Home » Viren, Trojaner & Malware Forum » Trojaner TR/Crypt.XPACK.Gen taucht immer wieder auf » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Trojaner TR/Crypt.XPACK.Gen taucht immer wieder auf

11.01.2012, 15:02

Lilllith

Member

Beiträge: 11

#1 Hallo miteinander,

ich habe das Problem, dass Avira immer wieder den oben genannten Trojaner findet. Er meldet dann: keinen Zugriff auf das Virus, was soll damit geschehen? Wenn man es löscht, ist es später in Quarantäne und wenn man es dort löscht, taucht es nach einiger Zeit wieder auf. Ich hab den Trojaner jetzt wahrscheinlich etliche Monate und schon alles mögliche versucht, werde ihn aber nicht los! Vielleicht könnt ihr mir helfen.

11.01.2012, 15:11

Lilllith

Member

Themenstarter

Beiträge: 11

Code

OTL logfile created on: 11.01.2012 11:41:03 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Gundula\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
447,48 Mb Total Physical Memory | 233,10 Mb Available Physical Memory | 52,09% Memory free
1,03 Gb Paging File | 0,68 Gb Available in Paging File | 65,66% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,55 Gb Total Space | 52,10 Gb Free Space | 69,89% Space Free | Partition Type: NTFS
 
Computer Name: GUNDULA-PC | User Name: Gundula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.01.11 11:09:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gundula\Desktop\OTL.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.10.05 09:18:07 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.05 09:17:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.01.10 20:08:53 | 001,666,560 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12011001\algo.dll
MOD - [2011.10.05 09:18:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2009.01.18 14:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.10.05 09:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.05 09:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.08.09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012.01.04 11:13:55 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.09.15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.11.19 14:33:20 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003.10.30 02:36:36 | 000,011,264 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003.10.30 01:54:58 | 000,427,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003.07.18 08:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2001.08.17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.20 13:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.01.08 17:07:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.08 16:51:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.01 18:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.11.11 20:18:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.20 13:40:17 | 000,000,000 | ---D | M]
 
[2010.09.18 18:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Mozilla\Extensions
[2010.09.18 18:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.11 12:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Mozilla\Firefox\Profiles\3d9vlyzf.default\extensions
[2011.11.11 20:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 17:07:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.01.08 16:51:08 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.17 17:12:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
 
O1 HOSTS File: ([2011.10.09 17:32:28 | 000,438,085 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15067 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9BCE472-D4FB-4C2B-9500-353FDA650E90}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.08.17 08:08:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]ApnUpdater[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]avast[/b] - hkey= - key= - C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
MsConfig - StartUpReg: [b]Cmaudio[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]CTFMON.EXE[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: [b]IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}[/b] - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: [b]KernelFaultCheck[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]NBKeyScan[/b] - hkey= - key= - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: [b]NokiaMServer[/b] - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: [b]NokiaOviSuite2[/b] - hkey= - key= - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: [b]Panda Security URL Filtering[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]PSUNMain[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]SiS Windows KeyHook[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]SiSUSBRG[/b] - hkey= - key= - C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
MsConfig - StartUpReg: [b]SpybotSD TeaTimer[/b] - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.01.11 11:09:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gundula\Desktop\OTL.exe
[2012.01.11 10:46:13 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.01.11 10:45:02 | 004,306,986 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Gundula\Desktop\ComboFix.exe
[2012.01.11 10:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.01.10 16:37:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.10 16:36:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.10 16:36:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.10 15:46:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\Opera
[2012.01.10 15:46:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Opera
[2012.01.10 15:41:10 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2012.01.10 15:23:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gundula\ntsvcfg
[2012.01.10 14:18:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gundula\Eigene Dateien\scharnier-Dateien
[2012.01.08 16:49:20 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Gundula\Recent
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.01.11 11:15:16 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.11 11:15:07 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.11 11:09:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gundula\Desktop\OTL.exe
[2012.01.11 10:45:39 | 004,306,986 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Gundula\Desktop\ComboFix.exe
[2012.01.11 10:24:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.11 10:18:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.10 23:36:14 | 000,539,848 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.10 23:36:14 | 000,509,270 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.10 23:36:14 | 000,119,768 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.10 23:36:14 | 000,099,228 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.10 18:25:47 | 000,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoomBrowser EX.lnk
[2012.01.10 16:37:13 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.10 15:45:34 | 000,001,463 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2012.01.10 15:15:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.01.10 14:18:39 | 000,140,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Gundula\Eigene Dateien\scharnier.htm
[2012.01.08 17:07:26 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.01.05 21:04:27 | 000,003,412 | -H-- | M] () -- C:\Dokumente und Einstellungen\Gundula\Desktop\ZbThumbnail.info
[2012.01.05 16:45:30 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.01.05 08:46:30 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.04 12:07:21 | 000,001,716 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2012.01.04 11:13:55 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.01.10 16:37:13 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.10 15:45:36 | 000,001,469 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk
[2012.01.10 15:45:32 | 000,001,463 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
[2012.01.10 14:18:36 | 000,140,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Gundula\Eigene Dateien\scharnier.htm
[2011.08.27 22:39:29 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.07.17 18:48:58 | 000,213,601 | ---- | C] () -- C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\census.cache
[2011.07.17 18:47:57 | 000,184,459 | ---- | C] () -- C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2011.07.17 18:24:47 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2011.06.10 16:44:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.12.19 13:22:13 | 000,321,536 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010.01.06 16:16:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RAWImage.INI
[2009.08.22 13:32:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.08.19 17:20:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009.08.19 16:55:20 | 000,132,333 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009.08.17 22:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.08.17 22:31:15 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.17 21:48:03 | 000,017,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Gundula\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.17 08:46:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009.08.17 08:46:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009.08.17 08:46:49 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2009.08.17 08:46:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009.08.17 08:46:49 | 000,000,130 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009.08.17 08:46:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.17 08:45:21 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.08.17 08:41:31 | 000,127,681 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009.08.17 08:41:17 | 000,102,386 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009.08.17 08:12:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.08.17 08:04:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.17 07:56:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2009.08.17 07:29:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2006.05.05 03:25:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,539,848 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.02.28 13:00:00 | 000,509,270 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,119,768 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.02.28 13:00:00 | 000,099,228 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.01.03 09:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2004.04.23 22:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2001.07.07 02:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.11.11 13:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.01.21 21:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2010.06.30 08:08:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2011.01.27 12:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.10.29 07:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011.08.23 18:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panda Security
[2010.09.30 12:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.01.22 14:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.11.11 12:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2011.07.17 20:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.07.17 20:21:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.08.21 19:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011.01.21 19:14:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.10.07 12:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Image Zone Express
[2010.11.20 17:11:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Nokia
[2012.01.10 15:46:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Opera
[2011.08.23 19:20:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Panda Security
[2010.09.30 12:18:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\PC Suite
[2011.07.03 20:47:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\PriceGong
[2010.08.15 14:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Softland
[2010.09.18 18:16:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\Thunderbird
[2011.07.17 20:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gundula\Anwendungsdaten\TuneUp Software
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.11.11 12:15:50 | 000,000,000 | ---D | M] -- C:\00e55121eae1ee3860
[2011.11.11 10:43:18 | 000,000,000 | ---D | M] -- C:\1d308bf9bdf25bc74db5d5937d31
[2012.01.11 11:03:12 | 000,000,000 | --SD | M] -- C:\32788R22FWJFW
[2011.10.09 21:12:59 | 000,000,000 | ---D | M] -- C:\AULOGS
[2010.05.09 23:13:01 | 000,000,000 | ---D | M] -- C:\b369b193366731f12d0e46b0
[2010.12.22 19:09:36 | 000,000,000 | ---D | M] -- C:\Bewerbungen
[2012.01.10 23:39:40 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.08.17 22:20:43 | 000,000,000 | ---D | M] -- C:\Desktop
[2009.08.17 08:16:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.08.06 12:58:49 | 000,000,000 | R--D | M] -- C:\Eigene Bilder
[2011.08.27 22:08:54 | 000,000,000 | -H-D | M] -- C:\kleaner.tmp
[2010.12.22 19:10:05 | 000,000,000 | ---D | M] -- C:\Lisa
[2011.08.20 09:33:56 | 000,000,000 | ---D | M] -- C:\PC
[2011.08.06 13:05:11 | 000,000,000 | ---D | M] -- C:\Privat
[2012.01.10 16:36:48 | 000,000,000 | R--D | M] -- C:\Programme
[2009.08.17 22:44:39 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.08.17 21:26:07 | 000,000,000 | ---D | M] -- C:\Software
[2010.12.22 19:08:35 | 000,000,000 | ---D | M] -- C:\Sophie
[2012.01.04 16:44:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.23 18:42:53 | 000,000,000 | ---D | M] -- C:\temp
[2009.08.17 09:14:45 | 000,000,000 | ---D | M] -- C:\Treiber
[2012.01.11 10:38:00 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
Invalid Environment Variable: LOCALAPPDATA
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2006.02.28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2006.02.28 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-10 22:39:41
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:24051EFF

