Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt

Steffi1234 · 02.04.2013, 20:20

Hallo liebe Helfer,

erstmal finde ich es großartig, dass Ihr hier Eure Zeit aufwendet, um uns zu helfen. Vielen Dank schon mal dafür.

Ich habe mir leider auch diesen Trojaner eingefangen. Es wäre nett, wenn Ihr mir helfen könntet, da ich den Eindruck habe, dass es für die Entfernung des Trojaners keine Generallösung gibt, sondern immer vom jeweiligen Rechner abhängt.

Ich benutze als Antivirenprogramm Sophos, allerdings hat dieses den Trojaner nicht entdeckt, sondern der Kaspersky Security Scan, den man frei herunterladen kann. Dieser hat folgende Meldung im Bericht geliefert:

HEUR:Exploit.Java.CVE-2012-1723.gen
jar_cache7725885904557327434.tmp
C:\Documents and Settings\******\AppData\Local\Temp

Leider habe ich von dem Scan keinen Logfile, da die freie Version den Bericht nicht speichert. Aber die obige Beschreibung hatte ich per Word gespeichert.
Als einzige Maßnahme hatte ich versucht, alles von Java zu löschen und habe die Datei bei virus-total.de checken lassen. Leider konnte ich eine Update-Funktion von Java nicht löschen (Java[TM] 6 Update 22).

Hier die Logs:

OTL

Code:

ATTFilter

OTL logfile created on: 01.04.2013 23:10:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*** ***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,81% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 76,94 Gb Free Space | 66,08% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 221,57 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: *** *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.01 23:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe
PRC - [2013.03.21 15:44:20 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.02.13 15:05:11 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.02.13 15:05:10 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.02.13 15:04:26 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.20 16:19:07 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.10.16 18:49:54 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.10.01 22:07:10 | 001,485,824 | ---- | M] () -- C:\Windows\MultiKMS\MultiKMS.exe
PRC - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\PSIA.exe
PRC - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012.07.25 10:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.09.01 03:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.07.10 20:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.05.18 12:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.04.19 21:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 23:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 05:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.21 09:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006.12.19 03:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2005.07.07 01:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2004.10.18 11:51:58 | 000,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2007.12.20 16:02:20 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.08.08 12:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.06.15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2013.03.21 15:44:20 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.03.21 15:44:14 | 001,468,920 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2013.03.13 16:54:02 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 14:38:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.13 15:05:11 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.02.13 15:04:26 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.20 16:19:07 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.10.16 18:49:54 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.10.01 22:07:10 | 001,485,824 | ---- | M] () [Auto | Running] -- C:\Windows\MultiKMS\MultiKMS.exe -- (MultiKMS)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.05.18 12:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.02.06 04:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2004.10.18 11:51:58 | 000,065,536 | ---- | M] (OLYMPUS Corporation) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.11.20 16:19:18 | 000,132,424 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012.11.20 16:19:13 | 000,033,096 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012.10.16 18:50:20 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.10.16 18:49:20 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2012.03.08 15:31:45 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.03.17 11:33:37 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV08.sys -- (ACEDRV08)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007.12.20 16:55:06 | 003,478,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.10.01 08:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.11 06:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.07.31 08:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.24 21:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.20 05:12:18 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.01.24 20:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.15 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 11:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2003.07.30 04:18:50 | 000,003,839 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GETPADD.sys -- (GETPADD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.02 16:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:37:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:38:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:37:53 | 000,000,000 | ---D | M]
 
