7900 4 Bytes [ 50, 5D, 35, 8D ]
.text ntoskrnl.exe!KeInsertQueue + 32D 820B7924 8 Bytes [ 38, 6B, 35, 8D, 7C, 61, 35, ... ]
.text ntoskrnl.exe!KeInsertQueue + 3B1 820B79A8 4 Bytes [ 46, 53, 35, 8D ]
.text ntoskrnl.exe!KeInsertQueue + 3C9 820B79C0 4 Bytes [ 64, 59, 35, 8D ]
.text ntoskrnl.exe!KeInsertQueue + 3F5 820B79EC 4 Bytes [ A8, 50, 35, 8D ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 003D4F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 003D5060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] USER32.dll!mouse_event 75A81305 5 Bytes JMP 003D16D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 003D4C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 003D1550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 003D1860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 003D1230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 003D13C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 003D4AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[396] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 003D4960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\conime.exe[540] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[608] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[696] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[740] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[752] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 00644F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 00645060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 00641860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 00641230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 006413C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] USER32.dll!mouse_event 75A81305 5 Bytes JMP 006416D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 00644C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 00641550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 00644AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[756] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 00644960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[764] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.

Scara 27.10.2008 15:55
text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[820] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[912] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[936] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1004] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1100] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1168] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1184] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchProtocolHost.exe[1260] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] GDI32.dll!

Scara 27.10.2008 15:56
CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1392] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1544] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1676] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1688] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\vssvc.exe[1900] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[2000] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2032] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro\o2flash.exe[2264] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Miranda IM\miranda32.exe[2284] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2324] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2340] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2380] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[2488] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ntdll.dll!NtClose 771F7F48 5 Bytes JMP

Silent sharK 27.10.2008 15:58
Wenn du einen Router hast, kannst du die Comodo Firewall runterhauen, die brauchst du nicht.
Windows Defender reicht auch so vollkommen aus.

Ich muss auch noch was gestehen, mir fiel gerade ein, das Combofix/SDFix bei dir überhaupt nicht läuft. :schmoll:
Entschuldige bitte, war mein Fehler. :headbang:

Scara 27.10.2008 15:58
10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2892] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[3196] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[3224] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[3380] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\explorer.exe[3504] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3600] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\rundll32.exe[3676] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\RtHDVCpl.exe[3744] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[3776] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 00224F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 00225060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] USER32.dll!mouse_event 75A81305 5 Bytes JMP 002216D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 00224C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 00221550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 00221860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 00221230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 002213C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 00224AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3788] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 00224960 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Users\Theresa\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3808] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[3964] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[3972] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860

Scara 27.10.2008 15:59
C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[4000] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4052] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP

Scara 27.10.2008 16:01
10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE[4060] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ntdll.dll!LdrUnloadDll 771DE89C 7 Bytes JMP 10004F90 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ntdll.dll!NtClose 771F7F48 5 Bytes JMP 10005060 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] GDI32.dll!BitBlt 76E26CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] GDI32.dll!CreateDCA 76E2AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] GDI32.dll!CreateDCW 76E2ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] USER32.dll!mouse_event 75A81305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] USER32.dll!EndTask 75A9ACCF 5 Bytes JMP 10004C30 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] USER32.dll!keybd_event 75AAD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ole32.dll!CoGetClassObject 75B26120 5 Bytes JMP 10004AD0 C:\Windows\system32\guard32.dll
.text C:\Program Files\RALINK\Common\RaUI.exe[4068] ole32.dll!CoCreateInstanceEx 75B3E1CB 5 Bytes JMP 10004960 C:\Windows\system32\guard32.dll

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 002D0002
IAT C:\Windows\system32\services.exe[740] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 002D0000

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 KBFilter.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Scara 27.10.2008 16:06
okay, comodo hab ich direkt mal deinstalliert ;)
na ich bin regelrecht beruhigt, dass es nicht an meinem laptop liegt, dass die beiden Programme nicht funktionieren^^

Silent sharK 27.10.2008 16:09
War ja nicht deine Schuld, das nichts ging. ;)

Findet MBAM noch etwas?

Scara 27.10.2008 16:11
ich kann MBAM nochmal drüberlaufen lassen, das wird allerdings wieder 1,5 std dauern..und defender zickt gelegentlich noch wegen trojan.vundo rum

Silent sharK 27.10.2008 16:17
Dieses Programm dürfte nicht schaden:

SUPERAntiSpyware:
  • Lade dir SUPERAntiSpyware und installiere es
  • Folge den Anweisungen und poste das entstandene Logfile

Kannst du noch ein frisches HijackThis Logfile posten?

Scara 27.10.2008 16:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:01, on 27.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\explorer.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C5342A05-B31C-4ACF-BCD7-323639F8955D} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Messenger Service] service.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnlKEwx.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: On Screen Display.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EE01584-06CF-402C-A5D4-0A941CF88137}: NameServer = 192.168.2.1
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 6645 bytes



das andere Programm lad ich mal eben fix

Silent sharK 27.10.2008 16:25
Da ist noch was Böses:

Start => Systemsteuerung => Programme Deinstallieren => Ask Toolbar deinstallieren.

Mit HijackThis fixen:
  • Öffne HijackThis
  • Klicke auf "do a system scan only"
  • Setze ein Häkchen bei:
  • Code:
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnlKEwx.dll,#1
    O2 - BHO: (no name) - {C5342A05-B31C-4ACF-BCD7-323639F8955D} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
  • Klicke auf "fix checked"
  • Starte den Rechner neu
    		•

    Scara 27.10.2008 17:35
    Hier das Ergebnis von SUPERAntiSpyware:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/27/2008 at 05:30 PM

    Application Version : 4.21.1004

    Core Rules Database Version : 3609
    Trace Rules Database Version: 1595

    Scan type : Complete Scan
    Total Scan Time : 01:02:01

    Memory items scanned : 559
    Memory threats detected : 1
    Registry items scanned : 5096
    Registry threats detected : 5
    File items scanned : 99759
    File threats detected : 1

    Trojan.Vundo-Variant/Small-GEN
    C:\WINDOWS\SYSTEM32\OPNLKEWX.DLL
    C:\WINDOWS\SYSTEM32\OPNLKEWX.DLL

    Trojan.Vundo-Variant/NextGen
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{99C158B9-FA74-4E49-971E-708F37B235D7}
    HKCR\CLSID\{99C158B9-FA74-4E49-971E-708F37B235D7}
    HKCR\CLSID\{99C158B9-FA74-4E49-971E-708F37B235D7}\InprocServer32
    HKCR\CLSID\{99C158B9-FA74-4E49-971E-708F37B235D7}\InprocServer32#ThreadingModel

    Adware.Vundo Variant/Rel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Windows\system32\opnlKEwx.dl


    Alle Zeitangaben in WEZ +1. Es ist jetzt 05:25 Uhr.
    Seite 2 von 3 1 2 3
    100 Beiträge dieses Themas auf einer Seite anzeigen

    Copyright ©2000-2025, Trojaner-Board


    Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131