< End of report >

11.01.2012, 15:12

Lilllith

Member

Themenstarter

Beiträge: 11

Code

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-11 14:48:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK200-04
Running: z692tg1x.exe; Driver: C:\DOKUME~1\Gundula\LOKALE~1\Temp\pxddrfob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwAddBootEntry [0xA92D5FC4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwAllocateVirtualMemory [0xA933A510]
SSDT            AADB6764                                                                                                       ZwClose
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEvent [0xA92D8456]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEventPair [0xA92D84AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateIoCompletion [0xA92D85C4]
SSDT            AADB671E                                                                                                       ZwCreateKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateMutant [0xA92D83AC]
SSDT            AADB676E                                                                                                       ZwCreateSection
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateSemaphore [0xA92D8400]
SSDT            AADB6714                                                                                                       ZwCreateThread
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateTimer [0xA92D8572]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDeleteBootEntry [0xA92D5FE8]
SSDT            AADB6723                                                                                                       ZwDeleteKey
SSDT            AADB672D                                                                                                       ZwDeleteValueKey
SSDT            AADB675F                                                                                                       ZwDuplicateObject
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwEnumerateKey [0xA92F9BDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwEnumerateValueKey [0xA92F9A45]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwFreeVirtualMemory [0xA933A5C0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwLoadDriver [0xA92D5DB2]
SSDT            AADB6732                                                                                                       ZwLoadKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwModifyBootEntry [0xA92D600C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeKey [0xA92D89BC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeMultipleKeys [0xA92D6AA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEvent [0xA92D8486]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEventPair [0xA92D84D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenIoCompletion [0xA92D85EE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenKey [0xA92F93B9]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenMutant [0xA92D83D8]
SSDT            AADB6700                                                                                                       ZwOpenProcess
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSection [0xA92D853E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSemaphore [0xA92D842E]
SSDT            AADB6705                                                                                                       ZwOpenThread
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenTimer [0xA92D859C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwProtectVirtualMemory [0xA933A658]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryKey [0xA92F98C0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryObject [0xA92D696A]
SSDT            AADB6787                                                                                                       ZwQueryValueKey
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwRenameKey [0xA93429E6]
SSDT            AADB673C                                                                                                       ZwReplaceKey
SSDT            AADB6778                                                                                                       ZwRequestWaitReplyPort
SSDT            AADB6737                                                                                                       ZwRestoreKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootEntryOrder [0xA92D6030]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootOptions [0xA92D6054]
SSDT            AADB6773                                                                                                       ZwSetContextThread
SSDT            AADB677D                                                                                                       ZwSetSecurityObject
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemInformation [0xA92D5E0C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemPowerState [0xA92D5F48]
SSDT            AADB6728                                                                                                       ZwSetValueKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwShutdownSystem [0xA92D5F24]
SSDT            AADB6782                                                                                                       ZwSystemDebugControl
SSDT            AADB670F                                                                                                       ZwTerminateProcess
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwVdmControl [0xA92D6078]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwCreateProcessEx [0xA934E7A2]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 140                                                                       804E27AC 4 Bytes  CALL 93F75510 
.text           ntoskrnl.exe!_abnormal_termination + 271                                                                       804E28DD 3 Bytes  [A6, 33, A9]
.text           ntoskrnl.exe!_abnormal_termination + 398                                                                       804E2A04 12 Bytes  [30, 60, 2D, A9, 54, 60, 2D, ...]
PAGE            ntoskrnl.exe!ObInsertObject                                                                                    805650BA 5 Bytes  JMP A934D15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                                    8056BB08 4 Bytes  CALL A92D700F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                 8058124C 7 Bytes  JMP A934E7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                             805A038B 5 Bytes  JMP A934B69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           win32k.sys!EngSetLastError + 79A8                                                                              BF8242D4 5 Bytes  JMP A92D8B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + C2CF                                                                          BF85198B 5 Bytes  JMP A92D8AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3581                                                                              BF85E514 5 Bytes  JMP A92D8DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 360C                                                                              BF85E59F 5 Bytes  JMP A92D8FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 88                                                                               BF85F812 5 Bytes  JMP A92D8ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 4128                                                                        BF873F30 5 Bytes  JMP A92D8F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 4DEC                                                                                  BF89DBA0 5 Bytes  JMP A92D8C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEraseSurface + A9F7                                                                              BF8C2130 5 Bytes  JMP A92D8CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1517                                                                                  BF8CA592 5 Bytes  JMP A92D8D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1797                                                                                  BF8CA812 5 Bytes  JMP A92D8D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3B3E                                                                           BF8EC297 5 Bytes  JMP A92D89F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 19DF                                                                                BF91348A 5 Bytes  JMP A92D8B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 25B3                                                                                BF91405E 5 Bytes  JMP A92D8C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4F2C                                                                                BF9169D7 5 Bytes  JMP A92D90D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\spoolsv.exe[128] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] ntdll.dll!LdrLoadDll                                         7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] ntdll.dll!RtlDosSearchPath_U + 186                           7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] ntdll.dll!LdrUnloadDll                                       7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] kernel32.dll!GetBinaryTypeW + 80                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\smss.exe[492] ntdll.dll!RtlDosSearchPath_U + 186                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[548] ntdll.dll!RtlDosSearchPath_U + 186                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[548] KERNEL32.dll!GetBinaryTypeW + 80                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000701F8 
.text           C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000703FC 
.text           C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll                                                        7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!RtlDosSearchPath_U + 186                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrUnloadDll                                                      7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetBinaryTypeW + 80                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!SetServiceObjectSecurity                                       77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigA                                           77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigW                                           77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2A                                          77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2W                                          77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceA                                                 77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceW                                                 77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!DeleteService                                                  77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExW                                                7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWindowsHookEx                                              7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExA                                                7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWinEventHook                                                  7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWinEvent                                                   7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ntdll.dll!LdrLoadDll                                       7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ntdll.dll!RtlDosSearchPath_U + 186                         7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ntdll.dll!LdrUnloadDll                                     7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] kernel32.dll!GetBinaryTypeW + 80                           7C868D8C 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!SetWindowsHookExW                               7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!UnhookWindowsHookEx                             7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!SetWindowsHookExA                               7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!SetWinEventHook                                 7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!UnhookWinEvent                                  7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!UnhookWinEvent + 4                              7E3818B0 1 Byte  [82]
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!SetServiceObjectSecurity                      77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfigA                          77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfigW                          77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfig2A                         77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfig2W                         77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!CreateServiceA                                77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!CreateServiceW                                77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!DeleteService                                 77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ntdll.dll!LdrLoadDll                                                  7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186                                    7C926865 1 Byte  [62]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ntdll.dll!LdrUnloadDll                                                7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] kernel32.dll!GetBinaryTypeW + 80                                      7C868D8C 1 Byte  [62]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity                                 77E06D81 3 Bytes  JMP 00391014 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity + 4                             77E06D85 1 Byte  [88]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfigA                                     77E06E69 5 Bytes  JMP 00390804 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfigW                                     77E07001 5 Bytes  JMP 00390A08 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A                                    77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W                                    77E07189 5 Bytes  JMP 00390E10 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!CreateServiceA                                           77E07211 5 Bytes  JMP 003901F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!CreateServiceW                                           77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!DeleteService                                            77E074B1 5 Bytes  JMP 00390600 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!SetWindowsHookExW                                          7E37820F 5 Bytes  JMP 003A0804 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!UnhookWindowsHookEx                                        7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!SetWindowsHookExA                                          7E381211 5 Bytes  JMP 003A0600 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!SetWinEventHook                                            7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!UnhookWinEvent                                             7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ntdll.dll!LdrLoadDll                                                       7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186                                         7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\cisvc.exe[1192] ntdll.dll!LdrUnloadDll                                                     7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] kernel32.dll!GetBinaryTypeW + 80                                           7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!SetWindowsHookExW                                               7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!UnhookWindowsHookEx                                             7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!SetWindowsHookExA                                               7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!SetWinEventHook                                                 7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!UnhookWinEvent                                                  7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity                                      77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfigA                                          77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfigW                                          77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A                                         77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W                                         77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!CreateServiceA                                                77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!CreateServiceW                                                77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!DeleteService                                                 77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ntdll.dll!LdrLoadDll                          7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186            