[2012.03.08 01:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\Extensions
[2013.02.15 14:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\Firefox\Profiles\nf2rob03.default\extensions
[2012.12.14 10:49:45 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\*** ***\AppData\Roaming\mozilla\Firefox\Profiles\nf2rob03.default\extensions\50cae09998b40@50cae09998b79.com
[2013.02.15 14:05:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\firefox\profiles\nf2rob03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.27 16:52:42 | 000,002,515 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\mozilla\firefox\profiles\nf2rob03.default\searchplugins\Search_Results.xml
[2013.03.08 14:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013.03.08 14:37:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 14:38:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.27 16:52:42 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2010.11.01 17:08:04 | 000,424,452 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.123haustiereundmehr.com
O1 - Hosts: 14630 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SaveByclick Class) - {C8080964-5877-7F92-F173-19718B022D5C} - C:\ProgramData\SaveByclick\50cae09998cd0.ocx ()
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FDAA2CF-4CA3-471C-AF1F-88F1DDAA6E69}: DhcpNameServer = 128.176.0.28 128.176.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C8536BE-28E0-4DD2-A495-41719DC2FE07}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (L) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{66ca29e0-6921-11e1-905d-f8de839cd88e}\Shell - "" = AutoRun
O33 - MountPoints2\{66ca29e0-6921-11e1-905d-f8de839cd88e}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{c7e8b167-d549-11de-9df8-e65c795418e5}\Shell - "" = AutoRun
O33 - MountPoints2\{c7e8b167-d549-11de-9df8-e65c795418e5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.01 23:07:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe
[2013.03.31 23:01:12 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013.03.31 22:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.31 22:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013.03.08 14:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.01 23:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe
[2013.04.01 23:04:09 | 000,377,856 | ---- | M] () -- C:\Users\*** ***\Desktop\gmer_2.1.19155.exe
[2013.04.01 22:55:22 | 000,000,000 | ---- | M] () -- C:\Users\*** ***\defogger_reenable
[2013.04.01 22:54:20 | 000,050,477 | ---- | M] () -- C:\Users\*** ***\Desktop\Defogger.exe
[2013.04.01 22:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 22:34:15 | 000,671,462 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.01 22:34:15 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.01 22:34:15 | 000,144,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.01 22:34:15 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.01 22:25:44 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013.04.01 22:25:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:25:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 22:25:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 22:25:02 | 2144,641,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 22:23:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.03.31 23:00:51 | 000,000,961 | ---- | M] () -- C:\Users\*** ***\Desktop\Kaspersky Security Scan.lnk
[2013.03.31 00:00:03 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.03.04 20:06:36 | 000,002,605 | ---- | M] () -- C:\Users\*** ***\Desktop\Microsoft Word.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.01 23:04:06 | 000,377,856 | ---- | C] () -- C:\Users\*** ***\Desktop\gmer_2.1.19155.exe
[2013.04.01 22:55:22 | 000,000,000 | ---- | C] () -- C:\Users\*** ***\defogger_reenable
[2013.04.01 22:54:16 | 000,050,477 | ---- | C] () -- C:\Users\*** ***\Desktop\Defogger.exe
[2013.03.31 23:01:12 | 000,000,961 | ---- | C] () -- C:\Users\*** ***\Desktop\Kaspersky Security Scan.lnk
[2012.05.20 19:03:15 | 000,001,794 | ---- | C] () -- C:\Users\*** ***\AppData\Roaming\SAS7_000.DAT
[2012.05.16 12:55:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2012.05.16 12:55:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2012.05.16 12:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\Dssole.INI
[2012.03.09 02:28:13 | 000,000,715 | ---- | C] () -- C:\Windows\System32\Settings.ini
[2012.03.08 23:51:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.03.08 23:50:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.08 23:50:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.01.24 09:30:08 | 000,003,839 | ---- | C] () -- C:\Windows\System32\drivers\GETPADD.sys
[2009.12.23 11:43:15 | 232,923,180 | ---- | C] () -- C:\Users\*** ***\Adhs1.wav
[2009.02.01 23:13:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.07 21:29:55 | 000,001,356 | ---- | C] () -- C:\Users\*** ***\AppData\Local\d3d9caps.dat
[2008.12.25 22:45:16 | 000,201,216 | ---- | C] () -- C:\Users\*** ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.29 13:24:06 | 000,017,408 | ---- | C] () -- C:\Users\*** ***\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.02.20 13:35:05 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\.minecraft
[2012.07.31 19:59:18 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Asqauk
[2012.12.30 21:10:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Audacity
[2011.12.19 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Canneverbe Limited
[2012.03.11 16:18:46 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DAEMON Tools Lite
[2013.02.02 16:32:40 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DVDVideoSoft
[2013.02.02 16:32:21 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.24 13:35:53 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\F4
[2012.01.27 16:54:17 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\FreeAudioPack
