| |
| |||||||
Log-Analyse und Auswertung: WIN 7 Starter: Win32/Small.CA-VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.11.2013, 22:14
| #1 |
| |  WIN 7 Starter: Win32/Small.CA-Virus Hallo liebes Board, mir ist heute aufgefallen, dass laut dem Meldungscenter der Virus Win32/Small.CA-Virus auf meinem Rechner ist. Besonderheiten in der Performance sind mir bisher nicht aufgefallen: das kleine Netbook hat trotz RAM-Upgrade noch nie zu den schnellsten gehört.  Würde mich sehr über Support freuen, allerdings ist mir schleierhaft, wie der Virus in das System gekommen ist (Updates sind aktiviert, Virenscanner aktuell, Hardware-Firewall im Router, Java wird auch aktualisiert und ich klicke grundsätzlich keine .exe-Files in meinem Mailclient an)... Defogger Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:59 on 15/11/2013 (Stefan)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Stefan (administrator) on STEFAN-NETBOOK on 15-11-2013 15:01:24
Running from C:\Users\Stefan\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Elgato Systems) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
(Hollie-Soft) C:\Program Files\Klebezettel NG\klebez.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems Incorporated.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GfxServiceInstall] - C:\Windows\System32\GfxCUIServiceInstall.vbs [131 2011-12-13] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-11-30] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [612256 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-01-05] (Toshiba Europe GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [900160 2013-01-09] (Sophos Limited)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624056 2009-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1708616 2010-11-16] (Elgato Systems)
HKCU\...\Run: [Klebezettel NG] - C:\Program Files\Klebezettel NG\klebez.exe [4433408 2012-04-06] (Hollie-Soft)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [ 2013-01-09] (Sophos Limited)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {A7FA4766-E640-4440-A3F3-767C1EA8D63C} URL =
SearchScopes: HKCU - {A7FA4766-E640-4440-A3F3-767C1EA8D63C} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 129.217.129.42
FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default
FF DefaultSearchEngine: Amazon.de
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\searchplugins\woxikonde-synonyme.xml
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\searchplugins\youtube-ssl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: EPUBReader - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: noscript - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
========================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-01-09] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-01-09] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2013-01-09] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-01-09] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-01-09] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2013-01-09] (Sophos Limited)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-12] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112552 2011-06-10] (TOSHIBA Corporation)
==================== Drivers (Whitelisted) ====================
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-09] (TOSHIBA Corporation)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [189184 2012-01-09] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [33536 2012-01-09] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [43392 2012-01-09] (Realtek)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1035368 2011-04-22] (Realtek Semiconductor Corporation )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2013-01-09] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-01-09] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2013-01-09] (Sophos Plc)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-01-09] (Sophos Plc)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-15 15:01 - 2013-11-15 15:04 - 00012268 _____ C:\Users\Stefan\Desktop\FRST.txt
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\FRST
2013-11-15 14:59 - 2013-11-15 14:59 - 00000448 _____ C:\Users\Stefan\Desktop\defogger_disable.log
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 _____ C:\Users\Stefan\defogger_reenable
2013-11-15 11:26 - 2013-11-15 11:26 - 00377856 _____ C:\Users\Stefan\Desktop\fbhlpvv3.exe
2013-11-15 11:25 - 2013-11-15 11:26 - 01090529 _____ (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-11-15 11:24 - 2013-11-15 11:24 - 00050477 _____ C:\Users\Stefan\Desktop\Defogger.exe
2013-11-13 21:19 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-13 21:19 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-13 21:19 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-13 21:19 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-13 21:19 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:42 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 08:42 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 08:42 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 08:41 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 08:41 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 08:41 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 08:41 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 08:41 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 08:41 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 08:41 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 08:41 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 08:41 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 08:41 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 08:41 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 08:41 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 08:41 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 08:41 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 08:41 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-10 16:09 - 2013-11-10 16:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-02 22:12 - 2013-11-02 22:12 - 00000000 ____D C:\Users\Stefan\Downloads\FTLNT