7C926865 1 Byte  [62]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ntdll.dll!LdrUnloadDll                        7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] kernel32.dll!GetBinaryTypeW + 80              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity         77E06D81 3 Bytes  JMP 00391014 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity + 4     77E06D85 1 Byte  [88]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfigA             77E06E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfigW             77E07001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A            77E07101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W            77E07189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!CreateServiceA                   77E07211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!CreateServiceW                   77E073A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!DeleteService                    77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!SetWindowsHookExW                  7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!UnhookWindowsHookEx                7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!SetWindowsHookExA                  7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!SetWinEventHook                    7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!UnhookWinEvent                     7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrLoadDll                                                             7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!RtlDosSearchPath_U + 186                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrUnloadDll                                                           7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!GetBinaryTypeW + 80                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!SetServiceObjectSecurity                                            77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfigA                                                77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfigW                                                77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfig2A                                               77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfig2W                                               77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateServiceA                                                      77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateServiceW                                                      77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!DeleteService                                                       77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExW                                                     7E37820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!UnhookWindowsHookEx                                                   7E37D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExA                                                     7E381211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWinEventHook                                                       7E3817F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!UnhookWinEvent                                                        7E3818AC 5 Bytes  JMP 002D03FC 
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186                        7C926865 1 Byte  [62]
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1524] kernel32.dll!SetUnhandledExceptionFilter                  7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1524] kernel32.dll!GetBinaryTypeW + 80                          7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ntdll.dll!LdrLoadDll                         7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186           7C926865 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ntdll.dll!LdrUnloadDll                       7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] kernel32.dll!GetBinaryTypeW + 80             7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity        77E06D81 5 Bytes  JMP 003E1014 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfigA            77E06E69 5 Bytes  JMP 003E0804 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfigW            77E07001 5 Bytes  JMP 003E0A08 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A           77E07101 5 Bytes  JMP 003E0C0C 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W           77E07189 5 Bytes  JMP 003E0E10 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!CreateServiceA                  77E07211 5 Bytes  JMP 003E01F8 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!CreateServiceW                  77E073A9 5 Bytes  JMP 003E03FC 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!DeleteService                   77E074B1 5 Bytes  JMP 003E0600 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!SetWindowsHookExW                 7E37820F 5 Bytes  JMP 003F0804 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!UnhookWindowsHookEx               7E37D5F3 5 Bytes  JMP 003F0A08 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!SetWindowsHookExA                 7E381211 5 Bytes  JMP 003F0600 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!SetWinEventHook                   7E3817F7 5 Bytes  JMP 003F01F8 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!UnhookWinEvent                    7E3818AC 5 Bytes  JMP 003F03FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ntdll.dll!LdrLoadDll                   7C92632D 5 Bytes  JMP 001401F8 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ntdll.dll!RtlDosSearchPath_U + 186     7C926865 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ntdll.dll!LdrUnloadDll                 7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] kernel32.dll!GetBinaryTypeW + 80       7C868D8C 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!SetServiceObjectSecurity  77E06D81 5 Bytes  JMP 00381014 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfigA      77E06E69 5 Bytes  JMP 00380804 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfigW      77E07001 5 Bytes  JMP 00380A08 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfig2A     77E07101 5 Bytes  JMP 00380C0C 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfig2W     77E07189 5 Bytes  JMP 00380E10 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!CreateServiceA            77E07211 5 Bytes  JMP 003801F8 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!CreateServiceW            77E073A9 5 Bytes  JMP 003803FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!DeleteService             77E074B1 5 Bytes  JMP 00380600 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!SetWindowsHookExW           7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!UnhookWindowsHookEx         7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!SetWindowsHookExA           7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!SetWinEventHook             7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!UnhookWinEvent              7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!UnhookWinEvent + 4          7E3818B0 1 Byte  [82]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ntdll.dll!LdrLoadDll                                        7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186                          7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ntdll.dll!LdrUnloadDll                                      7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] kernel32.dll!GetBinaryTypeW + 80                            7C868D8C 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!SetWindowsHookExW                                7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!UnhookWindowsHookEx                              7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!SetWindowsHookExA                                7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!SetWinEventHook                                  7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!UnhookWinEvent                                   7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!UnhookWinEvent + 4                               7E3818B0 1 Byte  [82]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity                       77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfigA                           77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfigW                           77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A                          77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W                          77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!CreateServiceA                                 77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!CreateServiceW                                 77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!DeleteService                                  77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ntdll.dll!LdrLoadDll                                                    7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ntdll.dll!LdrUnloadDll                                                  7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity                                   77E06D81 3 Bytes  JMP 00391014 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity + 4                               77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!CreateServiceA                                             77E07211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!CreateServiceW                                             77E073A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!DeleteService                                              77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!UnhookWindowsHookEx                                          7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!SetWinEventHook                                              7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!UnhookWinEvent                                               7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ntdll.dll!LdrLoadDll                                                    7C92632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ntdll.dll!RtlDosSearchPath_U + 186                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ntdll.dll!LdrUnloadDll                                                  7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity                                   77E06D81 5 Bytes  JMP 00381014 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 5 Bytes  JMP 00380A08 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 5 Bytes  JMP 00380C0C 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 5 Bytes  JMP 00380E10 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!CreateServiceA                                             77E07211 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!CreateServiceW                                             77E073A9 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!DeleteService                                              77E074B1 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!UnhookWindowsHookEx                                          7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!SetWinEventHook                                              7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!UnhookWinEvent                                               7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!UnhookWinEvent + 4                                           7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\svchost.exe[2304] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[2304] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2304] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[2304] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ntdll.dll!LdrLoadDll                                     7C92632D 5 Bytes  JMP 001401F8 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186                       7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ntdll.dll!LdrUnloadDll                                   7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] kernel32.dll!GetBinaryTypeW + 80                         7C868D8C 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity                    77E06D81 5 Bytes  JMP 00381014 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfigA                        77E06E69 5 Bytes  JMP 00380804 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfigW                        77E07001 5 Bytes  JMP 00380A08 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A                       77E07101 5 Bytes  JMP 00380C0C 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W                       77E07189 5 Bytes  JMP 00380E10 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!CreateServiceA                              77E07211 5 Bytes  JMP 003801F8 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!CreateServiceW                              77E073A9 5 Bytes  JMP 003803FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!DeleteService                               77E074B1 5 Bytes  JMP 00380600 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!SetWindowsHookExW                             7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!UnhookWindowsHookEx                           7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!SetWindowsHookExA                             7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!SetWinEventHook                               7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!UnhookWinEvent                                7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!UnhookWinEvent + 4                            7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ntdll.dll!LdrLoadDll                                                    7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ntdll.dll!RtlDosSearchPath_U + 186                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ntdll.dll!LdrUnloadDll                                                  7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!UnhookWindowsHookEx                                          7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!SetWinEventHook                                              7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!UnhookWinEvent                                               7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity                                   77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!CreateServiceA                                             77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!CreateServiceW                                             77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!DeleteService                                              77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\alg.exe[3676] ntdll.dll!LdrLoadDll                                                         7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\alg.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3676] ntdll.dll!LdrUnloadDll                                                       7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\alg.exe[3676] kernel32.dll!GetBinaryTypeW + 80                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!SetWindowsHookExW                                                 7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!UnhookWindowsHookEx                                               7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!SetWindowsHookExA                                                 7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!SetWinEventHook                                                   7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!UnhookWinEvent                                                    7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity                                        77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfigA                                            77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfigW                                            77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A                                           77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W                                           77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!CreateServiceA                                                  77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!CreateServiceW                                                  77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!DeleteService                                                   77E074B1 5 Bytes  JMP 002C0600 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]   005E0002
IAT             C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]         005E0000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                         aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                         aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Fastfat \FatCdrom                                                                                  aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                       aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                    aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \FileSystem\Fastfat \Fat                                                                                       aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

