Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme
Firewall ist aussgeschaltet

Firewall ist aussgeschaltet


Antiviren-, Firewall- und andere Schutzprogramme: Firewall ist aussgeschaltet

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 05.01.2010, 19:00   #1
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Hallo,
ich habe ein Problem mit der Firewall nämlich wenn ich mein PC(LAPTOTP) neu starte ist meine Firewall immer deaktiviert und es kommt auch eine Meldung.
Mein anderes Antiviren Programm (Bluewin Security) ist aber eingeschaltet.
Wieso ist meine Firewall eig aus und wie kann ich es Permanent eingeschaltet haben?

Alt 06.01.2010, 11:31   #2
kira
/// Helfer-Team
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Hallo und Herzlich Willkommen!

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
lade Dir HijackThis 2.0.2 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

2.
ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

3.
Für XP und Win2000 (ansonsten auslassen)
→ lade Dir das filelist.zip auf deinen Desktop herunter
→ entpacke die Zip-Datei auf deinen Desktop
→ starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
→ kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread
** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen!

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________
Alt 06.01.2010, 12:01   #3
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Schritt 1

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:02, on 06.01.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Users\David\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Bluewin Security\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ANYCOM\Bluetooth-USB\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guildwiki.de/wiki/Hauptseite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Bluewin Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Bluewin Security\NRS\iescript\baselitmus.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bluewin Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dynageoviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A250EB2-C942-40C9-8010-CEC49AE5F15E}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bluewin Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bluewin Security\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9f1cd98326900) (gupdate1c9f1cd98326900) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 14913 bytes
Das war das was ich mit hijack bekommen habe
__________________
Geändert von Lachern (06.01.2010 um 12:09 Uhr)

Alt 06.01.2010, 12:08   #4
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


extras finde ich nicht auf meinem computer ich habe windows vista.

Alt 06.01.2010, 19:36   #5
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Schritt 4
Und habe es gefunden mit dem ''computer'' Ordneroptionen.


