| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.01.2012, 15:51
| #1 |
 |  Bundespolizei-Trojaner eingefangen Hallo liebe Helfer, ich habe mir gestern abend den Bundespolizei-Trojaner eingefangen, der 100€ haben will, damit er wieder weggeht. Habe dann die Schritte dieser Seite "hxxp://www.redirect301.de/bundespolizei-trojaner-entfernen.html" befolgt. Bei "Schritt 8" musste ich passen, denn der "Wert" war schon "explorer.exe". Habe dann noch nach "jashla.exe" gesucht, aber nix gefunden. Dann habe ich versucht, den Rechner normal zu starten, d.h. ohne abgesicherten Modus, es erschien jedoch wieder der Bundespolizei-Bildschirm. Dann habe ich den Rechner im abgesicherten Modus gestartet, einen Quickscan mit Malwarebytes gemacht und die zwei infizierten Objekte entfernt. Hier die Logdatei dazu: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.06.02 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19170 Antonia :: BÄR [Administrator] 13.01.2012 00:22:29 mbam-log-2012-01-13 (00-22-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 180194 Laufzeit: 4 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Exploit.Drop.2) -> Daten: C:\Users\Antonia\AppData\Local\Temp\0.371507107841596.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Antonia\AppData\Local\Temp\0.371507107841596.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Danach ließ sich der Rechner wieder normal starten. Heute habe ich nach Aktualisierung von Malwarebytes einen Vollscan durchgeführt, das infizierte Objekt entfernt und den Rechner neu gestartet. Logdatei: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.13.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19170 Antonia :: BÄR [Administrator] 13.01.2012 13:01:25 mbam-log-2012-01-13 (13-01-25).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 315049 Laufzeit: 2 Stunde(n), 25 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Antonia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\11c0c46e-7c81afe1 (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Ich kann mir denken, dass es das noch nicht war und wäre euch sehr dankbar für eure Hilfe bzw Anweisungen, was nun zu tun ist. Vielen Dank schonmal im Vorraus, Antonia |
|
13.01.2012, 19:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei-Trojaner eingefangen Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
|
14.01.2012, 00:03
| #3 |
| | Bundespolizei-Trojaner eingefangen Hey,
__________________hier die Logdatei: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b33150f058a4ee4386a9f6748aedb574
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-13 10:54:27
# local_time=2012-01-13 11:54:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 23255 164017641 0 0
# compatibility_mode=8192 67108863 100 0 3820 3820 0 0
# scanned=257865
# found=2
# cleaned=0
# scan_time=10353
C:\Users\Antonia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\78bf8d65-7820bedf Java/Exploit.CVE-2011-3544.W trojan (unable to clean) 00000000000000000000000000000000 I
G:\Windows.old\Users\Antonia\AppData\Local\Temp\plugtmp-15\plugin-readme.pdf PDF/Exploit.Gen trojan (unable to clean) 00000000000000000000000000000000 I
Danke und Gruß, Antonia |
|
14.01.2012, 00:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner eingefangen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.01.2012, 00:49
| #5 |
| | Bundespolizei-Trojaner eingefangen Hier die Logdatei: Code:
ATTFilter OTL logfile created on: 14.01.2012 00:28:47 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Antonia\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,31% Memory free 4,21 Gb Paging File | 3,11 Gb Available in Paging File | 73,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,45 Gb Total Space | 51,71 Gb Free Space | 37,90% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,67 Gb Free Space | 56,67% Space Free | Partition Type: NTFS Drive G: | 465,65 Gb Total Space | 198,78 Gb Free Space | 42,69% Space Free | Partition Type: FAT32 Computer Name: BÄR | User Name: Antonia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Antonia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe (IDT, Inc.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe (IDT, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.09 16:40:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.08 13:52:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B0C7B7A6-EEEB-4069-98A8-B662FEF287D9}: C:\Users\Antonia\AppData\Local\{B0C7B7A6-EEEB-4069-98A8-B662FEF287D9} [2010.05.30 14:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonia\AppData\Roaming\mozilla\Extensions [2011.05.10 20:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonia\AppData\Roaming\mozilla\Firefox\Profiles\n1uqdehm.default\extensions [2010.05.31 15:00:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Antonia\AppData\Roaming\mozilla\Firefox\Profiles\n1uqdehm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.11 16:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.12 12:02:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.01.09 16:40:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.22 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2011.05.10 22:00:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.08 14:53:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.08 14:53:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.08 14:53:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.08 14:53:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.08 14:53:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.08 14:53:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.02 21:48:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95042106-99C9-4F58-95D4-53AB7BA8DF2A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Antonia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Antonia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Programme\Dell\QuickSet\quickset.exe - (Dell Inc.) MsConfig - StartUpFolder: C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Antonia\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig - StartUpFolder: C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe - () MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found MsConfig - StartUpReg: DELL Webcam Manager - hkey= - key= - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: McAfeeUpdaterUI - hkey= - key= - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: ShStatEXE - hkey= - key= - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) MsConfig - State: "startup" - 1 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.14 00:25:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Antonia\Desktop\OTL.exe [2012.01.13 20:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.13 20:56:46 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Antonia\Desktop\esetsmartinstaller_enu.exe [2012.01.08 10:30:12 | 000,000,000 | ---D | C] -- C:\Users\Antonia\Desktop\Ghana [2012.01.06 00:34:15 | 000,000,000 | ---D | C] -- C:\Users\Antonia\Documents\Porddugall [2011.12.16 16:43:22 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2011.12.16 14:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.16 14:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.16 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.05.10 21:57:56 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u25-windows-i586.exe [2010.05.30 14:52:09 | 028,534,656 | ---- | C] ( ) -- C:\Program Files\AdbeRdr930_de_DE.exe [2010.05.30 05:14:14 | 008,188,856 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.3.exe ========== Files - Modified Within 30 Days ========== [2012.01.14 00:25:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Antonia\Desktop\OTL.exe [2012.01.14 00:19:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.13 22:53:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.13 22:53:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.13 21:37:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.13 20:56:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Antonia\Desktop\esetsmartinstaller_enu.exe [2012.01.13 15:34:13 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.13 15:33:32 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys [2012.01.13 00:23:37 | 000,006,648 | ---- | M] () -- C:\Users\Antonia\AppData\Local\d3d9caps.dat [2012.01.06 18:50:53 | 000,248,887 | ---- | M] () -- C:\Users\Antonia\Documents\DSCN0435.jpg [2012.01.06 00:29:30 | 000,060,928 | ---- | M] () -- C:\Users\Antonia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.06 00:19:53 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.06 00:19:53 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.06 00:19:53 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.06 00:19:53 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.04 13:36:50 | 000,432,177 | ---- | M] () -- C:\Users\Antonia\Documents\IMG_1548.JPG [2012.01.03 10:43:44 | 000,441,825 | ---- | M] () -- C:\Users\Antonia\Documents\IMG_1541.JPG [2011.12.16 15:30:07 | 000,255,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.16 14:28:15 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.01.13 00:29:48 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys [2012.01.06 18:50:51 | 000,248,887 | ---- | C] () -- C:\Users\Antonia\Documents\DSCN0435.jpg [2012.01.06 16:05:40 | 000,441,825 | ---- | C] () -- C:\Users\Antonia\Documents\IMG_1541.JPG [2012.01.06 16:05:21 | 000,432,177 | ---- | C] () -- C:\Users\Antonia\Documents\IMG_1548.JPG [2011.12.16 14:28:15 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.02 21:39:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.02 21:39:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.02 21:39:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.02 21:39:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.02 21:39:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.09.29 13:49:53 | 000,000,475 | ---- | C] () -- C:\Users\Antonia\AppData\Roaming\Poladroid prefs.plist [2010.06.28 13:10:50 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.06.28 13:10:50 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.06.28 13:10:49 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.06.28 13:10:49 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.06.28 13:10:49 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.06.28 13:10:49 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.06.28 13:10:49 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.06.28 13:10:49 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.06.28 13:10:49 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.06.28 13:10:49 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.06.28 13:10:49 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.06.28 13:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.06.28 13:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.06.28 13:10:49 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.06.28 13:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.06.28 13:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.06.28 13:10:49 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.06.28 13:10:49 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.06.28 13:10:49 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.06.28 13:08:57 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini [2010.06.04 14:25:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.02 18:48:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.06.02 18:48:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.06.02 18:47:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.05.30 15:10:44 | 082,143,228 | ---- | C] () -- C:\Program Files\McAfee_8.7i_20091202.exe [2010.05.29 20:48:07 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2010.05.29 20:48:06 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2010.05.21 12:23:08 | 000,060,928 | ---- | C] () -- C:\Users\Antonia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.19 23:31:15 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.05.19 23:31:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.05.19 23:31:15 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.05.19 23:31:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.05.19 14:08:12 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010.05.19 13:57:33 | 000,006,648 | ---- | C] () -- C:\Users\Antonia\AppData\Local\d3d9caps.dat [2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.02.11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin [2008.02.11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin [2008.02.11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,255,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.05.06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.05.12 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Dropbox [2011.03.09 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\EPSON [2011.05.10 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Foxit Software [2012.01.13 15:32:42 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.02 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Adobe [2011.05.31 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Apple Computer [2010.09.07 03:02:33 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\CyberLink [2011.05.12 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Dropbox [2011.03.09 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\EPSON [2011.05.10 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Foxit Software [2010.05.19 13:57:44 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Identities [2010.05.19 14:06:48 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\InstallShield [2010.06.02 18:57:40 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Macromedia [2011.04.27 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Media Center Programs [2011.01.15 15:45:17 | 000,000,000 | --SD | M] -- C:\Users\Antonia\AppData\Roaming\Microsoft [2010.05.30 14:47:37 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Mozilla [2012.01.14 00:26:11 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\OpenOffice.org2 [2011.10.20 17:29:44 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Skype [2011.10.20 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\skypePM [2011.05.09 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\SUPERAntiSpyware.com [2011.02.11 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\vlc [2010.07.09 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.12.17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Antonia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.12.17 03:24:34 | 000,153,176 | ---- | M] (Dropbox, Inc.) -- C:\Users\Antonia\AppData\Roaming\Dropbox\bin\Uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.09.06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007.12.08 13:34:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll < End of report > Gruß, Antonia |
|
14.01.2012, 14:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner eingefangen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Bundespolizei-Trojaner eingefangen |
|
14.01.2012, 15:30
| #7 |
| | Bundespolizei-Trojaner eingefangen Hey, hier die Logdatei: Code:
ATTFilter 15:26:38.0335 0156 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
15:26:38.0482 0156 ============================================================
15:26:38.0482 0156 Current date / time: 2012/01/14 15:26:38.0482
15:26:38.0482 0156 SystemInfo:
15:26:38.0482 0156
15:26:38.0482 0156 OS Version: 6.0.6002 ServicePack: 2.0
15:26:38.0482 0156 Product type: Workstation
15:26:38.0483 0156 ComputerName: BÄR
15:26:38.0483 0156 UserName: Antonia
15:26:38.0483 0156 Windows directory: C:\Windows
15:26:38.0483 0156 System windows directory: C:\Windows
15:26:38.0483 0156 Processor architecture: Intel x86
15:26:38.0483 0156 Number of processors: 2
15:26:38.0483 0156 Page size: 0x1000
15:26:38.0483 0156 Boot type: Normal boot
15:26:38.0483 0156 ============================================================
15:26:40.0350 0156 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
15:26:40.0480 0156 Initialize success
15:27:04.0538 0868 ============================================================
15:27:04.0538 0868 Scan started
15:27:04.0538 0868 Mode: Manual; SigCheck; TDLFS;
15:27:04.0538 0868 ============================================================
15:27:05.0305 0868 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:27:05.0571 0868 ACPI - ok
15:27:05.0678 0868 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:27:05.0721 0868 adp94xx - ok
15:27:05.0771 0868 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:27:05.0833 0868 adpahci - ok
15:27:05.0862 0868 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:27:05.0888 0868 adpu160m - ok
15:27:05.0941 0868 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:27:05.0970 0868 adpu320 - ok
15:27:06.0074 0868 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:27:06.0341 0868 AFD - ok
15:27:06.0389 0868 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:27:06.0414 0868 agp440 - ok
15:27:06.0485 0868 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:27:06.0514 0868 aic78xx - ok
15:27:06.0553 0868 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:27:06.0581 0868 aliide - ok
15:27:06.0614 0868 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:27:06.0639 0868 amdagp - ok
15:27:06.0663 0868 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:27:06.0692 0868 amdide - ok
15:27:06.0716 0868 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:27:06.0899 0868 AmdK7 - ok
15:27:06.0935 0868 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:27:07.0006 0868 AmdK8 - ok
15:27:07.0096 0868 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:27:07.0274 0868 ApfiltrService - ok
15:27:07.0336 0868 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:27:07.0364 0868 arc - ok
15:27:07.0401 0868 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:27:07.0429 0868 arcsas - ok
15:27:07.0454 0868 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:07.0527 0868 AsyncMac - ok
15:27:07.0576 0868 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:27:07.0598 0868 atapi - ok
15:27:07.0659 0868 BCM42RLY - ok
15:27:07.0745 0868 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:27:07.0809 0868 BCM43XX - ok
15:27:07.0893 0868 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:27:07.0963 0868 Beep - ok