11.01.2012, 15:14

Lilllith

Member

Themenstarter

Beiträge: 11

Code

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-11 14:48:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK200-04
Running: z692tg1x.exe; Driver: C:\DOKUME~1\Gundula\LOKALE~1\Temp\pxddrfob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwAddBootEntry [0xA92D5FC4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwAllocateVirtualMemory [0xA933A510]
SSDT            AADB6764                                                                                                       ZwClose
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEvent [0xA92D8456]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateEventPair [0xA92D84AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateIoCompletion [0xA92D85C4]
SSDT            AADB671E                                                                                                       ZwCreateKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateMutant [0xA92D83AC]
SSDT            AADB676E                                                                                                       ZwCreateSection
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateSemaphore [0xA92D8400]
SSDT            AADB6714                                                                                                       ZwCreateThread
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwCreateTimer [0xA92D8572]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwDeleteBootEntry [0xA92D5FE8]
SSDT            AADB6723                                                                                                       ZwDeleteKey
SSDT            AADB672D                                                                                                       ZwDeleteValueKey
SSDT            AADB675F                                                                                                       ZwDuplicateObject
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwEnumerateKey [0xA92F9BDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwEnumerateValueKey [0xA92F9A45]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwFreeVirtualMemory [0xA933A5C0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwLoadDriver [0xA92D5DB2]
SSDT            AADB6732                                                                                                       ZwLoadKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwModifyBootEntry [0xA92D600C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeKey [0xA92D89BC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwNotifyChangeMultipleKeys [0xA92D6AA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEvent [0xA92D8486]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenEventPair [0xA92D84D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenIoCompletion [0xA92D85EE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenKey [0xA92F93B9]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenMutant [0xA92D83D8]
SSDT            AADB6700                                                                                                       ZwOpenProcess
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSection [0xA92D853E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenSemaphore [0xA92D842E]
SSDT            AADB6705                                                                                                       ZwOpenThread
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwOpenTimer [0xA92D859C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwProtectVirtualMemory [0xA933A658]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryKey [0xA92F98C0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwQueryObject [0xA92D696A]
SSDT            AADB6787                                                                                                       ZwQueryValueKey
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwRenameKey [0xA93429E6]
SSDT            AADB673C                                                                                                       ZwReplaceKey
SSDT            AADB6778                                                                                                       ZwRequestWaitReplyPort
SSDT            AADB6737                                                                                                       ZwRestoreKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootEntryOrder [0xA92D6030]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetBootOptions [0xA92D6054]
SSDT            AADB6773                                                                                                       ZwSetContextThread
SSDT            AADB677D                                                                                                       ZwSetSecurityObject
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemInformation [0xA92D5E0C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwSetSystemPowerState [0xA92D5F48]
SSDT            AADB6728                                                                                                       ZwSetValueKey
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwShutdownSystem [0xA92D5F24]
SSDT            AADB6782                                                                                                       ZwSystemDebugControl
SSDT            AADB670F                                                                                                       ZwTerminateProcess
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                          ZwVdmControl [0xA92D6078]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ZwCreateProcessEx [0xA934E7A2]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                          ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 140                                                                       804E27AC 4 Bytes  CALL 93F75510 
.text           ntoskrnl.exe!_abnormal_termination + 271                                                                       804E28DD 3 Bytes  [A6, 33, A9]
.text           ntoskrnl.exe!_abnormal_termination + 398                                                                       804E2A04 12 Bytes  [30, 60, 2D, A9, 54, 60, 2D, ...]
PAGE            ntoskrnl.exe!ObInsertObject                                                                                    805650BA 5 Bytes  JMP A934D15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                                    8056BB08 4 Bytes  CALL A92D700F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                 8058124C 7 Bytes  JMP A934E7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                             805A038B 5 Bytes  JMP A934B69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           win32k.sys!EngSetLastError + 79A8                                                                              BF8242D4 5 Bytes  JMP A92D8B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + C2CF                                                                          BF85198B 5 Bytes  JMP A92D8AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3581                                                                              BF85E514 5 Bytes  JMP A92D8DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 360C                                                                              BF85E59F 5 Bytes  JMP A92D8FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 88                                                                               BF85F812 5 Bytes  JMP A92D8ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 4128                                                                        BF873F30 5 Bytes  JMP A92D8F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 4DEC                                                                                  BF89DBA0 5 Bytes  JMP A92D8C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEraseSurface + A9F7                                                                              BF8C2130 5 Bytes  JMP A92D8CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1517                                                                                  BF8CA592 5 Bytes  JMP A92D8D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1797                                                                                  BF8CA812 5 Bytes  JMP A92D8D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3B3E                                                                           BF8EC297 5 Bytes  JMP A92D89F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 19DF                                                                                BF91348A 5 Bytes  JMP A92D8B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 25B3                                                                                BF91405E 5 Bytes  JMP A92D8C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4F2C                                                                                BF9169D7 5 Bytes  JMP A92D90D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[128] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\spoolsv.exe[128] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\spoolsv.exe[128] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[128] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] ntdll.dll!LdrLoadDll                                         7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] ntdll.dll!RtlDosSearchPath_U + 186                           7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] ntdll.dll!LdrUnloadDll                                       7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[260] kernel32.dll!GetBinaryTypeW + 80                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\smss.exe[492] ntdll.dll!RtlDosSearchPath_U + 186                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[548] ntdll.dll!RtlDosSearchPath_U + 186                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[548] KERNEL32.dll!GetBinaryTypeW + 80                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000701F8 
.text           C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000703FC 
.text           C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll                                                        7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!RtlDosSearchPath_U + 186                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrUnloadDll                                                      7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetBinaryTypeW + 80                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!SetServiceObjectSecurity                                       77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigA                                           77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfigW                                           77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2A                                          77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!ChangeServiceConfig2W                                          77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceA                                                 77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!CreateServiceW                                                 77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!DeleteService                                                  77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExW                                                7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWindowsHookEx                                              7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWindowsHookExA                                                7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!SetWinEventHook                                                  7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\lsass.exe[640] USER32.dll!UnhookWinEvent                                                   7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ntdll.dll!LdrLoadDll                                       7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ntdll.dll!RtlDosSearchPath_U + 186                         7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ntdll.dll!LdrUnloadDll                                     7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] kernel32.dll!GetBinaryTypeW + 80                           7C868D8C 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!SetWindowsHookExW                               7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!UnhookWindowsHookEx                             7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!SetWindowsHookExA                               7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!SetWinEventHook                                 7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!UnhookWinEvent                                  7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] USER32.dll!UnhookWinEvent + 4                              7E3818B0 1 Byte  [82]