Acer Crystal Eye Webcam 2.0.8 SuYin 30.09.2008 2.95MB 2.0.8
Acer eAudio Management CyberLink Corp. 30.09.2008 2.17MB 3.0.3007
Acer eDataSecurity Management Egis Inc. 17.04.2008 62.7MB 3.0.3060
Acer Empowering Technology Acer Incorporated 17.04.2008 140.7MB 3.0.3006
Acer ePower Management Acer Incorporated 17.04.2008 9.63MB 3.0.3008
Acer eRecovery Management Acer Incorporated 30.09.2008 27.5MB 3.0.3013
Acer eSettings Management Acer Incorporated 30.09.2008 27.4MB 3.0.3007
Acer GameZone Console 2.0.1.1 Oberon Media, Inc. 17.04.2008 38.5MB
Acer GridVista 30.09.2008 1.51MB 2.72.317
Acer Mobility Center Plug-In Acer Inc. 17.04.2008 4.13MB 3.0.3000
Acer ScreenSaver Acer Incorporated 30.09.2008 1.12.0506
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 30.09.2008 14.0MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 09.08.2009 10.0.32.18
Adobe Reader 8.1.0 Adobe Systems Incorporated 17.04.2008 87.9MB 8.1.0
Adobe Shockwave Player Adobe Systems, Inc. 11.10.2008 7.27MB 11
Agatha Christie Death on the Nile Oberon Media 30.09.2008 160.8MB
Agere Systems HDA Modem Agere Systems 17.04.2008
Alice Greenfingers Oberon Media 30.09.2008 13.3MB
ANYCOM Bluetooth Software 6.1.0.4700 ANYCOM Technologies 05.12.2008 38.4MB 6.1.0.4700
Apple Mobile Device Support Apple Inc. 29.01.2009 37.1MB 2.1.2.7
Apple Software Update Apple Inc. 29.01.2009 2.16MB 2.1.1.116
Augentraining 24.12.2008 15.6MB
Azada Oberon Media 30.09.2008 61.8MB
Backspin Billiards Oberon Media 30.09.2008 9.09MB
Big Kahuna Reef Oberon Media 30.09.2008 11.4MB
Bricks of Egypt Oberon Media 30.09.2008 6.73MB
Broadcom Gigabit Integrated Controller Broadcom Corporation 17.04.2008 1.01MB 11.11.03
Cake Mania Oberon Media 30.09.2008 17.5MB
CCleaner Piriform 05.01.2010 2.71MB 2.27
Chicken Invaders 3 Oberon Media 30.09.2008 53.4MB
Chuzzle Oberon Media 30.09.2008 10.3MB
Corel Paint Shop Pro Photo X2 Corel Corporation 30.08.2009 380.8MB 12.50.0000
Dawn of War - Dark Crusade THQ 03.10.2008 4'268.4MB 1.00.0000
Die Sims™ 3 Electronic Arts 20.12.2009 5'642.8MB 1.8.25
Diner Dash Flo on the Go Oberon Media 30.09.2008 17.2MB
Dr.Brain GehirnJogging 27.12.2008 16.8MB
EA Download Manager Electronic Arts, Inc. 10.09.2009 7.97MB 5.1.0.4
eSobi v2 esobi Inc. 17.04.2008 17.0MB 2.0.3.000189
Frontlines: Fuel of War THQ 08.10.2009 11'232.1MB 1.0.1
Gehirn Sport 24.12.2008 22.0MB
Google Chrome Google Inc. 19.06.2009 59.5MB 3.0.195.27
Google Earth Google 19.08.2009 32.0MB 5.0.11733.9347
Google Earth Plug-in Google 23.09.2009 34.0MB 5.1.3509.4636
Google Toolbar for Internet Explorer Google Inc. 27.11.2009 3.96MB
Google Updater Google Inc. 21.03.2009 3.36MB 2.4.1536.6592
GUILD WARS 01.10.2008 3'089.8MB
GW Team Builder 1.2.1 Robert Mischke (aka Xanon) 13.03.2009 4.35MB
GW-Value GW-Tactics 26.06.2009 8.62MB 1.1.0.000
HijackThis 2.0.2 TrendMicro 27.10.2009 0.39MB 2.0.2
Hotel Gigant 2 Nobilis 02.12.2008 1'997.9MB 1.00
HP Update Hewlett-Packard 27.10.2008 3.76MB 4.000.012.001
Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 09.10.2009 78.4MB 12.02.0000
Intel® Matrix Storage Manager Intel Corporation 30.09.2008 37.3MB
Internet Security 27.10.2009 569.5MB
Java(TM) 6 Update 13 Sun Microsystems, Inc. 13.02.2009 94.5MB 6.0.130
Jewel Quest Solitaire Oberon Media 30.09.2008 27.0MB
JMicron JMB38X Flash Media Controller JMicron Technology Corp. 17.04.2008 2.26MB 1.00.10.04
Kick N Rush Oberon Media 30.09.2008 43.3MB
Launch Manager 30.09.2008 2.66MB
LOST PLANET COLONIES CAPCOM CO.,LTD. 05.06.2009 3'993.3MB 1.00.129
Mahjong Escape Ancient China Oberon Media 30.09.2008 13.6MB
Mahjongg Artifacts Oberon Media 30.09.2008 15.9MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 19.10.2009 3.99MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 13.08.2009 37.0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.08.2009 37.0MB
Microsoft Age of Empires Gold 03.10.2008 214.6MB
Microsoft Games for Windows - LIVE Microsoft Corporation 15.12.2009 8.31MB 3.2.217.0
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 20.11.2009 32.3MB 3.1.99.0