15:27:08.0045 0868 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:27:08.0110 0868 blbdrive - ok
15:27:08.0158 0868 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:27:08.0319 0868 bowser - ok
15:27:08.0364 0868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:27:08.0491 0868 BrFiltLo - ok
15:27:08.0528 0868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:27:08.0591 0868 BrFiltUp - ok
15:27:08.0637 0868 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:27:08.0842 0868 Brserid - ok
15:27:08.0879 0868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:27:08.0982 0868 BrSerWdm - ok
15:27:09.0014 0868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:27:09.0093 0868 BrUsbMdm - ok
15:27:09.0118 0868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:27:09.0224 0868 BrUsbSer - ok
15:27:09.0289 0868 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:27:09.0377 0868 BTHMODEM - ok
15:27:09.0474 0868 catchme - ok
15:27:09.0504 0868 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:27:09.0583 0868 cdfs - ok
15:27:09.0637 0868 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:27:09.0722 0868 cdrom - ok
15:27:09.0764 0868 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:27:09.0882 0868 circlass - ok
15:27:09.0932 0868 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:27:09.0965 0868 CLFS - ok
15:27:10.0044 0868 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:27:10.0114 0868 CmBatt - ok
15:27:10.0145 0868 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:27:10.0171 0868 cmdide - ok
15:27:10.0212 0868 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:27:10.0235 0868 Compbatt - ok
15:27:10.0254 0868 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:27:10.0281 0868 crcdisk - ok
15:27:10.0326 0868 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:27:10.0390 0868 Crusoe - ok
15:27:10.0466 0868 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:27:10.0638 0868 DfsC - ok
15:27:10.0706 0868 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:27:10.0734 0868 disk - ok
15:27:10.0827 0868 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:27:10.0900 0868 drmkaud - ok
15:27:10.0974 0868 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:27:11.0015 0868 DXGKrnl - ok
15:27:11.0083 0868 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:27:11.0169 0868 E1G60 - ok
15:27:11.0252 0868 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:27:11.0286 0868 Ecache - ok
15:27:11.0351 0868 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:27:11.0390 0868 elxstor - ok
15:27:11.0432 0868 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:27:11.0493 0868 ErrDev - ok
15:27:11.0571 0868 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:27:11.0685 0868 exfat - ok
15:27:11.0730 0868 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:27:11.0804 0868 fastfat - ok
15:27:11.0897 0868 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:27:11.0965 0868 fdc - ok
15:27:12.0041 0868 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:27:12.0066 0868 FileInfo - ok
15:27:12.0093 0868 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:27:12.0159 0868 Filetrace - ok
15:27:12.0211 0868 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:12.0300 0868 flpydisk - ok
15:27:12.0383 0868 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:27:12.0414 0868 FltMgr - ok
15:27:12.0452 0868 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:27:12.0525 0868 Fs_Rec - ok
15:27:12.0560 0868 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:27:12.0589 0868 gagp30kx - ok
15:27:12.0646 0868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:27:12.0721 0868 GEARAspiWDM - ok
15:27:12.0841 0868 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:27:12.0975 0868 HdAudAddService - ok
15:27:13.0028 0868 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:27:13.0146 0868 HDAudBus - ok
15:27:13.0197 0868 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:27:13.0300 0868 HidBth - ok
15:27:13.0340 0868 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:27:13.0464 0868 HidIr - ok
15:27:13.0525 0868 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:27:13.0612 0868 HidUsb - ok
15:27:13.0660 0868 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:27:13.0689 0868 HpCISSs - ok
15:27:13.0760 0868 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:27:13.0833 0868 HSFHWAZL - ok
15:27:13.0896 0868 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:27:14.0047 0868 HSF_DPV - ok
15:27:14.0102 0868 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:27:14.0240 0868 HTTP - ok
15:27:14.0315 0868 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:27:14.0345 0868 i2omp - ok
15:27:14.0393 0868 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:27:14.0470 0868 i8042prt - ok
15:27:14.0535 0868 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:27:14.0575 0868 iaStorV - ok
15:27:14.0700 0868 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:27:15.0079 0868 igfx - ok
15:27:15.0138 0868 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:27:15.0168 0868 iirsp - ok
15:27:15.0258 0868 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:27:15.0289 0868 intelide - ok
15:27:15.0338 0868 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:27:15.0403 0868 intelppm - ok
15:27:15.0457 0868 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:15.0531 0868 IpFilterDriver - ok
15:27:15.0551 0868 IpInIp - ok
15:27:15.0589 0868 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:27:15.0656 0868 IPMIDRV - ok
15:27:15.0697 0868 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:27:15.0743 0868 IPNAT - ok
15:27:15.0789 0868 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:27:15.0872 0868 IRENUM - ok
15:27:15.0908 0868 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:27:15.0933 0868 isapnp - ok
15:27:15.0979 0868 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:27:16.0006 0868 iScsiPrt - ok
15:27:16.0036 0868 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:27:16.0066 0868 iteatapi - ok
15:27:16.0123 0868 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:27:16.0151 0868 iteraid - ok
15:27:16.0177 0868 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:27:16.0205 0868 kbdclass - ok
15:27:16.0239 0868 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
15:27:16.0290 0868 kbdhid - ok
15:27:16.0353 0868 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:27:16.0414 0868 KSecDD - ok
15:27:16.0454 0868 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:27:16.0536 0868 lltdio - ok
15:27:16.0597 0868 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:27:16.0628 0868 LSI_FC - ok
15:27:16.0663 0868 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:27:16.0692 0868 LSI_SAS - ok
15:27:16.0734 0868 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:27:16.0764 0868 LSI_SCSI - ok
15:27:16.0788 0868 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:27:16.0882 0868 luafv - ok
15:27:16.0999 0868 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:27:17.0022 0868 megasas - ok
15:27:17.0069 0868 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:27:17.0110 0868 MegaSR - ok
15:27:17.0176 0868 mfeapfk (4d81c0e4ed846e9a70b881891a5598ab) C:\Windows\system32\drivers\mfeapfk.sys
15:27:17.0349 0868 mfeapfk - ok
15:27:17.0407 0868 mfeavfk (ff75f47ec2a9ea3e780a9d08daba1276) C:\Windows\system32\drivers\mfeavfk.sys
15:27:17.0488 0868 mfeavfk - ok
15:27:17.0512 0868 mfebopk (5a3b000fdccf826ffb74e76b0474c856) C:\Windows\system32\drivers\mfebopk.sys
15:27:17.0622 0868 mfebopk - ok
15:27:17.0676 0868 mfehidk (8e6b4e55d3a33b92693f7081ec018c39) C:\Windows\system32\drivers\mfehidk.sys
15:27:17.0771 0868 mfehidk - ok
15:27:17.0834 0868 mferkdet (fa097d72a439c3a387fe38a654df44c5) C:\Windows\system32\drivers\mferkdet.sys
15:27:17.0951 0868 mferkdet - ok
15:27:17.0988 0868 mfetdik (a45d0c099a478de5cbd0d6e8466becd5) C:\Windows\system32\drivers\mfetdik.sys
15:27:18.0083 0868 mfetdik - ok
15:27:18.0134 0868 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:27:18.0193 0868 Modem - ok
15:27:18.0239 0868 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:27:18.0278 0868 monitor - ok
15:27:18.0303 0868 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:27:18.0327 0868 mouclass - ok
15:27:18.0351 0868 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:27:18.0419 0868 mouhid - ok
15:27:18.0436 0868 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:27:18.0462 0868 MountMgr - ok
15:27:18.0519 0868 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:27:18.0548 0868 mpio - ok
15:27:18.0584 0868 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:27:18.0656 0868 mpsdrv - ok
15:27:18.0697 0868 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:27:18.0723 0868 Mraid35x - ok
15:27:18.0767 0868 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:27:18.0875 0868 MRxDAV - ok
15:27:18.0935 0868 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:19.0192 0868 mrxsmb - ok
15:27:19.0236 0868 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:19.0461 0868 mrxsmb10 - ok
15:27:19.0505 0868 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:19.0679 0868 mrxsmb20 - ok
15:27:19.0729 0868 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:27:19.0756 0868 msahci - ok