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!SetServiceObjectSecurity                      77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfigA                          77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfigW                          77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfig2A                         77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!ChangeServiceConfig2W                         77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!CreateServiceA                                77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!CreateServiceW                                77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[688] ADVAPI32.dll!DeleteService                                 77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[804] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[804] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[804] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[848] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[848] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[956] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[956] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrLoadDll                                                      7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186                                        7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll                                                    7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80                                          7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!SetServiceObjectSecurity                                     77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigA                                         77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfigW                                         77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2A                                        77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!ChangeServiceConfig2W                                        77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceA                                               77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceW                                               77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!DeleteService                                                77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx                                            7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWinEventHook                                                7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[996] USER32.dll!UnhookWinEvent                                                 7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ntdll.dll!LdrLoadDll                                                  7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186                                    7C926865 1 Byte  [62]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ntdll.dll!LdrUnloadDll                                                7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] kernel32.dll!GetBinaryTypeW + 80                                      7C868D8C 1 Byte  [62]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity                                 77E06D81 3 Bytes  JMP 00391014 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity + 4                             77E06D85 1 Byte  [88]
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfigA                                     77E06E69 5 Bytes  JMP 00390804 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfigW                                     77E07001 5 Bytes  JMP 00390A08 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A                                    77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W                                    77E07189 5 Bytes  JMP 00390E10 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!CreateServiceA                                           77E07211 5 Bytes  JMP 003901F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!CreateServiceW                                           77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] ADVAPI32.dll!DeleteService                                            77E074B1 5 Bytes  JMP 00390600 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!SetWindowsHookExW                                          7E37820F 5 Bytes  JMP 003A0804 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!UnhookWindowsHookEx                                        7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!SetWindowsHookExA                                          7E381211 5 Bytes  JMP 003A0600 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!SetWinEventHook                                            7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1184] USER32.dll!UnhookWinEvent                                             7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ntdll.dll!LdrLoadDll                                                       7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ntdll.dll!RtlDosSearchPath_U + 186                                         7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\cisvc.exe[1192] ntdll.dll!LdrUnloadDll                                                     7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] kernel32.dll!GetBinaryTypeW + 80                                           7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!SetWindowsHookExW                                               7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!UnhookWindowsHookEx                                             7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!SetWindowsHookExA                                               7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!SetWinEventHook                                                 7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\cisvc.exe[1192] USER32.dll!UnhookWinEvent                                                  7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity                                      77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfigA                                          77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfigW                                          77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A                                         77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W                                         77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!CreateServiceA                                                77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!CreateServiceW                                                77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\cisvc.exe[1192] ADVAPI32.dll!DeleteService                                                 77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ntdll.dll!LdrLoadDll                          7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186            7C926865 1 Byte  [62]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ntdll.dll!LdrUnloadDll                        7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] kernel32.dll!GetBinaryTypeW + 80              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity         77E06D81 3 Bytes  JMP 00391014 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity + 4     77E06D85 1 Byte  [88]
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfigA             77E06E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfigW             77E07001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A            77E07101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W            77E07189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!CreateServiceA                   77E07211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!CreateServiceW                   77E073A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] ADVAPI32.dll!DeleteService                    77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!SetWindowsHookExW                  7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!UnhookWindowsHookEx                7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!SetWindowsHookExA                  7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!SetWinEventHook                    7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1204] USER32.dll!UnhookWinEvent                     7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrLoadDll                                                             7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!RtlDosSearchPath_U + 186                                               7C926865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1324] ntdll.dll!LdrUnloadDll                                                           7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\Explorer.EXE[1324] kernel32.dll!GetBinaryTypeW + 80                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!SetServiceObjectSecurity                                            77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfigA                                                77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfigW                                                77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfig2A                                               77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!ChangeServiceConfig2W                                               77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateServiceA                                                      77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!CreateServiceW                                                      77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\Explorer.EXE[1324] ADVAPI32.dll!DeleteService                                                       77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExW                                                     7E37820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!UnhookWindowsHookEx                                                   7E37D5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWindowsHookExA                                                     7E381211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!SetWinEventHook                                                       7E3817F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\Explorer.EXE[1324] USER32.dll!UnhookWinEvent                                                        7E3818AC 5 Bytes  JMP 002D03FC 
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186                        7C926865 1 Byte  [62]
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1524] kernel32.dll!SetUnhandledExceptionFilter                  7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Programme\AVAST Software\Avast\AvastSvc.exe[1524] kernel32.dll!GetBinaryTypeW + 80                          7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ntdll.dll!LdrLoadDll                         7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186           7C926865 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ntdll.dll!LdrUnloadDll                       7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] kernel32.dll!GetBinaryTypeW + 80             7C868D8C 1 Byte  [62]
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity        77E06D81 5 Bytes  JMP 003E1014 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfigA            77E06E69 5 Bytes  JMP 003E0804 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfigW            77E07001 5 Bytes  JMP 003E0A08 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A           77E07101 5 Bytes  JMP 003E0C0C 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W           77E07189 5 Bytes  JMP 003E0E10 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!CreateServiceA                  77E07211 5 Bytes  JMP 003E01F8 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!CreateServiceW                  77E073A9 5 Bytes  JMP 003E03FC 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] ADVAPI32.dll!DeleteService                   77E074B1 5 Bytes  JMP 003E0600 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!SetWindowsHookExW                 7E37820F 5 Bytes  JMP 003F0804 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!UnhookWindowsHookEx               7E37D5F3 5 Bytes  JMP 003F0A08 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!SetWindowsHookExA                 7E381211 5 Bytes  JMP 003F0600 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!SetWinEventHook                   7E3817F7 5 Bytes  JMP 003F01F8 
.text           C:\Dokumente und Einstellungen\Gundula\Desktop\z692tg1x.exe[1636] USER32.dll!UnhookWinEvent                    7E3818AC 5 Bytes  JMP 003F03FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ntdll.dll!LdrLoadDll                   7C92632D 5 Bytes  JMP 001401F8 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ntdll.dll!RtlDosSearchPath_U + 186     7C926865 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ntdll.dll!LdrUnloadDll                 7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] kernel32.dll!GetBinaryTypeW + 80       7C868D8C 1 Byte  [62]