Microsoft IntelliPoint 6.2 Microsoft 01.10.2008 16.8MB 6.20.182.0
Microsoft Office Home and Student 2007 Microsoft Corporation 09.08.2009 298.1MB 12.0.6425.1000
Microsoft Office Live Add-in 1.4 Microsoft Corporation 09.10.2009 0.49MB 2.0.3008.0
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 16.10.2009 41.3MB 12.0.6425.1000
Microsoft Rise Of Nations Microsoft 22.11.2008 1'534.5MB
Microsoft Silverlight Microsoft Corporation 09.09.2009 3.14MB 3.0.40818.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.01.2009 1.74MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 18.04.2009 0.61MB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 18.04.2009 1.45MB 1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 11.08.2009 0.25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.04.2008 0.41MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 04.01.2010 0.19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.01.2010 0.58MB 9.0.30729
Microsoft Works Microsoft Corporation 11.12.2009 282.6MB 08.05.0822
Microsoft WSE 3.0 Runtime Microsoft Corp. 05.06.2009 0.92MB 3.0.5305.0
Move Networks Media Player for Internet Explorer 12.08.2009 1.09MB
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 01.10.2008 1.27MB 4.20.9848.0
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 01.10.2008 1.27MB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1.28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1.35MB 4.20.9876.0
MSXML4 Parser Microsoft Game Studios 22.11.2008 76.00KB 1.0.0
Mumble and Murmur Mumble 15.07.2009 28.7MB 1.1.8
Mystery Case Files - Huntsville Oberon Media 30.09.2008 24.4MB
Mystery Solitaire - Secret Island Oberon Media 30.09.2008 19.9MB
NTI Backup Now 5 NewTech Infosystems 17.04.2008 28.6MB 5.1.2.503
NTI Media Maker 8 NewTech Infosystems 17.04.2008 181.5MB 8.0.2.6322
NVIDIA Drivers NVIDIA Corporation 13.03.2009
NVIDIA PhysX v8.09.04 NVIDIA Corporation 13.03.2009 130.4MB 8.09.04
Orion Convesoft 17.04.2008 12.2MB 2.0.1
paw·ned² v1.2 JN-GAMES Software 26.06.2009 11.1MB
Picasa 3 Google, Inc. 05.07.2009 53.7MB 3.1
PowerDirector CyberLink Corp. 17.04.2008 4.00KB 6.5.2713
Prevx Prevx 17.12.2009 5.94MB 3.0.5.40
PunkBuster Services Even Balance, Inc. 08.10.2009 0.986
QuickTime Apple Inc. 29.01.2009 74.4MB 7.60.92.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17.04.2008 21.5MB 6.0.1.5612
Rise and Fall Midway Games 01.10.2008 2'489.4MB 1.00.0000
Rise Of Legends Microsoft Game Studios 30.09.2008 2'447.1MB 1.00.0000
Rise of Nations Thrones and Patriots 22.11.2008 1'534.5MB
Roblox for David ROBLOX Corporation 14.04.2009 27.0MB
RollerCoaster Tycoon 3 03.04.2009 726.7MB 1.00.000
SAMSUNG Mobile USB Modem 1.0 Software 12.11.2008
Samsung PC Studio 3 USB Driver Installer Samsung Electronics Co., Ltd. 12.11.2008 1.72MB 1.00.0000
SecondLife (remove only) 14.09.2009 82.5MB
SimCity 4 Deluxe 15.04.2009 1'194.8MB
Skype™ 4.0 Skype Technologies S.A. 19.06.2009 32.6MB 4.0.227
Stronghold 2 Deluxe Firefly Studios 04.06.2009 979.7MB 1.40.100
Synaptics Pointing Device Driver Synaptics 17.04.2008 14.0MB 10.2.4.0
TeamSpeak 2 RC2 Dominating Bytes Design 14.02.2009 2.0.32.60
TeamSpeak 3 Client TeamSpeak Systems GmbH 02.01.2010 24.8MB
Turbo Pizza Oberon Media 30.09.2008 175.4MB
Ventrilo Client Flagship Industries, Inc. 31.05.2009 4.43MB 3.0.5
War Rock GamersFirst 16.10.2009 1'827.6MB 1.00.0000
Windows Live Essentials Microsoft Corporation 01.10.2009 144.2MB 14.0.8089.0726
Windows Live Favorites für Windows Live Toolbar Microsoft Corporation 01.10.2008 1.80MB 03.01.0146
Windows Live ID-Anmelde-Assistent Microsoft Corporation 09.10.2009 4.69MB 6.500.3146.0
Windows Live Sync Microsoft Corporation 01.10.2009 2.79MB 14.0.8089.726
Windows Live-Uploadtool Microsoft Corporation 07.01.2009 0.22MB 14.0.8014.1029
WinZip 12.1 WinZip Computing, S.L. 25.09.2009 15.9MB 12.1.8519
Yahoo! Install Manager 15.06.2009 27.0MB
Yahoo! Toolbar 30.09.2008 2.65MB
Yahoo! Widgets Yahoo! Inc. 15.06.2009 23.3MB 4.5.2.0
Zattoo 3.3.4 Beta Zattoo Inc. 23.06.2009 17.9MB 3.3.4 Beta
Zuma Deluxe Oberon Media 30.09.2008 11.2MB