15:27:19.0852 0868 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:27:19.0882 0868 msdsm - ok
15:27:19.0931 0868 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:27:20.0003 0868 Msfs - ok
15:27:20.0050 0868 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:27:20.0076 0868 msisadrv - ok
15:27:20.0120 0868 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:27:20.0182 0868 MSKSSRV - ok
15:27:20.0216 0868 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:20.0276 0868 MSPCLOCK - ok
15:27:20.0331 0868 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:27:20.0376 0868 MSPQM - ok
15:27:20.0415 0868 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:27:20.0446 0868 MsRPC - ok
15:27:20.0473 0868 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:27:20.0497 0868 mssmbios - ok
15:27:20.0533 0868 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:27:20.0599 0868 MSTEE - ok
15:27:20.0639 0868 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:27:20.0667 0868 Mup - ok
15:27:20.0730 0868 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:27:20.0796 0868 NativeWifiP - ok
15:27:20.0883 0868 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:27:20.0920 0868 NDIS - ok
15:27:20.0976 0868 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:21.0046 0868 NdisTapi - ok
15:27:21.0086 0868 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:21.0140 0868 Ndisuio - ok
15:27:21.0184 0868 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:21.0256 0868 NdisWan - ok
15:27:21.0287 0868 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:27:21.0324 0868 NDProxy - ok
15:27:21.0351 0868 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:27:21.0427 0868 NetBIOS - ok
15:27:21.0482 0868 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:27:21.0555 0868 netbt - ok
15:27:21.0608 0868 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:27:21.0641 0868 nfrd960 - ok
15:27:21.0697 0868 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:27:21.0769 0868 Npfs - ok
15:27:21.0824 0868 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:27:21.0899 0868 nsiproxy - ok
15:27:21.0987 0868 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:27:22.0128 0868 Ntfs - ok
15:27:22.0158 0868 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:27:22.0226 0868 ntrigdigi - ok
15:27:22.0255 0868 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:27:22.0328 0868 Null - ok
15:27:22.0373 0868 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:27:22.0402 0868 nvraid - ok
15:27:22.0432 0868 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:27:22.0458 0868 nvstor - ok
15:27:22.0488 0868 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:27:22.0517 0868 nv_agp - ok
15:27:22.0531 0868 NwlnkFlt - ok
15:27:22.0550 0868 NwlnkFwd - ok
15:27:22.0621 0868 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
15:27:22.0787 0868 OEM02Dev - ok
15:27:22.0839 0868 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
15:27:22.0967 0868 OEM02Vfx - ok
15:27:23.0023 0868 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:27:23.0087 0868 ohci1394 - ok
15:27:23.0158 0868 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:27:23.0253 0868 Parport - ok
15:27:23.0289 0868 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:27:23.0317 0868 partmgr - ok
15:27:23.0351 0868 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:27:23.0427 0868 Parvdm - ok
15:27:23.0471 0868 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:27:23.0504 0868 pci - ok
15:27:23.0531 0868 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:27:23.0555 0868 pciide - ok
15:27:23.0590 0868 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:27:23.0620 0868 pcmcia - ok
15:27:23.0678 0868 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:27:23.0797 0868 PEAUTH - ok
15:27:23.0881 0868 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:27:23.0955 0868 PptpMiniport - ok
15:27:23.0996 0868 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:27:24.0044 0868 Processor - ok
15:27:24.0117 0868 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:27:24.0189 0868 PSched - ok
15:27:24.0278 0868 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:27:24.0413 0868 ql2300 - ok
15:27:24.0451 0868 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:27:24.0478 0868 ql40xx - ok
15:27:24.0520 0868 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:27:24.0612 0868 QWAVEdrv - ok
15:27:24.0649 0868 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:27:24.0738 0868 RasAcd - ok
15:27:24.0782 0868 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:24.0868 0868 Rasl2tp - ok
15:27:24.0923 0868 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:24.0982 0868 RasPppoe - ok
15:27:25.0035 0868 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:27:25.0070 0868 RasSstp - ok
15:27:25.0112 0868 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:27:25.0179 0868 rdbss - ok
15:27:25.0195 0868 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:25.0251 0868 RDPCDD - ok
15:27:25.0292 0868 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:27:25.0342 0868 rdpdr - ok
15:27:25.0363 0868 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:27:25.0411 0868 RDPENCDD - ok
15:27:25.0445 0868 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:27:25.0485 0868 RDPWD - ok
15:27:25.0547 0868 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:27:25.0802 0868 rismxdp - ok
15:27:25.0850 0868 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:27:25.0901 0868 rspndr - ok
15:27:25.0983 0868 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:27:26.0069 0868 SASDIFSV - ok
15:27:26.0110 0868 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:27:26.0183 0868 SASKUTIL - ok
15:27:26.0211 0868 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:27:26.0240 0868 sbp2port - ok
15:27:26.0306 0868 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:27:26.0350 0868 sdbus - ok
15:27:26.0378 0868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:27:26.0467 0868 secdrv - ok
15:27:26.0513 0868 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:27:26.0619 0868 Serenum - ok
15:27:26.0793 0868 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:27:27.0000 0868 Serial - ok
15:27:27.0053 0868 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:27:27.0136 0868 sermouse - ok
15:27:27.0197 0868 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:27:27.0238 0868 sffdisk - ok
15:27:27.0273 0868 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:27:27.0342 0868 sffp_mmc - ok
15:27:27.0396 0868 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:27:27.0461 0868 sffp_sd - ok
15:27:27.0510 0868 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:27:27.0604 0868 sfloppy - ok
15:27:27.0655 0868 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:27:27.0681 0868 sisagp - ok
15:27:27.0779 0868 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:27:27.0865 0868 SiSRaid2 - ok
15:27:27.0894 0868 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:27:27.0924 0868 SiSRaid4 - ok
15:27:27.0986 0868 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:27:28.0047 0868 Smb - ok
15:27:28.0105 0868 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:27:28.0134 0868 spldr - ok
15:27:28.0192 0868 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:27:28.0501 0868 srv - ok
15:27:28.0562 0868 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:27:28.0860 0868 srv2 - ok
15:27:28.0914 0868 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:27:29.0055 0868 srvnet - ok
15:27:29.0146 0868 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
15:27:29.0447 0868 STHDA - ok
15:27:29.0509 0868 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:27:29.0538 0868 swenum - ok
15:27:29.0583 0868 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:27:29.0609 0868 Symc8xx - ok
15:27:29.0645 0868 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:27:29.0671 0868 Sym_hi - ok
15:27:29.0698 0868 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:27:29.0726 0868 Sym_u3 - ok
15:27:29.0829 0868 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:27:30.0096 0868 Tcpip - ok
15:27:30.0227 0868 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:27:30.0276 0868 Tcpip6 - ok
15:27:30.0321 0868 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:27:30.0401 0868 tcpipreg - ok
15:27:30.0430 0868 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:27:30.0500 0868 TDPIPE - ok
15:27:30.0544 0868 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:27:30.0596 0868 TDTCP - ok
15:27:30.0638 0868 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:27:30.0708 0868 tdx - ok
15:27:30.0762 0868 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:27:30.0798 0868 TermDD - ok
15:27:30.0891 0868 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:30.0938 0868 tssecsrv - ok
15:27:30.0978 0868 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:27:31.0075 0868 tunmp - ok
15:27:31.0121 0868 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:27:31.0189 0868 tunnel - ok
15:27:31.0235 0868 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:27:31.0265 0868 uagp35 - ok