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!SetServiceObjectSecurity  77E06D81 5 Bytes  JMP 00381014 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfigA      77E06E69 5 Bytes  JMP 00380804 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfigW      77E07001 5 Bytes  JMP 00380A08 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfig2A     77E07101 5 Bytes  JMP 00380C0C 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!ChangeServiceConfig2W     77E07189 5 Bytes  JMP 00380E10 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!CreateServiceA            77E07211 5 Bytes  JMP 003801F8 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!CreateServiceW            77E073A9 5 Bytes  JMP 003803FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] ADVAPI32.dll!DeleteService             77E074B1 5 Bytes  JMP 00380600 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!SetWindowsHookExW           7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!UnhookWindowsHookEx         7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!SetWindowsHookExA           7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!SetWinEventHook             7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!UnhookWinEvent              7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe[1844] USER32.dll!UnhookWinEvent + 4          7E3818B0 1 Byte  [82]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ntdll.dll!LdrLoadDll                                        7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186                          7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ntdll.dll!LdrUnloadDll                                      7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] kernel32.dll!GetBinaryTypeW + 80                            7C868D8C 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!SetWindowsHookExW                                7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!UnhookWindowsHookEx                              7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!SetWindowsHookExA                                7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!SetWinEventHook                                  7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!UnhookWinEvent                                   7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] USER32.dll!UnhookWinEvent + 4                               7E3818B0 1 Byte  [82]
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity                       77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfigA                           77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfigW                           77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A                          77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W                          77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!CreateServiceA                                 77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!CreateServiceW                                 77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1932] ADVAPI32.dll!DeleteService                                  77E074B1 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ntdll.dll!LdrLoadDll                                                    7C92632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ntdll.dll!LdrUnloadDll                                                  7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity                                   77E06D81 3 Bytes  JMP 00391014 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity + 4                               77E06D85 1 Byte  [88]
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 5 Bytes  JMP 00390C0C 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 5 Bytes  JMP 00390E10 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!CreateServiceA                                             77E07211 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!CreateServiceW                                             77E073A9 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] ADVAPI32.dll!DeleteService                                              77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 003A0804 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!UnhookWindowsHookEx                                          7E37D5F3 5 Bytes  JMP 003A0A08 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 003A0600 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!SetWinEventHook                                              7E3817F7 5 Bytes  JMP 003A01F8 
.text           C:\WINDOWS\system32\IoctlSvc.exe[2200] USER32.dll!UnhookWinEvent                                               7E3818AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ntdll.dll!LdrLoadDll                                                    7C92632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ntdll.dll!RtlDosSearchPath_U + 186                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ntdll.dll!LdrUnloadDll                                                  7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity                                   77E06D81 5 Bytes  JMP 00381014 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 5 Bytes  JMP 00380A08 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 5 Bytes  JMP 00380C0C 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 5 Bytes  JMP 00380E10 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!CreateServiceA                                             77E07211 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!CreateServiceW                                             77E073A9 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] ADVAPI32.dll!DeleteService                                              77E074B1 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!UnhookWindowsHookEx                                          7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!SetWinEventHook                                              7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!UnhookWinEvent                                               7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\WINDOWS\system32\HPZipm12.exe[2256] USER32.dll!UnhookWinEvent + 4                                           7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\svchost.exe[2304] ntdll.dll!LdrLoadDll                                                     7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[2304] ntdll.dll!RtlDosSearchPath_U + 186                                       7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2304] ntdll.dll!LdrUnloadDll                                                   7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[2304] kernel32.dll!GetBinaryTypeW + 80                                         7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity                                    77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigA                                        77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfigW                                        77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A                                       77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W                                       77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!CreateServiceA                                              77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!CreateServiceW                                              77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[2304] ADVAPI32.dll!DeleteService                                               77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!UnhookWindowsHookEx                                           7E37D5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!SetWinEventHook                                               7E3817F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[2304] USER32.dll!UnhookWinEvent                                                7E3818AC 5 Bytes  JMP 002C03FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ntdll.dll!LdrLoadDll                                     7C92632D 5 Bytes  JMP 001401F8 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186                       7C926865 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ntdll.dll!LdrUnloadDll                                   7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] kernel32.dll!GetBinaryTypeW + 80                         7C868D8C 1 Byte  [62]
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity                    77E06D81 5 Bytes  JMP 00381014 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfigA                        77E06E69 5 Bytes  JMP 00380804 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfigW                        77E07001 5 Bytes  JMP 00380A08 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A                       77E07101 5 Bytes  JMP 00380C0C 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W                       77E07189 5 Bytes  JMP 00380E10 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!CreateServiceA                              77E07211 5 Bytes  JMP 003801F8 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!CreateServiceW                              77E073A9 5 Bytes  JMP 003803FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] ADVAPI32.dll!DeleteService                               77E074B1 5 Bytes  JMP 00380600 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!SetWindowsHookExW                             7E37820F 5 Bytes  JMP 00390804 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!UnhookWindowsHookEx                           7E37D5F3 5 Bytes  JMP 00390A08 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!SetWindowsHookExA                             7E381211 5 Bytes  JMP 00390600 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!SetWinEventHook                               7E3817F7 5 Bytes  JMP 003901F8 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!UnhookWinEvent                                7E3818AC 3 Bytes  JMP 003903FC 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2896] USER32.dll!UnhookWinEvent + 4                            7E3818B0 1 Byte  [82]
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ntdll.dll!LdrLoadDll                                                    7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ntdll.dll!RtlDosSearchPath_U + 186                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ntdll.dll!LdrUnloadDll                                                  7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] kernel32.dll!GetBinaryTypeW + 80                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!UnhookWindowsHookEx                                          7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!SetWinEventHook                                              7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] USER32.dll!UnhookWinEvent                                               7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity                                   77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfigA                                       77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfigW                                       77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A                                      77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W                                      77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!CreateServiceA                                             77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!CreateServiceW                                             77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\system32\cidaemon.exe[3320] ADVAPI32.dll!DeleteService                                              77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\alg.exe[3676] ntdll.dll!LdrLoadDll                                                         7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\alg.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3676] ntdll.dll!LdrUnloadDll                                                       7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\alg.exe[3676] kernel32.dll!GetBinaryTypeW + 80                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!SetWindowsHookExW                                                 7E37820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!UnhookWindowsHookEx                                               7E37D5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!SetWindowsHookExA                                                 7E381211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!SetWinEventHook                                                   7E3817F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\alg.exe[3676] USER32.dll!UnhookWinEvent                                                    7E3818AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity                                        77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfigA                                            77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfigW                                            77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A                                           77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W                                           77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!CreateServiceA                                                  77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!CreateServiceW                                                  77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\alg.exe[3676] ADVAPI32.dll!DeleteService                                                   77E074B1 5 Bytes  JMP 002C0600 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]   005E0002
IAT             C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]         005E0000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                         aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                         aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Fastfat \FatCdrom                                                                                  aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                       aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                      aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                    aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \FileSystem\Fastfat \Fat                                                                                       aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                       aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