2013-11-02 11:06 - 2013-11-02 11:07 - 00000000 ____D C:\Users\Stefan\Downloads\Ignorant Prayers Instrumentals
2013-10-29 23:10 - 2013-10-29 23:10 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-29 12:49 - 2013-11-02 10:31 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-29 11:44 - 2013-10-29 23:25 - 00000000 ____D C:\Users\Stefan\Documents\Kalle
2013-10-29 11:41 - 2013-10-29 11:41 - 00000000 ____D C:\Users\Stefan\Downloads\wetransfer-56cd78
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 16:11 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-10-20 16:11 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-10-20 16:11 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-10-20 16:11 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-10-20 16:09 - 2013-10-20 16:11 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-10-19 14:31 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
==================== One Month Modified Files and Folders =======
2013-11-15 15:04 - 2013-11-15 15:01 - 00012268 _____ C:\Users\Stefan\Desktop\FRST.txt
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\FRST
2013-11-15 14:59 - 2013-11-15 14:59 - 00000448 _____ C:\Users\Stefan\Desktop\defogger_disable.log
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 _____ C:\Users\Stefan\defogger_reenable
2013-11-15 14:59 - 2012-06-14 16:27 - 00000000 ____D C:\Users\Stefan
2013-11-15 14:31 - 2012-03-26 21:17 - 01790140 _____ C:\windows\WindowsUpdate.log
2013-11-15 14:30 - 2013-04-11 09:42 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 14:30 - 2009-07-14 05:39 - 00088120 _____ C:\windows\setupact.log
2013-11-15 11:26 - 2013-11-15 11:26 - 00377856 _____ C:\Users\Stefan\Desktop\fbhlpvv3.exe
2013-11-15 11:26 - 2013-11-15 11:25 - 01090529 _____ (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-11-15 11:24 - 2013-11-15 11:24 - 00050477 _____ C:\Users\Stefan\Desktop\Defogger.exe
2013-11-15 11:18 - 2009-07-14 05:34 - 00016160 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 11:18 - 2009-07-14 05:34 - 00016160 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 11:01 - 2010-11-20 22:01 - 01498506 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-15 10:54 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-15 08:25 - 2013-10-02 19:31 - 00000000 ____D C:\HebRechw
2013-11-14 11:53 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-11-14 10:53 - 2013-07-31 20:21 - 00000000 _____ C:\windows\system32\vireng.log
2013-11-14 00:43 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-11-13 21:19 - 2013-07-15 20:02 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 21:12 - 2012-06-15 08:58 - 80340640 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 14:12 - 2012-10-08 11:50 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc
2013-11-12 14:12 - 2012-09-19 10:18 - 00000000 ____D C:\Users\Stefan\Downloads\vid
2013-11-11 13:16 - 2013-10-10 12:49 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Dropbox
2013-11-11 13:15 - 2013-10-10 12:52 - 00000000 ___RD C:\Users\Stefan\Dropbox
2013-11-11 09:38 - 2012-06-14 17:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-10 16:10 - 2013-11-10 16:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-02 22:12 - 2013-11-02 22:12 - 00000000 ____D C:\Users\Stefan\Downloads\FTLNT
2013-11-02 11:07 - 2013-11-02 11:06 - 00000000 ____D C:\Users\Stefan\Downloads\Ignorant Prayers Instrumentals
2013-11-02 10:31 - 2013-10-29 12:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-29 23:25 - 2013-10-29 11:44 - 00000000 ____D C:\Users\Stefan\Documents\Kalle
2013-10-29 23:10 - 2013-10-29 23:10 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-29 11:41 - 2013-10-29 11:41 - 00000000 ____D C:\Users\Stefan\Downloads\wetransfer-56cd78
2013-10-28 12:00 - 2009-07-14 05:53 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 16:11 - 2013-10-20 16:09 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-10-20 16:11 - 2012-01-05 01:54 - 00000000 ____D C:\Program Files\Java
Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Stefan\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Stefan\AppData\Local\Temp\yvu80at4.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-01-05 01:20] - [2011-03-01 09:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-11 11:17
==================== End Of Log ============================
Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013
Ran by Stefan at 2013-11-15 15:07:54
Running from C:\Users\Stefan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
==================== Installed Programs ======================
AAVUpdateManager (Version: 18.00.0000)
ACSI Campsite Guide Europe 2013 (Version: 1.00.0000)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.2.0)
Adobe Acrobat 8.2.0 - CPSID_52074
Adobe Acrobat 8.2.0 Professional (Version: 8.2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.9.9)
CCleaner (Version: 3.28)
Cinergy T Stick RC V86.001.1129.2011 (Version: 86.001.1129.2011)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Citavi (Version: 3.4.0.2)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Dropbox (HKCU Version: 2.4.2)
Filfre 1.01 (Version: 1.0.1)
HebRech HebRechw (Version: 0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.8.1064)
Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Klebezettel NG (Version 2.9.12)
K-Lite Codec Pack 9.1.8 (Standard) (Version: 9.1.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0 (x86 de) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
Mozilla Thunderbird 24.1.0 (x86 de) (Version: 24.1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6516)
Realtek USB 2.0 Card Reader (Version: 6.1.7601.30130)
Realtek WLAN Driver (Version: 2.00.0016)
RedMon - Redirection Port Monitor
Skype™ 6.0 (Version: 6.0.126)
Sophos Anti-Virus (Version: 10.0.11)
Sophos AutoUpdate (Version: 2.7.4.317)
Steuer-Spar-Erklärung 2012 (Version: 17.11)
Steuer-Spar-Erklärung 2013 (Version: 18.09)
Synaptics Pointing Device Driver (Version: 15.3.27.1)
TerraTec Home Cinema (Version: 6.25.6)
TerraTec Remote Control (Version: 5.38)
TOSHIBA Assist (Version: 4.2.3.0)
TOSHIBA Audio Enhancement (Version: 1.0.2.7)
TOSHIBA Hardware Setup (Version: 2.1.0.6)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.9)
Toshiba Manuals (Version: 10.03)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA Service Station (Version: 2.2.13)
TOSHIBA Supervisor Password (Version: 2.1.0.2)
TOSHIBA Web Camera Application (Version: 2.0.3.29)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VLC media player 2.0.8 (Version: 2.0.8)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
xp-AntiSpy 3.98-2
==================== Restore Points =========================
15-10-2013 13:43:58 Windows Update
19-10-2013 13:30:51 Windows Update
20-10-2013 15:08:18 Installed Java 7 Update 45
25-10-2013 08:15:11 Windows Update
29-10-2013 10:13:44 Windows Update
06-11-2013 22:34:31 Windows Update
10-11-2013 15:04:33 Windows Update
13-11-2013 20:11:51 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0BA9D94A-67D6-4A6F-A13C-BA820CADEA66} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {43DDF87C-41AC-4DAF-9AEC-58DAB096BCED} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {D0BE26D5-11DC-478D-9354-A2530F5D8DF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {EA032E01-7249-4D7F-9D96-7F0ED63C4813} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-06-10 05:05 - 2011-06-10 05:05 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Object List" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "First Help" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "First Counter" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Help" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Counter" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Help" des Schlüssels "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Counter" des Schlüssels "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.
Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDS.MFL
Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDSBS.MFL
Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\IT-IT\MSFEEDS.MFL
System errors:
=============
Error: (11/15/2013 02:29:52 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (11/15/2013 10:54:36 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/15/2013 08:22:35 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/14/2013 02:22:33 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (11/14/2013 01:55:06 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/14/2013 01:18:01 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/14/2013 00:14:23 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (11/14/2013 10:18:57 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/14/2013 08:22:36 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (11/14/2013 08:09:40 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Object ListSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance8130000001A110000
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: First HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance121300000035210000FC100000
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: First CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance121300000034210000DF100000
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000E7210000C2100000
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000E6210000A5100000
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last HelpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib1213000000E721000087100000
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last CounterSOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib1213000000E62100006A100000
Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt)(User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDS.MFL
Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt)(User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDSBS.MFL
Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt)(User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\IT-IT\MSFEEDS.MFL
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 2033.77 MB
Available physical RAM: 1130.32 MB
Total Pagefile: 6129.77 MB
Available Pagefile: 4998.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.25 MB
==================== Drives ================================
Drive c: (TI30834800A) (Fixed) (Total:285.63 GB) (Free:164 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (CANON_DC) (Removable) (Total:7.5 GB) (Free:4.34 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: EF0C5DB5)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=17)
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)
==================== End Of Log ============================
GMER Log: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-15 19:18:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ES2O 298,09GB