15:27:31.0311 0868 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:27:31.0360 0868 udfs - ok
15:27:31.0400 0868 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:27:31.0427 0868 uliagpkx - ok
15:27:31.0472 0868 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:27:31.0513 0868 uliahci - ok
15:27:31.0546 0868 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:27:31.0578 0868 UlSata - ok
15:27:31.0620 0868 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:27:31.0652 0868 ulsata2 - ok
15:27:31.0733 0868 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:27:31.0785 0868 umbus - ok
15:27:31.0904 0868 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:27:32.0137 0868 USBAAPL - ok
15:27:32.0263 0868 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:32.0346 0868 usbccgp - ok
15:27:32.0426 0868 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:27:32.0512 0868 usbcir - ok
15:27:32.0586 0868 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:27:32.0663 0868 usbehci - ok
15:27:32.0724 0868 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:27:32.0775 0868 usbhub - ok
15:27:32.0877 0868 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:27:32.0971 0868 usbohci - ok
15:27:33.0026 0868 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:27:33.0096 0868 usbprint - ok
15:27:33.0175 0868 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:27:33.0257 0868 usbscan - ok
15:27:33.0336 0868 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:33.0415 0868 USBSTOR - ok
15:27:33.0484 0868 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:27:33.0567 0868 usbuhci - ok
15:27:33.0663 0868 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:27:33.0742 0868 usbvideo - ok
15:27:33.0806 0868 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:33.0894 0868 vga - ok
15:27:33.0929 0868 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:27:34.0013 0868 VgaSave - ok
15:27:34.0056 0868 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:27:34.0099 0868 viaagp - ok
15:27:34.0135 0868 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:27:34.0178 0868 ViaC7 - ok
15:27:34.0213 0868 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:27:34.0238 0868 viaide - ok
15:27:34.0266 0868 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:27:34.0297 0868 volmgr - ok
15:27:34.0352 0868 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:27:34.0390 0868 volmgrx - ok
15:27:34.0438 0868 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:27:34.0475 0868 volsnap - ok
15:27:34.0508 0868 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:27:34.0539 0868 vsmraid - ok
15:27:34.0593 0868 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:27:34.0695 0868 WacomPen - ok
15:27:34.0742 0868 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:34.0818 0868 Wanarp - ok
15:27:34.0846 0868 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:34.0887 0868 Wanarpv6 - ok
15:27:34.0946 0868 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:27:34.0972 0868 Wd - ok
15:27:35.0029 0868 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:27:35.0090 0868 Wdf01000 - ok
15:27:35.0198 0868 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:27:35.0517 0868 winachsf - ok
15:27:35.0618 0868 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:27:35.0687 0868 WmiAcpi - ok
15:27:35.0834 0868 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:27:35.0932 0868 WpdUsb - ok
15:27:35.0964 0868 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:27:36.0041 0868 ws2ifsl - ok
15:27:36.0121 0868 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:36.0208 0868 WUDFRd - ok
15:27:36.0286 0868 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
15:27:36.0396 0868 yukonwlh - ok
15:27:36.0426 0868 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:27:36.0611 0868 \Device\Harddisk0\DR0 - ok
15:27:36.0649 0868 Boot (0x1200) (c838676538b28d41be14652426eabec2) \Device\Harddisk0\DR0\Partition0
15:27:36.0651 0868 \Device\Harddisk0\DR0\Partition0 - ok
15:27:36.0657 0868 Boot (0x1200) (4c6c772ccd7df42fec767006d112b6c2) \Device\Harddisk0\DR0\Partition1
15:27:36.0660 0868 \Device\Harddisk0\DR0\Partition1 - ok
15:27:36.0663 0868 ============================================================
15:27:36.0663 0868 Scan finished
15:27:36.0663 0868 ============================================================
15:27:36.0692 2364 Detected object count: 0
15:27:36.0692 2364 Actual detected object count: 0
Combofix hab ich auf deine Anweisung hin ausgeführt. Da war schonmal was im Mai letzten Jahres... Gruß, Antonia |
|
14.01.2012, 16:11
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner eingefangenZitat:
Dann bitte jetzt CF ausführen, combofix.exe natürlich neu runterladen ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2012, 16:40
| #9 |
| | Bundespolizei-Trojaner eingefangen Hey, hier das ComboFix-Log: Code:
ATTFilter ComboFix 12-01-13.05 - Antonia 14.01.2012 16:24:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1163 [GMT 1:00]
ausgeführt von:: c:\users\Antonia\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\McAfee_8.7i_20091202.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-14 bis 2012-01-14 ))))))))))))))))))))))))))))))
.
.
2012-01-14 15:32 . 2012-01-14 15:32 -------- d-----w- c:\users\Antonia\AppData\Local\temp
2012-01-14 15:32 . 2012-01-14 15:32 -------- d-----w- c:\users\Test\AppData\Local\temp
2012-01-14 15:32 . 2012-01-14 15:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-14 15:32 . 2012-01-14 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 14:21 . 2012-01-14 14:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B9F189F-355D-468D-9E8E-AC57D6448BBB}\offreg.dll
2012-01-13 19:58 . 2012-01-13 19:58 -------- d-----w- c:\program files\ESET
2012-01-13 12:13 . 2011-11-30 01:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B9F189F-355D-468D-9E8E-AC57D6448BBB}\mpengine.dll
2012-01-12 22:57 . 2012-01-12 22:57 -------- d-----w- c:\users\Test\AppData\Roaming\Apple Computer
2012-01-11 09:27 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 09:27 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 09:27 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 09:27 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 09:27 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 09:27 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 09:27 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 15:40 . 2012-01-09 15:40 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 15:40 . 2012-01-09 15:40 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 15:40 . 2012-01-09 15:40 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 15:40 . 2012-01-09 15:40 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-16 15:43 . 2011-12-16 15:43 -------- d-----w- c:\windows\CheckSur
2011-12-16 13:26 . 2011-12-16 13:26 -------- d-----w- c:\program files\iPod
2011-12-16 13:26 . 2011-12-16 13:28 -------- d-----w- c:\program files\iTunes
2011-12-16 11:04 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 11:04 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-16 10:59 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 10:59 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-16 10:59 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 11:03 . 2011-10-07 06:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2011-11-13 14:58 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 13:29 . 2010-05-29 19:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-05-10 20:58 . 2011-05-10 20:57 16537376 ----a-w- c:\program files\jre-6u25-windows-i586.exe
2010-05-30 13:52 . 2010-05-30 13:52 28534656 ----a-w- c:\program files\AdbeRdr930_de_DE.exe
2010-05-30 13:46 . 2010-05-30 04:14 8188856 ----a-w- c:\program files\Firefox Setup 3.6.3.exe
2012-01-09 15:40 . 2011-05-10 20:52 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-22 18:07 . 2010-05-30 14:07 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Antonia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Antonia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Antonia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Antonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Antonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-10-25 11:31 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-12-08 12:34 3444736 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 14:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 16:50 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2009-08-25 14:00 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-05-20 10:53 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2009-10-22 18:07 124240 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2008-02-15 16:23 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 13141427
*Deregistered* - 13141427
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 13:01]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 13:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Antonia\AppData\Roaming\Mozilla\Firefox\Profiles\n1uqdehm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-14 16:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-01-14 16:36:29
ComboFix-quarantined-files.txt 2012-01-14 15:36
ComboFix2.txt 2011-05-02 20:51
.