[2012.07.31 17:26:27 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Godei
[2009.01.07 15:52:00 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\ICQ
[2012.12.26 14:47:40 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\JAM Software
[2010.04.05 14:52:36 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\MyPhoneExplorer
[2012.05.15 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Opera
[2012.12.14 10:01:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\pdfforge
[2012.05.15 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TeamViewer
[2012.01.27 16:12:11 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\XMedia Recode
[2011.05.05 15:38:31 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\XnView
[2012.08.03 10:37:42 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Yxepg
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 01.04.2013 23:10:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*** ***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,81% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 76,94 Gb Free Space | 66,08% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 221,57 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: *** *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5468F88A-D092-42A4-A087-0C891BDA3DE1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{608B9058-FF90-4DDE-8F8E-6D1A7FE319C0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6D183C17-D16D-4548-A301-F71BF7F5E48E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{732C4BBA-295A-4CEC-8A40-30295A33255A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{923F4CFE-942F-418D-9299-B6CE5C803936}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB306CF3-C8B0-41E8-8DA2-B5048CA2E27F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9B2C71B-66C3-4791-84BC-68A2CAD81694}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{BD327DBB-7851-413B-85E5-C5A3B6DCC7A3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C8754DCE-8702-474B-AFAF-ED359FF8FE1E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CF4C09A9-BFC4-4DA1-87F0-467C898C63D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0880686D-7BE1-43F2-B56C-0E7506FCB6F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6D5CA3E5-8252-4050-9AF2-29E53391F507}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{75B356B8-F9FF-4B3A-9EE5-33633E6EDBEF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7D0C1DF2-1EAD-4CB0-A460-EFA27196902F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B2DEB534-29C0-4420-BAA7-7C43012BECCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7A10582-5D9B-4253-8E83-2547C6816F0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BF7E977E-C45B-4089-9EF8-9AEC32FBEACD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C9EF0221-69EA-4D7D-B0AF-F0A8C2F9C3F1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EC091231-558B-4616-A79B-FFBA76151F9F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{FB867491-DE8F-480B-B811-40395219DA14}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{035D6ED1-B1E1-4CCD-A622-F93C7D044D85}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{12314951-48F4-44CB-9F75-9C905F5C94C9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{324E044C-FA37-4E5F-8EB8-B2B3991FC05F}C:\program files\olympus\dssplayerpro\dssplay.exe" = protocol=6 | dir=in | app=c:\program files\olympus\dssplayerpro\dssplay.exe | 
"TCP Query User{373C91A9-BA02-4A4F-8471-969B423D9968}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{38FE809F-8D44-4EF2-9543-4FCB7C0BB352}C:\windows\system32\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"TCP Query User{565FE91E-FBD8-4095-A795-387B9CE2C863}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{7DF83C61-46B2-4651-8FC1-6C0A5742A433}C:\program files\olympus\dssplayerpro\tpstwnd.exe" = protocol=6 | dir=in | app=c:\program files\olympus\dssplayerpro\tpstwnd.exe | 
"TCP Query User{89C0A7DB-4EA2-4CBD-B255-46DB241E6615}C:\windows\system32\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"TCP Query User{8AA3A882-E6C7-4A58-857D-95CD8519FE9E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A4A59860-1D18-492C-9503-54CF09F26C52}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{ABC043CC-12CE-4D2B-A3FC-F0B0A3ED45EB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CD53DA94-17B4-433A-9123-A548C0014EC8}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{DB504200-F75D-4001-BB0A-1D622E32CFB0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F2397585-9448-4094-8F79-DFF07778CBBB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{0B54CF60-DF06-49B9-B009-8F4423A25E86}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{2D71AA13-9031-4ABC-AD93-2CA4778416E5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{37AA822D-5846-4B31-86FB-CEB7894023A1}C:\program files\olympus\dssplayerpro\dssplay.exe" = protocol=17 | dir=in | app=c:\program files\olympus\dssplayerpro\dssplay.exe | 
"UDP Query User{48279308-A2C8-4888-BBC7-4DAA34CE8478}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6AF9D8C8-D76C-474B-BC9D-9AD266B2F158}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{7717176D-F053-4A92-97CD-4B0595EA9CBF}C:\program files\olympus\dssplayerpro\tpstwnd.exe" = protocol=17 | dir=in | app=c:\program files\olympus\dssplayerpro\tpstwnd.exe | 
"UDP Query User{7E456824-ABC6-48BF-BBF0-17097751BC7B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{8E06B7D7-BF82-4D40-8047-5757933C32FE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{99802A03-AF84-4A36-9CC0-6D0849F650D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A43ABA27-5B8F-484A-9623-254FAF5B82A7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A766F391-BFA2-44E2-84B9-5D1359FEFF7F}C:\windows\system32\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"UDP Query User{B2078B41-A844-4EF2-A5DD-BB9FF251AAFA}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{B6C65289-8D1F-4D83-9997-87109086296A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DEDAE088-3A41-466C-B20D-171BE2F5D0B9}C:\windows\system32\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{025F9C8B-27B3-76B0-08E8-4EB918DE287B}" = Catalyst Control Center Localization Dutch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0813BDD1-7E8E-4F18-A13C-037CDD7F9A48}" = Catalyst Control Center Localization Chinese Traditional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B3ED35F-3BDC-72FE-3477-A7CA54325F06}" = CCC Help Chinese Traditional