Running: fbhlpvv3.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\kwlcrpob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81E80A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EBA212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\svchost.exe[368] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[368] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\lsass.exe[596] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[772] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[852] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[924] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[1024] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1068] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1116] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!CopyFileExW 764EB280 7 Bytes JMP 75A276B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!MoveFileWithProgressW 764F8DD4 5 Bytes JMP 75A27550 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] ole32.dll!CoCreateInstance 76139D0B 8 Bytes JMP 75A27990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WININET.dll!InternetQueryDataAvailable 75E38E1B 5 Bytes JMP 75A2E8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WININET.dll!InternetReadFile 75E3925D 5 Bytes JMP 75A2E8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WININET.dll!InternetOpenA 75E5EC8A 5 Bytes JMP 75A2E860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WININET.dll!InternetOpenUrlA 75ECD1C7 5 Bytes JMP 75A2E880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\Explorer.EXE[1616] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[1888] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!closesocket 76BF3918 5 Bytes JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!WSAStartup 76BF3AB2 7 Bytes JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!bind 76BF4582 5 Bytes JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!accept 76BF68B6 5 Bytes JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!recv 76BF6B0E 5 Bytes JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!connect 76BF6BDD 5 Bytes JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!send 76BF6F01 5 Bytes JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!getpeername 76BF7147 5 Bytes JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!listen 76BFB001 5 Bytes JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[2420] WS2_32.dll!WSASocketA 76BFC82A 5 Bytes JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\system32\svchost.exe[3080] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] ntdll.dll!RtlExitUserThread 77A3F608 5 Bytes JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] ntdll.dll!KiUserExceptionDispatcher 77A57048 5 Bytes JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] ntdll.dll!LdrLoadDll 77A722AE 5 Bytes JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!CreateProcessA 764B2082 5 Bytes JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!ResumeThread 764F171F 5 Bytes JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!VirtualProtect 764F2C15 5 Bytes JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryExA 764F44AE 5 Bytes JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryExW 764F50C1 5 Bytes JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!GlobalAlloc 764FA16D 5 Bytes JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!GetProcAddress 764FCC84 5 Bytes JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryA 764FDC55 5 Bytes JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!CreateFileA 764FEA51 5 Bytes JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryW 764FEF32 5 Bytes JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!FreeLibrary 764FEF57 5 Bytes JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!WriteFile 765053DE 5 Bytes JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!ExitProcess 7650BBD2 5 Bytes JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!CreateProcessInternalA 7650C88C 5 Bytes JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!WriteFileEx 7651551D 5 Bytes JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!GetThreadContext 76518BC4 5 Bytes JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!WriteProcessMemory 7651958F 5 Bytes JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!WinExec 7653ED9E 5 Bytes JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!VirtualProtectEx 7653FD39 5 Bytes JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text C:\windows\System32\svchost.exe[3340] kernel32.dll!SetThreadContext 765408B3 5 Bytes JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
|
|
15.11.2013, 22:28
| #2 |
| /// TB-Ausbilder   | WIN 7 Starter: Win32/Small.CA-Virus Hallo,
__________________das ist ein bekannter Fehlalarm, da sich Sophos und der Windows Defender nicht vertragen. Du solltest den Defender wie folgt deaktivieren. Deine Logs sehen sauber aus.  Hinweis: Windows Defender deaktivierenDa du einen anderen Virenscanner benutzt, solltest du den windowseigenen Scanner ausschalten:
__________________ |
|
15.11.2013, 22:37
| #3 |
| | WIN 7 Starter: Win32/Small.CA-Virus Sauber! Ihr seid die Geilsten.
__________________ |
|
15.11.2013, 22:56
| #4 |
| /// TB-Ausbilder | WIN 7 Starter: Win32/Small.CA-Virus Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu WIN 7 Starter: Win32/Small.CA-Virus |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, adobe, alert, browser, canon, defender, device driver, farbar recovery scan tool, flash player, frst log:, home, homepage, monitor, mozilla, ntdll.dll, object, performance, plug-in, realtek, registry, remote control, scan, secur, security, services.exe, software, stick, system, updates, virus, vista, windows, wlan |
Linear-Darstellung