Vor Suchlauf: 15 Verzeichnis(se), 55.526.682.624 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 55.903.522.816 Bytes frei
.
- - End Of File - - 4CA07A5CF2C7ED61B6444EF35EABF4E1
Gruß, Antonia |
|
14.01.2012, 17:22
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner eingefangenZitat:
Wo hast du das her?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2012, 17:24
| #11 |
| | Bundespolizei-Trojaner eingefangen Hab ich damals von der Uni bekommen... |
|
14.01.2012, 17:26
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei-Trojaner eingefangen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2012, 18:26
| #13 |
| | Bundespolizei-Trojaner eingefangen So. Hier erstmal GMER. OSAM mach ich jetzt. Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-14 18:25:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVT-75ZCT1 rev.11.01A11
Running: 90tl2x3e.exe; Driver: C:\Users\Antonia\AppData\Local\Temp\fxldqpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x87F8968A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x87F895E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x87F895FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x87F896C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x87F8964E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x87F8969E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x87F89676]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x87F89662]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x87F8963A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x87F89626]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x87F896F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x87F896DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x87F896B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x87F89612]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 81E5F982 5 Bytes JMP 87F896B8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FF3609 5 Bytes JMP 87F89652 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FFDC11 5 Bytes JMP 87F89616 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82025143 5 Bytes JMP 87F896FB \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8204489A 7 Bytes JMP 87F896CC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82044B5D 5 Bytes JMP 87F896E2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 820488C8 5 Bytes JMP 87F8962A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8204E2DD 7 Bytes JMP 87F896A2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 8207633B 5 Bytes JMP 87F8968E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82086DB2 5 Bytes JMP 87F89666 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 82087FB6 5 Bytes JMP 87F8967A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 820C5D7F 5 Bytes JMP 87F895EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820C5DCA 7 Bytes JMP 87F89600 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 820C6883 5 Bytes JMP 87F8963E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\Antonia\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 0095006E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 0095005D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 00950093
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 00950F06
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00950F3C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 00950FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 0095000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00950042
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00950F4D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00950F79
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00950F68
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00950F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 00950031
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 009500A4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 00950FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 00950FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 00950F17
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00940025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!system 7706804B 5 Bytes JMP 00940F90
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 00940FC6
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_open 7706D106 5 Bytes JMP 00940000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00940FAB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00940FD7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 003E004D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 003E0FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 003E0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 003E0FA1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 003E005E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 003E0FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 003E0FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 003E001E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] WS2_32.dll!socket 761036D1 5 Bytes JMP 003F0000
.text C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 00150F15
.text C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 00150F30
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 00150EE9
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 00150EFA
.text C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00150F66
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 00150FCA
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 0015001B
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00150F4B
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00150F77
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00150FA5
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00150F94
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00150036
.text C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 0015005B
.text C:\Windows\system32\services.exe[628] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 0015009B
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 00150FE5
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 00150000
.text C:\Windows\system32\services.exe[628] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 00150076
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 000E0F94
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 000E0036
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 000E000A
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 000E0FA5
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 000E005B
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 000E0FE5
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 000E001B
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 000E0FCA
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00140FAF
.text C:\Windows\system32\services.exe[628] msvcrt.dll!system 7706804B 5 Bytes JMP 00140044
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 00140018
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_open 7706D106 5 Bytes JMP 00140FEF
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00140033
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00140FDE
.text C:\Windows\system32\services.exe[628] WS2_32.dll!socket 761036D1 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 00D30F01
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 00D30F1C
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 00D30EDC
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 00D30073
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00D30047
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 00D30FC0
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 00D30011
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00D30F37
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00D30F6D
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00D30FA5
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00D30F8A
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00D3002C
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 00D30F52
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 00D30EB7
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 00D30FDB
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 00D30000
.text C:\Windows\system32\lsass.exe[644] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 00D30062
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 0010005B
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00100036
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00100000
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00100FB9
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 00100076
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00100FD4
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00100FE5
.text C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00100025
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 0012005D
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!system 7706804B 5 Bytes JMP 00120038
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 0012000C
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_open 7706D106 5 Bytes JMP 00120FEF
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 0012001D
.text C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00120FD2
.text C:\Windows\system32\lsass.exe[644] WS2_32.dll!socket 761036D1 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 008A0082
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 008A0F3C
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 008A0EF5
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 008A0F06
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 008A0F72
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 008A0025
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 008A0071
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 008A0F83
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 008A0FAF
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 008A0F94
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 008A0036
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 008A0F61
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 008A009D
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 008A0000
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 008A0F21
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00890F9C
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!system 7706804B 5 Bytes JMP 00890FAD
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 00890FE3
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_open 7706D106 5 Bytes JMP 00890000
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00890FBE
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00890011
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 00830051
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00830FB6
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00830FE5
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00830FA5
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 00830062
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 0083001B
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 0083002C
.text C:\Windows\system32\svchost.exe[856] WS2_32.dll!socket 761036D1 5 Bytes JMP 00880000
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 001B0089
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 001B0F4D
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 001B00D0
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 001B00B5
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 001B0F79
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 001B001B
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 001B0FCA
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 001B0078
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 001B0053
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 001B0F9E
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 001B0036
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 001B0FAF
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 001B0F5E
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 001B0F14
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW 7715B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 001B00A4
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 001A0036
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!system 7706804B 5 Bytes JMP 001A0FAB
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 001A001B
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_open 7706D106 5 Bytes JMP 001A0000
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 001A0FC6
.text C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 001A0FD7
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 000F0051
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 000F0FC0
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 000F0FAF
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 000F0F8A
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 000F001B
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 000F0FE5
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 000F002C
.text C:\Windows\system32\svchost.exe[920] WS2_32.dll!socket 761036D1 5 Bytes JMP 00190FEF
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 002100A2
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 00210091
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 002100C4
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 002100B3
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00210F81
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 00210FDB
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 00210FCA
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00210F66
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 0021005B
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00210FA8
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00210040
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00210FB9
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 00210080
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 00210F12
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 0021001B
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 0021000A
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 00210F37
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00200FC3
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!system 7706804B 5 Bytes JMP 0020004E
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 00200FDE
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_open 7706D106 5 Bytes JMP 0020000C
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00200033
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00200FEF
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 0016004A
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00160FB2
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00160FE5
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00160039
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 0016005B