"{0B950F52-0FD9-C679-6FD0-C4D4F43ACA3E}" = Catalyst Control Center Localization Greek
"{0E4DC8EF-9438-AEEF-A042-851C2EA86FEA}" = Catalyst Control Center Localization Finnish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1A915E9E-75A0-5FD6-53C3-D2E5EDA27B52}" = Catalyst Control Center Localization Polish
"{1BDCA62C-699A-A3C2-57C6-D496414BA297}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CE34A07-F95C-C749-B8FB-10BEFBB5D917}" = Catalyst Control Center Localization Swedish
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{22AD2DF3-00C4-68EB-8D2A-C5AC60BDA907}" = CCC Help Greek
"{24339461-1E3B-290E-613E-B0B234B64ABE}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" = SaveByclick
"{27DB888F-A703-E898-6261-D84260EF93DA}" = Catalyst Control Center Core Implementation
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{337C0055-BE59-63E5-72AE-DAED46ED980B}" = CCC Help Korean
"{342D2010-703F-2098-441E-F96F532EBD09}" = CCC Help Chinese Standard
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A9A74B7-DAE0-EB01-E51A-D2A6720CF135}" = CCC Help Japanese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E7CE151-F6EC-8550-9B73-427F6A89AC42}" = CCC Help Polish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45936E5D-5CEB-A100-8694-B62523FD99C6}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4BE52CD7-9B51-F4D8-ED51-8E89324F3EBD}" = Catalyst Control Center Localization Norwegian
"{4EE9DA0A-4CED-1FB9-3231-24C85855A387}" = Catalyst Control Center Localization Spanish
"{50DD51CF-31D8-7831-D4E8-E13E0A736D93}" = Catalyst Control Center Localization Russian
"{52159193-1EA1-B129-7C03-7120CB0C502E}" = CCC Help Portuguese
"{52E43F33-7D7C-3209-0539-1B2A43010E0D}" = Catalyst Control Center Localization Turkish
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{58752780-E21C-A458-2397-BD8D5E3CB0C1}" = Catalyst Control Center Localization Portuguese
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6602C18D-52EC-BB1F-C3B9-EFF2F1463A58}" = Catalyst Control Center Localization Thai
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77AD4A77-F70F-84BC-B52B-91DAB868EF27}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{872717DD-EE82-F142-4DF7-0308772A8DE4}" = ccc-utility
"{88D44595-9B8E-38FF-7CD9-F5A1423BA2D6}" = Catalyst Control Center Graphics Light
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8D3D4041-DA1D-F814-B37E-ABF774556DAA}" = Catalyst Control Center Localization Italian
"{8E35083D-B04F-4823-A260-C07FDD3D40FD}" = Olympus DSS Player Pro
"{900F0963-B211-5692-EEEC-4DFF6F7321F6}" = CCC Help Swedish
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AA9814-7B89-DA53-5FCA-EBDCDAC4F611}" = CCC Help Italian
"{92C98289-5C00-4A4E-03ED-6E59F7D73435}" = Catalyst Control Center Localization Chinese Standard
"{97C9E93A-7DEA-37C2-50F0-E6172D91DEE6}" = CCC Help German
"{97F73E68-213C-6F88-A590-9C600186E36C}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF9D522-7FA6-D442-9769-558E3B4503F0}" = Skins
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB870B63-94EF-0B0A-340E-62CAF5D48B17}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6512E97-FFA8-6A76-4B07-036784E56A7B}" = Catalyst Control Center Localization Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8F1FA25-D1F3-5DEB-5AE2-18E72A2955CA}" = Catalyst Control Center Localization Danish
"{B935DAF9-605C-A1F8-7A4E-BE87E82B7237}" = CCC Help Norwegian
"{C0BAF48F-940E-7AC7-63B3-BDFAF8A6CCA5}" = CCC Help Thai
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C1B22596-9F6C-6795-F374-D6843ABA8A9A}" = Catalyst Control Center Localization Korean
"{C1D783C5-D3ED-D03E-59CE-1FCC0C059B0F}" = ATI Catalyst Install Manager
"{C376495E-6F9D-2A3A-329E-960682A22B3B}" = Catalyst Control Center Localization Hungarian
"{C6FB5BC4-823A-FE8B-01CB-3A7F51B4C9C2}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D8438AE5-4BE7-CEC7-D0AA-189B34C4628F}" = CCC Help Dutch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF4EB70F-6EBF-AD9E-AF89-D1398A284C86}" = Catalyst Control Center Graphics Previews Common
"{E037311F-0715-DB85-4394-6B09A66605C0}" = CCC Help Spanish
"{E1D0A2DB-9B8D-E7B1-295B-DDAB0B9A423F}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAF8F949-849D-9E39-2A86-0DB83A90405B}" = Catalyst Control Center Graphics Full Existing
"{EDFE36E7-B60E-BF8E-F2DF-0DD61B1E3CAE}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F656696C-CF30-03E5-03A8-05078E02ACEB}" = CCC Help Danish
"{F6CAF803-A534-705F-A673-A04FCEC5AFC9}" = CCC Help Russian
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FCABF3BF-D716-980B-F463-32D5734A3DB4}" = CCC Help English
"{FE0C4C63-56C1-087C-3404-C547405FCEA7}" = Catalyst Control Center Graphics Previews Vista
"{FE44D8AC-80B2-A8BA-291F-59109DE96C11}" = CCC Help Turkish
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 2.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler
"Firefox Browser" = Firefox Browser (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Recuva" = Recuva (remove only)
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 2.0.4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2013 11:13:53 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 29.03.2013 10:24:34 | Computer Name = ******-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 13b0  Anfangszeit: 01ce2c883a4d79c5  Zeitpunkt der
 Beendigung: 47
 