Alt 06.01.2010, 20:36   #6
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


ich weiss gerade nicht was passiert ist GMER war fertig ich klickte auf save und dann auf ok weil ich dachte wenns gespeichert ist ist es besser.
Danach wollte ich ins internet explorer rein aber es ging nicht ich versuche also meine dateien wieder rückgängig machen also nicht mehr öffentlich.Daraufhin wollte ich durch google chrom rein und mein computer stürzte ab als es wieder heraufstarte kamm das:
Code:
ATTFilter
Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.0.6002.2.2.0.768.3
  Gebietsschema-ID:	2055

Zusatzinformationen zum Problem:
  BCCode:	f4
  BCP1:	00000003
  BCP2:	89FFD5C8
  BCP3:	89FFD714
  BCP4:	82A5E650
  OS Version:	6_0_6002
  Service Pack:	2_0
  Product:	768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\Mini010610-01.dmp
  C:\Users\David\AppData\Local\temp\WER-58703-0.sysdata.xml
  C:\Users\David\AppData\Local\temp\WERFC67.tmp.version.txt

Lesen Sie unsere Datenschutzrichtlinie:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0407

Alt 06.01.2010, 20:38   #7
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


und das ist der Log von gmer:

Code:
ATTFilter
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 20:27:25
Windows 6.0.6002 Service Pack 2
Running: download[1].exe; Driver: C:\Users\David\AppData\Local\Temp\pwrcapod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                              ZwAssignProcessToJobObject [0x90FCC1CC]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwCreateThread [0x90F65E8C]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwLoadDriver [0x90F661BC]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwMapViewOfSection [0x90F65BCC]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                              ZwOpenProcess [0x90FCC51A]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwOpenSection [0x90F665EE]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                              ZwOpenThread [0x90FCC3F6]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                              ZwProtectVirtualMemory [0x90FCC292]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwRenameKey [0x90F6788C]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                              ZwSetContextThread [0x90FCC18E]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwSetSystemInformation [0x90F6643E]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwSuspendProcess [0x90F65A4C]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwSuspendThread [0x90F65EC0]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwSystemDebugControl [0x90F66042]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwTerminateProcess [0x90F659A6]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwTerminateThread [0x90F65B06]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwWriteVirtualMemory [0x90F65F86]
SSDT            \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys                                                                                         ZwCreateThreadEx [0x90F65EA6]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 191                                                                                                                       828E48D4 4 Bytes  [CC, C1, FC, 90] {INT 3 ; SAR ESP, 0x90}
.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                                                       828E4964 4 Bytes  [8C, 5E, F6, 90] {MOV WORD [ESI-0xa], DS; NOP }
.text           ntkrnlpa.exe!KeSetEvent + 37D                                                                                                                       828E4AC0 4 Bytes  [BC, 61, F6, 90]
.text           ntkrnlpa.exe!KeSetEvent + 3AD                                                                                                                       828E4AF0 4 Bytes  [CC, 5B, F6, 90]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                                                       828E4B34 4 Bytes  [1A, C5, FC, 90] {SBB AL, CH; CLD ; NOP }
.text           ...                                                                                                                                                 
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                            section is writeable [0x8EC04340, 0x3EB4E7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ntdll.dll!NtCreateProcess                                         77634494 5 Bytes  JMP 001B000C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ntdll.dll!NtCreateProcessEx                                       776344A4 5 Bytes  JMP 001B100C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ntdll.dll!NtCreateUserProcess                                     77635804 5 Bytes  JMP 001B200C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] kernel32.dll!LoadLibraryExW                                       75EF9109 5 Bytes  JMP 001B300C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] kernel32.dll!TerminateThread                                      75F141F7 5 Bytes  JMP 001B400C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!CloseServiceHandle                                   765F82A5 5 Bytes  JMP 001B800C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!OpenServiceW                                         765F8354 5 Bytes  JMP 001B600C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!CreateServiceW                                       76619EB4 5 Bytes  JMP 001B900C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!ControlService                                       76619FB8 5 Bytes  JMP 001B700C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] USER32.dll!SetWindowsHookExW                                      762F87AD 5 Bytes  JMP 001B500C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] USER32.dll!DdeConnect                                             76339A1F 5 Bytes  JMP 001BB00C 