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00160014
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00160FD4
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00160FC3
.text C:\Windows\System32\svchost.exe[956] WS2_32.dll!socket 761036D1 5 Bytes JMP 001B0000
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 001C0F29
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 001C0F3A
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 001C0080
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 001C0EF3
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 001C004A
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 001C0FC3
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 001C0FB2
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 001C0F4B
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 001C0039
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 001C0028
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 001C0F86
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 001C0F97
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 001C0065
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 001C009B
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 001C0FD4
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 001C0FEF
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 001C0F04
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00170053
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!system 7706804B 5 Bytes JMP 00170038
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 0017000C
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_open 7706D106 5 Bytes JMP 00170FE3
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00170027
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00170FD2
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 00150073
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00150047
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00150000
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00150062
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 0015008E
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 0015002C
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00150011
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00150FD1
.text C:\Windows\System32\svchost.exe[1044] WS2_32.dll!socket 761036D1 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 011500B1
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 01150F6B
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 01150F35
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 011500CC
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 01150067
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 01150FE5
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 01150FD4
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 0115008C
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 01150F8D
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 01150FA8
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 0115004A
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 01150FB9
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 01150F7C
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 011500E7
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 01150011
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 01150000
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 01150F50
.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 01030F86
.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!system 7706804B 5 Bytes JMP 01030011
.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 01030FAB
.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_open 7706D106 5 Bytes JMP 01030FEF
.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 01030000
.text C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 01030FC6
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 01010054
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 01010028
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 01010FE5
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 01010039
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 01010065
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 01010FC3
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 01010FD4
.text C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 01010FB2
.text C:\Windows\System32\svchost.exe[1076] WS2_32.dll!socket 761036D1 5 Bytes JMP 01020FEF
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 013F0F18
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 013F0F29
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 013F0083
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 013F0EEC
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 013F0F66
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 013F0FD4
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 013F0FC3
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 013F0F3A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 013F0F8D
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 013F0FA8
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 013F004A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 013F002F
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 013F0F55
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 013F0ED1
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 013F000A
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 013F0FEF
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 013F0F07
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 013E0FA3
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!system 7706804B 5 Bytes JMP 013E002E
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 013E001D
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_open 7706D106 5 Bytes JMP 013E0FEF
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 013E0FBE
.text C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 013E0000
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 00DF0040
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00DF0FA8
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00DF0025
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 00DF0051
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00DF0FB9
.text C:\Windows\system32\svchost.exe[1096] WS2_32.dll!socket 761036D1 5 Bytes JMP 01310000
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 00240F43
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 00240089
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 00240F1E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 002400B5
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00240F94
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 0024002C
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 0024003D
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00240F68
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00240FA5
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00240FD1
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00240FB6
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 0024004E
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 00240F79
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 002400C6
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 0024001B
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 0024009A
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 001E0047
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!system 7706804B 5 Bytes JMP 001E0FBC
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_open 7706D106 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 001E0FCD
.text C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 001E0018
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 000B0F9B
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 000B002C
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 000B0000
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 000B003D
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 000B0F8A
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 000B0FC0
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 000B0FDB
.text C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 000B0011
.text C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket 761036D1 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 0141007D
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 01410F37
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 014100BA
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 014100A9
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 01410F63
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 0141000A
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 01410FAF
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 01410F52
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 01410047
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 01410036
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 01410F94
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 0141001B
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 01410058
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 01410F08
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 01410FD4
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 01410FEF
.text C:\Windows\system32\svchost.exe[1312] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 0141008E
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 01400FB2
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!system 7706804B 5 Bytes JMP 01400FCD
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 01400022
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_open 7706D106 5 Bytes JMP 01400000
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 0140003D
.text C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 01400011
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 00DE0FB9
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00DE0FE5
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00DE0FD4
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 00DE0076
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00DE0036
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00DE0025
.text C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00DE0047
.text C:\Windows\system32\svchost.exe[1312] WS2_32.dll!socket 761036D1 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenA 75DDD6A8 5 Bytes JMP 00160000
.text C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenW 75DDDB21 5 Bytes JMP 00160FE5
.text C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenUrlA 75DDF3BC 5 Bytes JMP 00160011
.text C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenUrlW 75E26DFF 5 Bytes JMP 00160FC0
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 02250F7B
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 022500C1
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 02250F4F
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 022500DC
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 02250095
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 0225002C
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 02250FDB
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 02250F96
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 0225007A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 02250058
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 02250069
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 02250047
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 022500A6
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 02250F34
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 0225001B
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 02250000
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 02250F6A
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 02240F88
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!system 7706804B 5 Bytes JMP 02240FA3
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 02240FC8
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_open 7706D106 5 Bytes JMP 02240000
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 0224001D
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 02240FE3
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 02220F91
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 02220033
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 02220000
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 02220FAC
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 0222004E
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 02220011
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 02220FDB
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 02220022
.text C:\Windows\system32\svchost.exe[1452] WS2_32.dll!socket 761036D1 5 Bytes JMP 02230000
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 000100C7
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 000100AC
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00010F66
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 00010FD4
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00010F41
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00010F83
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 00010F15
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 0001000A
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[1684] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 00010F26
.text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00050F9A
.text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!system 7706804B 5 Bytes JMP 0005001B
.text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 00050FBC
.text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_open 7706D106 5 Bytes JMP 00050000
.text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00050FAB
.text C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00050FD7
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 00060054
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00060FA8
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00060FEF
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00060039
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 00060065
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00060014
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00060FD4
.text C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00060FC3
.text C:\Windows\system32\svchost.exe[1684] WS2_32.dll!socket 761036D1 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 01720F7C
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 017200C2
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 01720F49
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 01720F5A
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 01720082
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 01720014
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 01720FC3
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 01720F97
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 01720071
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 01720043