Error - 29.03.2013 14:52:54 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2013 12:27:48 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 30.03.2013 18:59:58 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.03.2013 19:40:14 | Computer Name = ******-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 01.04.2013 16:29:30 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.04.2013 16:29:30 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.04.2013 16:30:11 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.04.2013 16:30:11 | Computer Name = ******-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 01.04.2013 03:56:38 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:16:07 | Computer Name = ******-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.04.2013 um 22:13:27 unerwartet heruntergefahren.
 
Error - 01.04.2013 16:17:36 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:17:36 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.04.2013 16:18:37 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 01.04.2013 16:18:37 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:22:37 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:23:41 | Computer Name = ******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.04.2013 16:26:43 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.04.2013 16:26:43 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Der Laptop zeigt soweit keine Beeinträchtigungen, aber ich habe nach der Google-Suche Sorge, dass der Trojaner auf Dauer einiges an Schaden anrichten wird. Ich hoffe, ich habe an alles gedacht. Gmer hänge ich in einem weiteren Post an.

Vielen Dank und schönen Abend,
Steffi1234

Steffi1234 · 02.04.2013, 20:21

Gmer:

Code:

ATTFilter

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-02 19:08:06
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9500325AS rev.0003BSM1 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kgkiraow.sys


---- Kernel code sections - GMER 2.1 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                   section is writeable [0x8C806000, 0x1E6984, 0xE8000020]
.text           C:\Windows\system32\drivers\ACEDRV08.sys                                                                   section is writeable [0x8FF7A000, 0x328BA, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\ACEDRV08.sys                                                                   entry point in ".pklstb" section [0x8FFBE000]
.relo2          C:\Windows\system32\drivers\ACEDRV08.sys                                                                   unknown last section [0x8FFDA000, 0x8E, 0x42000040]
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                   section is executable [0xA3B1E480, 0x306DD, 0xE0000060]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\system32\svchost.exe[472] ntdll.dll!LdrLoadDll                                                  779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] ntdll.dll!RtlExitUserThread                                           779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] ntdll.dll!KiUserExceptionDispatcher                                   77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateProcessA                                           77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!WriteProcessMemory                                       77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!VirtualProtect                                           77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!WriteFileEx                                              77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!GetThreadContext                                         77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!ResumeThread                                             7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateProcessInternalA                                   77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryExW                                           7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryW                                             773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryExA                                           77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryA                                             7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!VirtualProtectEx                                         7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!FreeLibrary                                              77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!ExitProcess                                              773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!GlobalAlloc                                              77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!GetProcAddress                                           7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!WriteFile                                                7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateFileA                                              7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!WinExec                                                  7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] kernel32.dll!SetThreadContext                                         77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!closesocket                                                76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!recv                                                       76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!connect                                                    76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!bind                                                       76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!send                                                       76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!listen                                                     76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!WSASocketA                                                 76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!WSAStartup                                                 76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!getpeername                                                76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[472] WS2_32.dll!accept                                                     76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] ntdll.dll!LdrLoadDll                                                    779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] ntdll.dll!RtlExitUserThread                                             779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] ntdll.dll!KiUserExceptionDispatcher                                     77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!CreateProcessA                                             77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!WriteProcessMemory                                         77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!VirtualProtect                                             77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!WriteFileEx                                                77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!GetThreadContext                                           77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!ResumeThread                                               7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!CreateProcessInternalA                                     77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!LoadLibraryExW                                             7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!LoadLibraryW                                               773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!LoadLibraryExA                                             77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!LoadLibraryA                                               7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!VirtualProtectEx                                           7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!FreeLibrary                                                77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!ExitProcess                                                773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!GlobalAlloc                                                77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!GetProcAddress                                             7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!WriteFile                                                  7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!CreateFileA                                                7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!WinExec                                                    7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] kernel32.dll!SetThreadContext                                           77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!closesocket                                                  76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!recv                                                         76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!connect                                                      76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!bind                                                         76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!send                                                         76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!listen                                                       76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!WSASocketA                                                   76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!WSAStartup                                                   76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!getpeername                                                  76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[612] WS2_32.dll!accept                                                       76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] ntdll.dll!LdrLoadDll                                                  779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] ntdll.dll!RtlExitUserThread                                           779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] ntdll.dll!KiUserExceptionDispatcher                                   77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!CreateProcessA                                           77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!WriteProcessMemory                                       77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!VirtualProtect                                           77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!WriteFileEx                                              77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!GetThreadContext                                         77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!ResumeThread                                             7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!CreateProcessInternalA                                   77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!LoadLibraryExW                                           7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!LoadLibraryW                                             773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!LoadLibraryExA                                           77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!LoadLibraryA                                             7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!VirtualProtectEx                                         7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!FreeLibrary                                              77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!ExitProcess                                              773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!GlobalAlloc                                              77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!GetProcAddress                                           7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!WriteFile                                                7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!CreateFileA                                              7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!WinExec                                                  7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!SetThreadContext                                         77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!closesocket                                                76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!recv                                                       76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!connect                                                    76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!bind                                                       76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!send                                                       76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!listen                                                     76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!WSASocketA                                                 76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!WSAStartup                                                 76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!getpeername                                                76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[800] WS2_32.dll!accept                                                     76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] ntdll.dll!LdrLoadDll                                                  779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] ntdll.dll!RtlExitUserThread                                           779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] ntdll.dll!KiUserExceptionDispatcher                                   77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateProcessA                                           77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!WriteProcessMemory                                       77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!VirtualProtect                                           77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!WriteFileEx                                              77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!GetThreadContext                                         77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!ResumeThread                                             7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateProcessInternalA                                   77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW                                           7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryW                                             773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA                                           77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryA                                             7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx                                         7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!FreeLibrary                                              77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!ExitProcess                                              773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!GlobalAlloc                                              77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!GetProcAddress                                           7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!WriteFile                                                7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateFileA                                              7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!WinExec                                                  7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] kernel32.dll!SetThreadContext                                         77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!closesocket                                                76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!recv                                                       76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!connect                                                    76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!bind                                                       76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!send                                                       76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!listen                                                     