11.01.2012, 15:25

Lilllith

Member

Themenstarter

Beiträge: 11

#5 Außerdem ahbe ich den Systemstart bereinigt, alles außer Avira rausgenommen.
Mit dem CCleaner temp dateien gelöscht und die registry bereinigt.
Windows-Dienste sicher konfiguriert und abgeschaltet mit ntsvcfg.de.
Habe versucht, ein Logfile von Combofix zu erstellen.
Wenn ich combofix.exe doppelklicke, versucht er es zu installieren, meint aber am Ende: Do not run Combofix in Compatibility Mode. Doing so may damage the machine.
In den Ereignissen zähle ich jetzt 37 Einträge, allein von heute über 20, die anderen von den letzten Tagen.
Das eine, welches in Quarantäne ist, wurde in C:windows/temp/_avast_/unp123620117.tmp gefunden.

Dieser Beitrag wurde am 11.01.2012 um 15:42 Uhr von Lilllith editiert.

11.01.2012, 15:52

Swisstreasure

Moderator

Beiträge: 5694

#6 Hallo und Willkommen

Ich sehe dass Du Malwarebytes benutzt hast. Poste bitte das Log. Wurde was gefunden?

11.01.2012, 16:39

Lilllith

Member

Themenstarter

Beiträge: 11

#7 Ich habe es bereits gepostet, es ist das letzte Logfile. Es wurde nichts gefunden.
Habe auch das Kaspersky Virus Removal Tool runtergeladen. Findet auch nichts.

Dieser Beitrag wurde am 11.01.2012 um 16:47 Uhr von Lilllith editiert.

11.01.2012, 23:01

Swisstreasure

Moderator

Beiträge: 5694

#8 Wo hast Du das Log gepostet?? Ich sehe nicht. Aber wenn nichts gefunden wurde dann reicht mir das. Mach nochmals einen Scan mit Avira und poste das Log.