.text           C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ole32.dll!CoCreateInstanceEx                                      761F9EE9 5 Bytes  JMP 001BA00C 
.text           C:\Windows\system32\wininit.exe[688] ntdll.dll!NtCreateProcess                                                                                      77634494 5 Bytes  JMP 0023000C 
.text           C:\Windows\system32\wininit.exe[688] ntdll.dll!NtCreateProcessEx                                                                                    776344A4 5 Bytes  JMP 0023100C 
.text           C:\Windows\system32\wininit.exe[688] ntdll.dll!NtCreateUserProcess                                                                                  77635804 5 Bytes  JMP 0023200C 
.text           C:\Windows\system32\wininit.exe[688] kernel32.dll!LoadLibraryExW                                                                                    75EF9109 5 Bytes  JMP 0023300C 
.text           C:\Windows\system32\wininit.exe[688] kernel32.dll!TerminateThread                                                                                   75F141F7 5 Bytes  JMP 0023400C 
.text           C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CloseServiceHandle                                                                                765F82A5 5 Bytes  JMP 0023800C 
.text           C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!OpenServiceW                                                                                      765F8354 5 Bytes  JMP 0023600C 
.text           C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CreateServiceW                                                                                    76619EB4 5 Bytes  JMP 0023900C 
.text           C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ControlService                                                                                    76619FB8 5 Bytes  JMP 0023700C 
.text           C:\Windows\system32\wininit.exe[688] USER32.dll!SetWindowsHookExW                                                                                   762F87AD 5 Bytes  JMP 0023500C 
.text           C:\Windows\system32\wininit.exe[688] USER32.dll!DdeConnect                                                                                          76339A1F 5 Bytes  JMP 0023A00C 
.text           C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateProcess                                                                                        77634494 5 Bytes  JMP 0019000C 
.text           C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateProcessEx                                                                                      776344A4 5 Bytes  JMP 0019100C 
.text           C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateUserProcess                                                                                    77635804 5 Bytes  JMP 0019200C 
.text           C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW                                                                                      75EF9109 5 Bytes  JMP 0019300C 
.text           C:\Windows\system32\lsass.exe[744] kernel32.dll!TerminateThread                                                                                     75F141F7 5 Bytes  JMP 0019400C 
.text           C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!CloseServiceHandle                                                                                  765F82A5 5 Bytes  JMP 0019800C 
.text           C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!OpenServiceW                                                                                        765F8354 5 Bytes  JMP 0019600C 
.text           C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!CreateServiceW                                                                                      76619EB4 5 Bytes  JMP 0019900C 
.text           C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!ControlService                                                                                      76619FB8 5 Bytes  JMP 0019700C 
.text           C:\Windows\system32\lsass.exe[744] USER32.dll!SetWindowsHookExW                                                                                     762F87AD 5 Bytes  JMP 0019500C 
.text           C:\Windows\system32\lsass.exe[744] USER32.dll!DdeConnect                                                                                            76339A1F 5 Bytes  JMP 0019B00C 
.text           C:\Windows\system32\lsass.exe[744] ole32.dll!CoCreateInstanceEx                                                                                     761F9EE9 5 Bytes  JMP 0019A00C 
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtCreateProcess                                                                                          77634494 5 Bytes  JMP 000D000C 
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtCreateProcessEx                                                                                        776344A4 5 Bytes  JMP 000D100C 
.text           C:\Windows\system32\lsm.exe[752] ntdll.dll!NtCreateUserProcess                                                                                      77635804 5 Bytes  JMP 000D200C 
.text           C:\Windows\system32\lsm.exe[752] kernel32.dll!LoadLibraryExW                                                                                        75EF9109 5 Bytes  JMP 000D300C 