76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!WSASocketA                                                 76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!WSAStartup                                                 76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!getpeername                                                76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[860] WS2_32.dll!accept                                                     76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll                                                  779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] ntdll.dll!RtlExitUserThread                                           779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] ntdll.dll!KiUserExceptionDispatcher                                   77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA                                           77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!WriteProcessMemory                                       77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect                                           77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!WriteFileEx                                              77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!GetThreadContext                                         77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!ResumeThread                                             7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessInternalA                                   77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW                                           7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW                                             773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA                                           77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA                                             7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx                                         7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!FreeLibrary                                              77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!ExitProcess                                              773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!GlobalAlloc                                              77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress                                           7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!WriteFile                                                7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileA                                              7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!WinExec                                                  7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!SetThreadContext                                         77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!closesocket                                                76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!recv                                                       76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!connect                                                    76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!bind                                                       76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!send                                                       76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!listen                                                     76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!WSASocketA                                                 76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!WSAStartup                                                 76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!getpeername                                                76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!accept                                                     76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1040] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WININET.dll!InternetReadFile                                         76F3F8D8 5 Bytes  JMP 75E7E890 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WININET.dll!InternetQueryDataAvailable                               76F43184 5 Bytes  JMP 75E7E870 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WININET.dll!InternetOpenA                                            76F4D5E0 5 Bytes  JMP 75E7E830 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[1104] WININET.dll!InternetOpenUrlA                                         76F5E1C6 5 Bytes  JMP 75E7E850 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WININET.dll!InternetReadFile                                         76F3F8D8 5 Bytes  JMP 75E7E890 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WININET.dll!InternetQueryDataAvailable                               76F43184 5 Bytes  JMP 75E7E870 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WININET.dll!InternetOpenA                                            76F4D5E0 5 Bytes  JMP 75E7E830 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1132] WININET.dll!InternetOpenUrlA                                         76F5E1C6 5 Bytes  JMP 75E7E850 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1224] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WININET.dll!InternetReadFile                                         76F3F8D8 5 Bytes  JMP 75E7E890 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WININET.dll!InternetQueryDataAvailable                               76F43184 5 Bytes  JMP 75E7E870 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WININET.dll!InternetOpenA                                            76F4D5E0 5 Bytes  JMP 75E7E830 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1384] WININET.dll!InternetOpenUrlA                                         76F5E1C6 5 Bytes  JMP 75E7E850 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1880] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2064] C:\Windows\system32\ntdll.dll     time/date stamp mismatch; unknown module: secserv.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2064] ntdll.dll!NtProtectVirtualMemory  77A04BA4 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2064] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2064] user32.dll!SetScrollInfo + 7A8    77AE7980 4 Bytes  [4D, 27, 8B, 69]
.text           C:\Windows\system32\svchost.exe[2404] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2404] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] ntdll.dll!LdrLoadDll                                                         779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] ntdll.dll!RtlExitUserThread                                                  779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] ntdll.dll!KiUserExceptionDispatcher                                          77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!CreateProcessA                                                  77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!WriteProcessMemory                                              77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!VirtualProtect                                                  77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!WriteFileEx                                                     77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!GetThreadContext                                                77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!CopyFileExW                                                     77310211 7 Bytes  JMP 75E77700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!ResumeThread                                                    7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!MoveFileWithProgressW                                           7732112C 5 Bytes  JMP 75E775A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!CreateProcessInternalA                                          77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!LoadLibraryExW                                                  7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!LoadLibraryW                                                    773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!LoadLibraryExA                                                  77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!LoadLibraryA                                                    7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!VirtualProtectEx                                                7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!FreeLibrary                                                     77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!ExitProcess                                                     773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!GlobalAlloc                                                     77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!GetProcAddress                                                  7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!WriteFile                                                       7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!CreateFileA                                                     7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!WinExec                                                         7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] kernel32.dll!SetThreadContext                                                77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] ole32.dll!CoCreateInstance                                                   77439F3E 8 Bytes  JMP 75E779E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WININET.dll!InternetReadFile                                                 76F3F8D8 5 Bytes  JMP 75E7E890 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WININET.dll!InternetQueryDataAvailable                                       76F43184 5 Bytes  JMP 75E7E870 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WININET.dll!InternetOpenA                                                    76F4D5E0 5 Bytes  JMP 75E7E830 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WININET.dll!InternetOpenUrlA                                                 76F5E1C6 5 Bytes  JMP 75E7E850 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!closesocket                                                       76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!recv                                                              76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!connect                                                           76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!bind                                                              76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!send                                                              76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!listen                                                            76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!WSASocketA                                                        76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!WSAStartup                                                        76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!getpeername                                                       76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[2572] WS2_32.dll!accept                                                            76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2800] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] ntdll.dll!LdrLoadDll                                                 779C9378 5 Bytes  JMP 75E7E810 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] ntdll.dll!RtlExitUserThread                                          779E1CFB 5 Bytes  JMP 75E7E610 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] ntdll.dll!KiUserExceptionDispatcher                                  77A05C28 5 Bytes  JMP 75E7A310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessA                                          77301C28 5 Bytes  JMP 75E7E5B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!WriteProcessMemory                                      77301CB8 5 Bytes  JMP 75E7E7F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtect                                          77301DC3 5 Bytes  JMP 75E7E750 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!WriteFileEx                                             77303FDC 5 Bytes  JMP 75E7E7D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetThreadContext                                        77305B49 5 Bytes  JMP 75E7E650 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!ResumeThread                                            7731C360 5 Bytes  JMP 75E7E710 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessInternalA                                  77328C15 5 Bytes  JMP 75E7E5D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExW                                          7732926C 7 Bytes  JMP 75E7E6D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryW                                            773293F0 5 Bytes  JMP 75E7E6F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExA                                          77329544 5 Bytes  JMP 75E7E6B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryA                                            7732956C 5 Bytes  JMP 75E7E690 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtectEx                                        7732DC3A 5 Bytes  JMP 75E7E770 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!FreeLibrary                                             77343F64 5 Bytes  JMP 75E7F3F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!ExitProcess                                             773443B4 5 Bytes  JMP 75E7E5F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!GlobalAlloc                                             77347F14 7 Bytes  JMP 75E7E670 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetProcAddress                                          7734921B 5 Bytes  JMP 75E7E630 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!WriteFile                                               7734ABC1 7 Bytes  JMP 75E7E7B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileA                                             7734D05F 5 Bytes  JMP 75E7E590 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!WinExec                                                 7739614F 5 Bytes  JMP 75E7E790 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] kernel32.dll!SetThreadContext                                        77397F0A 5 Bytes  JMP 75E7E730 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!closesocket                                               76E2330C 5 Bytes  JMP 75E7E930 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!recv                                                      76E2343A 5 Bytes  JMP 75E7E9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!connect                                                   76E240D9 5 Bytes  JMP 75E7E950 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!bind                                                      76E2652F 5 Bytes  JMP 75E7E910 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!send                                                      76E2659B 5 Bytes  JMP 75E7E9D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!listen                                                    76E28CD7 5 Bytes  JMP 75E7E990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!WSASocketA                                                76E28FA9 5 Bytes  JMP 75E7E8B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!WSAStartup                                                76E2A639 7 Bytes  JMP 75E7E8D0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!getpeername                                               76E3A863 5 Bytes  JMP 75E7E970 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[3064] WS2_32.dll!accept                                                    76E3BDF6 5 Bytes  JMP 75E7E8F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4348] C:\Windows\system32\ntdll.dll     time/date stamp mismatch; unknown module: secserv.dll
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4348] ntdll.dll!NtProtectVirtualMemory  77A04BA4 5 Bytes  JMP 698B17E3 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
?               C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4348] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; 
.text           C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[4348] user32.dll!SetScrollInfo + 7A8    77AE7980 4 Bytes  [4D, 27, 8B, 69]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                     AsDsm.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                    Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                    Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                                
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)            