12.01.2012, 18:13

Lilllith

Member

Themenstarter

Beiträge: 11

Code



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 12. Januar 2012  11:05

Es wird nach 3056726 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows XP
Windowsversion : (Service Pack 3)  [5.1.2600]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : GUNDULA-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.872     41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  25.10.2011 13:02:51
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  05.10.2011 08:18:04
LUKE.DLL       : 12.1.0.17      68304 Bytes  05.10.2011 08:17:59
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  04.01.2012 10:13:58
AVREG.DLL      : 12.1.0.27     227536 Bytes  04.01.2012 10:13:57
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 10:12:10
VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 10:12:12
VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 10:12:14
VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 10:12:16
VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 10:12:16
VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 10:12:17
VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 10:12:18
VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 10:12:19
VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 10:12:20
VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 10:12:20
VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 10:12:21
VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 10:12:22
VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 10:12:24
VBASE015.VDF   : 7.11.20.29    164352 Bytes  27.12.2011 10:12:25
VBASE016.VDF   : 7.11.20.70    180224 Bytes  29.12.2011 10:12:27
VBASE017.VDF   : 7.11.20.102   240640 Bytes  02.01.2012 10:12:28
VBASE018.VDF   : 7.11.20.139   164864 Bytes  04.01.2012 10:12:30
VBASE019.VDF   : 7.11.20.178   167424 Bytes  06.01.2012 08:47:30
VBASE020.VDF   : 7.11.20.207   230400 Bytes  10.01.2012 12:44:14
VBASE021.VDF   : 7.11.20.208     2048 Bytes  10.01.2012 12:44:15
VBASE022.VDF   : 7.11.20.209     2048 Bytes  10.01.2012 12:44:15
VBASE023.VDF   : 7.11.20.210     2048 Bytes  10.01.2012 12:44:15
VBASE024.VDF   : 7.11.20.211     2048 Bytes  10.01.2012 12:44:15
VBASE025.VDF   : 7.11.20.212     2048 Bytes  10.01.2012 12:44:15
VBASE026.VDF   : 7.11.20.213     2048 Bytes  10.01.2012 12:44:15
VBASE027.VDF   : 7.11.20.214     2048 Bytes  10.01.2012 12:44:15
VBASE028.VDF   : 7.11.20.215     2048 Bytes  10.01.2012 12:44:16
VBASE029.VDF   : 7.11.20.216     2048 Bytes  10.01.2012 12:44:16
VBASE030.VDF   : 7.11.20.217     2048 Bytes  10.01.2012 12:44:16
VBASE031.VDF   : 7.11.20.231   105984 Bytes  11.01.2012 12:21:23
Engineversion  : 8.2.8.22  
AEVDF.DLL      : 8.1.2.2       106868 Bytes  27.10.2011 09:08:27
AESCRIPT.DLL   : 8.1.3.96      434554 Bytes  10.01.2012 12:45:50
AESCN.DLL      : 8.1.7.2       127349 Bytes  01.09.2011 21:46:02
AESBX.DLL      : 8.2.4.5       434549 Bytes  04.01.2012 10:13:14
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.15.1      770423 Bytes  04.01.2012 10:13:09
AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  04.01.2012 10:13:04
AEHEUR.DLL     : 8.1.3.15     4264310 Bytes  10.01.2012 12:44:36
AEHELP.DLL     : 8.1.18.0      254327 Bytes  27.10.2011 09:08:16
AEGEN.DLL      : 8.1.5.17      405877 Bytes  04.01.2012 10:12:51
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.24.3      201079 Bytes  04.01.2012 10:12:44
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  05.10.2011 08:17:53
AVPREF.DLL     : 12.1.0.17      51920 Bytes  05.10.2011 08:17:51
AVREP.DLL      : 12.1.0.17     179408 Bytes  05.10.2011 08:17:51
AVARKT.DLL     : 12.1.0.19     208848 Bytes  04.01.2012 10:13:18
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  05.10.2011 08:17:50
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  05.10.2011 08:18:02
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  05.10.2011 08:17:52
NETNT.DLL      : 12.1.0.17      17104 Bytes  05.10.2011 08:17:59
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  05.10.2011 08:18:06
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  05.10.2011 08:18:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Programme\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PCK,+PFS,

Beginn des Suchlaufs: Donnerstag, 12. Januar 2012  11:05

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'cidaemon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPZipm12.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'cisvc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastSvc.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2413' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Gundula>


Ende des Suchlaufs: Donnerstag, 12. Januar 2012  17:58
Benötigte Zeit:  6:52:45 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

   9074 Verzeichnisse wurden überprüft
 256413 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 256413 Dateien ohne Befall
   2148 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 553798 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

12.01.2012, 21:32

Swisstreasure

Moderator

Beiträge: 5694

#10 Hast Du noch Probleme?

12.01.2012, 22:17

Lilllith

Member

Themenstarter

Beiträge: 11

#11 Ja, der PC läuft sehr langsam, Avira hat etwa 3 Stunden gedauert, wenn man mehrere Sachen anklickt, hängt er sich auf und es geht gar nichts mehr (keine Rückmeldung). Ist auch 2 mal komlett abgestürzt die letzten 2 Tage. Läßt man etwas lauften wie z. B. avira längere Zeit, kommt fast keine Reaktion auf irgend einen Befehl.Ich hoffe, das hilft dir.
Lg Lilith

12.01.2012, 23:00

Swisstreasure

Moderator

Beiträge: 5694

#12 Ich sehe du hast zwei AV Programme am laufen: Avira und Avast!!

Schmeiss eines runter.

13.01.2012, 10:33

Lilllith

Member

Themenstarter

Beiträge: 11

#13 Ich hatte mir Avast mal runtergeladen, um es zu testen, läuft aber auf meinem PC zu langsam, der ist schon etwas älter. Es lief aber nicht permanent. Könnte das trotzdem zu den Problemen geführt haben? Habe es jetzt aber deinstalliert. Werde den PC weiter beobachten, im Moment läuft er recht gut.
Ich habe da noch eine Frage, ist es ausreichend nur Avira laufen zu lassen? Ich hatte bis jetzt auch noch Spybot laufen. Ist das sinnvoll? Das neue Avira scheint ja recht gut zu sein.
Viele Grüße

Dieser Beitrag wurde am 13.01.2012 um 11:59 Uhr von Lilllith editiert.

13.01.2012, 12:35

Xeper

Member

Beiträge: 5291

#14

Zitat

Es lief aber nicht permanent. Könnte das trotzdem zu den Problemen geführt haben?

Ja.

Zitat

Ich hatte bis jetzt auch noch Spybot laufen. Ist das sinnvoll?

Spybot ist sinnlos, die ganzen Entscheidungen die du da treffen sollst kannst du sowieso nicht korrekt treffen.
Darüber hinaus tut es sehr wenig zur Sicherheit dazu....

Zitat

Das neue Avira scheint ja recht gut zu sein.

Avira ist ganz okay, die Heuristik schlägt bei vielen Dingen eher an als bei so manch anderem AV - aber du solltest dir irgendwann am besten doch noch eine kostenpflichtige Version anschaffen.
Kaspersky soll auch zu empfehlen sein (verbraucht aber soweit ich weiss mehr Ressourcen).
__________
E-Mail: therion at ninth-art dot de
IRC: megatherion @ Freenode

13.01.2012, 12:45

Lilllith

Member

Themenstarter

Beiträge: 11

#15 Hallo, ich habe auch den Eindruck, dass jetzt alles funktioniert. Schon merkwürdig, dass so ein Fehler das ganze System ausbremsen kann. Ein kostenpflichtiges Programm kann ich mir nicht zulegen, da im momentan arbeitslos bin. Soll ich sonst noch was machen?
Ansonsten schon mal vielen Dank für deine Hilfe.
Viele Grüße
Lilith

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2