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 01720054
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 01720FB2
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 017200A7
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 01720F2E
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 01720FD4
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 01720FE5
.text C:\Windows\system32\svchost.exe[1804] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 01720F6B
.text C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 01710FE5
.text C:\Windows\system32\svchost.exe[1804] msvcrt.dll!system 7706804B 5 Bytes JMP 01710066
.text C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 0171003A
.text C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_open 7706D106 5 Bytes JMP 0171000C
.text C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 01710055
.text C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 0171001D
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 016F0040
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 016F0F94
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 016F0000
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 016F0025
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 016F0F83
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 016F0FCA
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 016F0FE5
.text C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 016F0FAF
.text C:\Windows\system32\svchost.exe[1804] WS2_32.dll!socket 761036D1 5 Bytes JMP 01700FEF
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 00CB0076
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 00CB0F3A
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 00CB00A2
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 00CB0087
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00CB004A
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 00CB0FDE
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 00CB002F
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00CB0F4B
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00CB0F66
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00CB0F9E
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00CB0F8D
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00CB0FC3
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 00CB005B
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 00CB0EF0
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileW 7715B0EB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 00CB0FEF
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 00CB0000
.text C:\Windows\system32\svchost.exe[2116] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 00CB0F15
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00CA0F88
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!system 7706804B 5 Bytes JMP 00CA0FA3
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 00CA0FD2
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_open 7706D106 5 Bytes JMP 00CA0FEF
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00CA001D
.text C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 00C40F94
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00C4002C
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00C4000A
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00C40FA5
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 00C4005B
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00C40FDB
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00C4001B
.text C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00C40FCA
.text C:\Windows\system32\svchost.exe[2116] WS2_32.dll!socket 761036D1 5 Bytes JMP 00C50000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 009F0F10
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 009F0F21
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 009F008C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 009F007B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 009F0F46
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 009F0FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 009F0FA8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreatePipe 77138F06 3 Bytes JMP 009F004C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreatePipe + 4 77138F0A 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 009F0F57
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryW 77139400 3 Bytes JMP 009F0014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryW + 4 77139404 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExA 77139554 3 Bytes JMP 009F0F68
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExA + 4 77139558 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryA 7713957C 3 Bytes JMP 009F0F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryA + 4 77139580 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtectEx 7713DC52 3 Bytes JMP 009F003B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtectEx + 4 7713DC56 1 Byte [89]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 009F0EDA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 009F0FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 009F0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 009F0EF5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 009E0FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!system 7706804B 5 Bytes JMP 009E0FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 009E0029
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_open 7706D106 5 Bytes JMP 009E000C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 009E003A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 009E0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 0026005E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00260FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00260FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00260FBC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 00260FA1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 0026002F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00260014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00260FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] WS2_32.dll!socket 761036D1 5 Bytes JMP 003F0FE5
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 00900F55
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 00900F66
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 009000D8
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 009000C7
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00900F77
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 0090000A
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 00900025
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00900091
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00900F9E
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00900051
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00900FAF
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00900040
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 0090006C
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 00900F30
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 00900FD4
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 00900FE5
.text C:\Windows\system32\svchost.exe[2308] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 009000B6
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 008A0FA6
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!system 7706804B 5 Bytes JMP 008A0031
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 008A0FC1
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_open 7706D106 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 008A0020
.text C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 008A0FDE
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 00290FAF
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00290051
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00290000
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00290FCA
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 0029006C
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00290036
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00290011
.text C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 00290FE5
.text C:\Windows\system32\svchost.exe[2308] WS2_32.dll!socket 761036D1 5 Bytes JMP 002E0000
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!GetStartupInfoW 77111929 5 Bytes JMP 000700B3
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!GetStartupInfoA 771119C9 5 Bytes JMP 000700A2
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateProcessW 77111BF3 5 Bytes JMP 00070F52
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateProcessA 77111C28 5 Bytes JMP 000700E9
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!VirtualProtect 77111DC3 5 Bytes JMP 00070F81
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateNamedPipeA 77112EF5 5 Bytes JMP 00070036
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateNamedPipeW 77115C0C 5 Bytes JMP 00070047
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreatePipe 77138F06 5 Bytes JMP 00070091
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryExW 7713927C 5 Bytes JMP 00070F9E
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryW 77139400 5 Bytes JMP 00070FCA
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryExA 77139554 5 Bytes JMP 00070FB9
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryA 7713957C 5 Bytes JMP 00070FDB
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!VirtualProtectEx 7713DC52 5 Bytes JMP 00070076
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!GetProcAddress 7715925B 5 Bytes JMP 00070F37
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateFileW 7715B0EB 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateFileA 7715D07F 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[2344] kernel32.dll!WinExec 771A60CF 5 Bytes JMP 000700C4
.text C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_wsystem 77067F2F 5 Bytes JMP 00060FC8
.text C:\Windows\System32\svchost.exe[2344] msvcrt.dll!system 7706804B 5 Bytes JMP 00060049
.text C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_creat 7706BBE1 5 Bytes JMP 0006001D
.text C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_open 7706D106 5 Bytes JMP 0006000C
.text C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_wcreat 7706D326 5 Bytes JMP 00060038
.text C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_wopen 7706D501 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyExA 75EC39AB 5 Bytes JMP 0005005E
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyA 75EC3BA9 5 Bytes JMP 00050FC3
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyA 75EC89C7 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyW 75ED391E 5 Bytes JMP 00050FB2
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyExW 75ED41F1 5 Bytes JMP 0005006F
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyExA 75ED7C42 5 Bytes JMP 00050014
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyW 75EDE2B5 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyExW 75EE7BA1 5 Bytes JMP 0005002F
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\mfevtps.exe[916] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00405995] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004059CB] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Antonia |
|
14.01.2012, 18:34
| #14 |
| | Bundespolizei-Trojaner eingefangen Hier OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:33:58 on 14.01.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 9.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "BCM42RLY" (BCM42RLY) - ? - C:\Windows\System32\drivers\BCM42RLY.sys (File not found) "catchme" (catchme) - ? - C:\Users\Antonia\AppData\Local\Temp\catchme.sys (File not found) "fxldqpow" (fxldqpow) - ? - C:\Users\Antonia\AppData\Local\Temp\fxldqpow.sys (Hidden registry entry, rootkit activity | File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys "McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys "McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys "McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys "McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys "McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Antonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe "McAfee Framework-Dienst" (McAfeeFramework) - "McAfee, Inc." - C:\Program Files\McAfee\Common Framework\FrameworkService.exe "McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe "McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
14.01.2012, 19:08
| #15 |
| | Bundespolizei-Trojaner eingefangen Hier das nächste Log: Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-14 18:35:45
-----------------------------
18:35:45.630 OS Version: Windows 6.0.6002 Service Pack 2
18:35:45.631 Number of processors: 2 586 0xF0D
18:35:45.633 ComputerName: BÄR UserName:
18:35:47.229 Initialize success
18:37:43.493 AVAST engine defs: 12011401
18:37:50.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
18:37:50.878 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT1 11.01A11 Size: 152627MB BusType: 3
18:37:50.967 Disk 0 MBR read successfully
18:37:50.988 Disk 0 MBR scan
18:37:50.994 Disk 0 Windows VISTA default MBR code
18:37:51.074 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
18:37:51.090 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 208896
18:37:51.163 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139723 MB offset 21180416
18:37:51.168 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
18:37:51.268 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
18:37:51.400 Disk 0 scanning sectors +312578048
18:37:51.912 Disk 0 scanning C:\Windows\system32\drivers
18:39:08.626 Service scanning
18:39:10.051 Modules scanning
18:40:37.660 Disk 0 trace - called modules:
18:40:37.700 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
18:40:37.708 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857d2ac8]
18:40:37.716 3 CLASSPNP.SYS[82f178b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84df5b98]
18:40:38.674 AVAST engine scan C:\Windows
18:41:34.988 AVAST engine scan C:\Windows\system32
18:46:20.030 AVAST engine scan C:\Windows\system32\drivers
18:46:32.776 AVAST engine scan C:\Users\Antonia
19:01:18.291 AVAST engine scan C:\ProgramData
19:02:38.192 Scan finished successfully
19:06:50.869 Disk 0 MBR has been saved successfully to "C:\Users\Antonia\Desktop\MBR.dat"
19:06:50.874 The log file has been saved successfully to "C:\Users\Antonia\Desktop\aswMBR.txt"
Antonia |
|
| Themen zu Bundespolizei-Trojaner eingefangen |
| administrator, anti-malware, appdata, autostart, cache, code, dateien, dateisystem, exploit.drop.2, explorer.exe, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, infizierte, java, logdatei, malwarebytes, microsoft, neu, ohne abgesicherten modus, quarantäne, rechner, seite, software, speicher, starten, temp, trojan.zbot.cbcgen, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