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                      unknown MBR code

---- Files - GMER 2.1 ----

File            C:\ADSM_PData_0150                                                                                         0 bytes
File            C:\ADSM_PData_0150\DB                                                                                      0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                                624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                                16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                                16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                                 512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                            253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                                    512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                                0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                      29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                           512 bytes

---- EOF - GMER 2.1 ----

t'john · 04.04.2013, 10:45

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!

Code:

ATTFilter

:OTL

PRC - [2012.10.01 22:07:10 | 001,485,824 | ---- | M] () -- C:\Windows\MultiKMS\MultiKms.exe 
SRV - [2012.10.01 22:07:10 | 001,485,824 | ---- | M] () [Auto | Running] -- C:\Windows\MultiKMS\MultiKms.exe -- (MultiKMS) 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\*** ***\*.tmp
C:\Users\*** ***\AppData\*.dll
C:\Users\*** ***\AppData\*.exe
C:\Users\*** ***\AppData\Local\Temp\*.exe
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

danach:

3. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Steffi1234 · 04.04.2013, 13:26

Hallo t`john,

vielen Dank schon einmal für deine Hilfe! Ich habe den ersten Schritt bereits durchgeführt, war mir allerdings unsicher, ob ich auch das alleinige * durch irgendetwas ersetzen muss. Habe nur die *** *** durch meinen Benutzernamen ersetzt. War das richtig so? Ich vermute schon fast nein, denn im Logfile steht zum Beispiel: "File/Folder C:ProgramData/*.exe not found". Wenn es doch so richtig ist, dann poste ich das Logfile und fahre mit Schritt 2 und 3 fort. Soll während der Schritte 2 und 3 mein Antiviren-Programm ebenfalls deaktiviert bleiben? Ich glaube, das wars erst mal :-).

Viele Grüße,
Steffi1234

t'john · 04.04.2013, 15:17

Du ersetzt naterlich nur nur das, was du selbst ersetzt hast!

das hier: "*** ***"

wo ist das Fix-Log?

Steffi1234 · 04.04.2013, 16:09

Hier ist das Fix-Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Process MultiKms.exe killed successfully!
Service MultiKMS stopped successfully!
Service MultiKMS deleted successfully!
C:\Windows\MultiKMS\MultiKMS.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\*** ***\*.tmp not found.
File\Folder C:\Users\*** ***\AppData\*.dll not found.
File\Folder C:\Users\*** ***\AppData\*.exe not found.
C:\Users\*** ***\AppData\Local\Temp\CommonInstaller.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\install_flashplayer11x32au_mssa_aih.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\MachineIdCreator.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\oi_{6513C66F-CA94-4BB7-B052-3867CF742883}.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\ScriptHelper.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\ToolbarInstaller.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\UNINSTALL.EXE moved successfully.
C:\Users\*** ***\AppData\Local\Temp\vlc-2.0.2-win32.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\vlc-2.0.4-win32.exe moved successfully.
C:\Users\*** ***\AppData\Local\Temp\xuninst.exe moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\*** ***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*** ***\Desktop\cmd.bat deleted successfully.
C:\Users\*** ***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: *** ***
->Temp folder emptied: 1476039311 bytes
->Temporary Internet Files folder emptied: 429615453 bytes
->FireFox cache emptied: 84194270 bytes
->Google Chrome cache emptied: 8851837 bytes
->Flash cache emptied: 3767672 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 372633496 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 577050193 bytes
RecycleBin emptied: 20499006 bytes
 
Total Files Cleaned = 2.835,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04042013_134436

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Schritt 2 und 3 folgen

t'john · 04.04.2013, 18:04

Zitat:

Schritt 2 und 3 folgen

Alles klar!

Steffi1234 · 04.04.2013, 18:31

So, hier das mbam-log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.04.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** *** :: ***-PC [Administrator]

Schutz: Aktiviert

04.04.2013 17:23:19
mbam-log-2013-04-04 (17-23-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345038
Laufzeit: 1 Stunde(n), 53 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Schritt 3 folgt.

Mfg,
Steffi 1234

Und Schritt 3:

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 04/04/2013 um 19:44:46 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*** ***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\nf2rob03.default\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick
Ordner Gelöscht : C:\ProgramData\SaveByclick
Ordner Gelöscht : C:\Users\*** ***\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\*** ***\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C8080964-5877-7F92-F173-19718B022D5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8080964-5877-7F92-F173-19718B022D5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\nf2rob03.default\prefs.js

C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\nf2rob03.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.50cae09998beb.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [4814 octets] - [04/04/2013 19:44:46]

########## EOF - C:\AdwCleaner[S1].txt - [4874 octets] ##########

Mfg,
Steffi1234

t'john · 05.04.2013, 05:42

Sehr gut!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

danach:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

danach:

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Steffi1234 · 05.04.2013, 10:57

Hallo,

das Programm ist tatsächlich abgestürzt. Ich sollte dir dies ja mitteilen. Soll ich dann jetzt mit "AV-Scan: none" weiter machen und dann das Programm schließen?

Mfg

t'john · 05.04.2013, 11:01

Genau!

Steffi1234 · 05.04.2013, 11:57

Hier aswMBr.txt unter der Einstellung "AV-Scan: none":

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-05 11:59:02
-----------------------------
11:59:02.876    OS Version: Windows 6.0.6002 Service Pack 2
11:59:02.876    Number of processors: 2 586 0xF0D
11:59:02.876    ComputerName: ***-PC  UserName: 
11:59:03.876    Initialize success
11:59:30.626    AVAST engine defs: 13040500
12:49:17.830    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:49:17.830    Disk 0 Vendor: ST9500325AS 0003BSM1 Size: 476940MB BusType: 3
12:49:18.096    Disk 0 MBR read successfully
12:49:18.096    Disk 0 MBR scan
12:49:18.189    Disk 0 unknown MBR code
12:49:18.205    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       119237 MB offset 2048
12:49:18.252    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       357701 MB offset 244199424
12:49:18.361    Disk 0 scanning sectors +976771072
12:49:18.642    Disk 0 scanning C:\Windows\system32\drivers
12:49:46.205    Service scanning
12:50:31.642    Modules scanning
12:50:53.767    Disk 0 trace - called modules:
12:50:53.830    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
12:50:54.377    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e82ac8]
12:50:54.392    3 CLASSPNP.SYS[88db48b3] -> nt!IofCallDriver -> [0x85c3a918]
12:50:54.392    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85c1e030]
12:50:54.408    Scan finished successfully
12:53:22.127    Disk 0 MBR has been saved successfully to "C:\Users\*** ***\Desktop\MBR.dat"
12:53:22.142    The log file has been saved successfully to "C:\Users\*** ***\Desktop\aswMBR.txt"

Weitere Schritte folgen

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d5347b1ff0e3a14688a7fb1dde0e35b8
# engine=13557
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-05 02:21:59
# local_time=2013-04-05 04:21:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 21713 202704447 0 0
# compatibility_mode=8450 16777213 85 98 14747 14765573 0 0
# scanned=167029
# found=1
# cleaned=0
# scan_time=11708
sh=3A465E03490A2BB64035206155E8989E12C5AD60 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\nf2rob03.default\extensions\50cae09998b40@50cae09998b79.com\content\bg.js"

Und zum Letzten:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.61  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Secunia PSI (3.0.0.3001)   
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java(TM) 6 Update 22  
 Java version out of Date! 
 Adobe Flash Player 	11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

MFG, Steffi1234

t'john · 06.04.2013, 09:52

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die .exe-Datei
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 17 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Steffi1234 · 07.04.2013, 21:05

Hallo,

erst mal ein Problem: Komischerweise kann man Java (TM) 6 Update 22 nicht deinstallieren: Immer wenn ich auf "deinstallieren" klicke, kommt zunächst die Meldung, ob ich es wirklich deinstallieren möchte. Wenn ich "Ja" klicke, steht dort zunächst, dass das Entfernen vorbereitet wird. Dann kommt ein Fenster der Benutzerkontensteuerung, das mich warnt, dass ich das Programm nur ausführen soll, wenn ich die Quelle kenne. Außerdem steht dort "Nicht identifizierter Herausgeber". Unter Details steht noch "Aktualisieren, 6.0220 Oracle". Wenn ich auf "Zulassen" klicke, öffnet sich ein Fenster "Bitte warten, während Windows Java konfiguriert". Danach steht Java (TM) 6 Update 22 dann immer noch unter "Programme und Funktionen". Die Deinstallation habe ich mehrmals probiert, aber immer der selbe Ablauf. Ich bekomme es nicht weg.

Ich habe dann trotzdem deine Schritte weiter ausgeführt und das erstmal ignoriert. Nun steht unter "Systemsteuerung" sowohl "Java 7 Update 17" als auch noch "Java (TM) 6 Update 22", was bestimmt nicht richtig ist.

Nach dem ersten PluginCheck stand:

PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
• Firefox 20.0 ist aktuell
• Flash (11,6,602,180) ist aktuell.
• Java (1,7,0,17) ist aktuell.
• Adobe Reader 10,1,6,1 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0

Nach dem zweiten:

PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
• Firefox 20.0 ist aktuell
• Flash (11,6,602,180) ist aktuell.
• Java ist nicht Installiert oder nicht aktiviert.
• Adobe Reader 10,1,6,1 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0

MFG
Steffi1234

t'john · 08.04.2013, 10:53

Es ist sehr wichtig, dass alle alten Versionen von Java weg sind.

Damit versuchen: Revo Uninstaller - Download - Filepony

04.04.2013, 15:17	#5
t'john /// Helfer-Team	Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt Du ersetzt naterlich nur nur das, was du selbst ersetzt hast! das hier: "* " wo ist das Fix-Log? __________________ Mfg, t'john* Das TB unterstützen

05.04.2013, 11:01	#11
t'john /// Helfer-Team	Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt Genau! __________________ Mfg, t'john Das TB unterstützen

08.04.2013, 10:53	#15
t'john /// Helfer-Team	Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt Es ist sehr wichtig, dass alle alten Versionen von Java weg sind. Damit versuchen: Revo Uninstaller - Download - Filepony __________________ Mfg, t'john Das TB unterstützen

Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt

Log-Analyse und Auswertung: Trojaner HEUR:Exploit.Java.CVE-2012-1723.gen von Kasperskyscan entdeckt