.text           C:\Windows\system32\lsm.exe[752] kernel32.dll!TerminateThread                                                                                       75F141F7 5 Bytes  JMP 000D400C 
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!CloseServiceHandle                                                                                    765F82A5 5 Bytes  JMP 000D800C 
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!OpenServiceW                                                                                          765F8354 5 Bytes  JMP 000D600C 
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!CreateServiceW                                                                                        76619EB4 5 Bytes  JMP 000D900C 
.text           C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ControlService                                                                                        76619FB8 5 Bytes  JMP 000D700C 
.text           C:\Windows\system32\lsm.exe[752] USER32.dll!SetWindowsHookExW                                                                                       762F87AD 5 Bytes  JMP 000D500C 
.text           C:\Windows\system32\lsm.exe[752] USER32.dll!DdeConnect                                                                                              76339A1F 5 Bytes  JMP 000DA00C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ntdll.dll!NtCreateProcess                                                                           77634494 5 Bytes  JMP 011A000C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ntdll.dll!NtCreateProcessEx                                                                         776344A4 5 Bytes  JMP 011A100C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ntdll.dll!NtCreateUserProcess                                                                       77635804 5 Bytes  JMP 011A200C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] kernel32.dll!LoadLibraryExW                                                                         75EF9109 5 Bytes  JMP 011A300C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] kernel32.dll!TerminateThread                                                                        75F141F7 5 Bytes  JMP 011A400C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!CloseServiceHandle                                                                     765F82A5 5 Bytes  JMP 011A800C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!OpenServiceW                                                                           765F8354 5 Bytes  JMP 011A600C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!CreateServiceW                                                                         76619EB4 5 Bytes  JMP 011A900C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!ControlService                                                                         76619FB8 5 Bytes  JMP 011A700C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] USER32.dll!SetWindowsHookExW                                                                        762F87AD 5 Bytes  JMP 011A500C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] USER32.dll!DdeConnect                                                                               76339A1F 5 Bytes  JMP 011AB00C 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ole32.dll!CoCreateInstanceEx                                                                        761F9EE9 5 Bytes  JMP 011AA00C 
.text           C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateProcess                                                                                      77634494 5 Bytes  JMP 002A000C 
.text           C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateProcessEx                                                                                    776344A4 5 Bytes  JMP 002A100C 
.text           C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateUserProcess                                                                                  77635804 5 Bytes  JMP 002A200C 
.text           C:\Windows\system32\nvvsvc.exe[988] ntdll.dll!NtCreateProcess                                                                                       77634494 5 Bytes  JMP 003E000C 
.text           C:\Windows\system32\nvvsvc.exe[988] ntdll.dll!NtCreateProcessEx                                                                                     776344A4 5 Bytes  JMP 003E100C 
.text           C:\Windows\system32\nvvsvc.exe[988] ntdll.dll!NtCreateUserProcess                                                                                   77635804 5 Bytes  JMP 003E200C 
.text           C:\Windows\system32\nvvsvc.exe[988] kernel32.dll!LoadLibraryExW                                                                                     75EF9109 5 Bytes  JMP 003E300C 
.text           C:\Windows\system32\nvvsvc.exe[988] kernel32.dll!TerminateThread                                                                                    75F141F7 5 Bytes  JMP 003E400C 
.text           C:\Windows\system32\nvvsvc.exe[988] USER32.dll!SetWindowsHookExW                                                                                    762F87AD 5 Bytes  JMP 003E500C 
.text           C:\Windows\system32\nvvsvc.exe[988] USER32.dll!DdeConnect                                                                                           76339A1F 5 Bytes  JMP 003EB00C 
.text           C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!CloseServiceHandle                                                                                 765F82A5 5 Bytes  JMP 003E800C 
.text           C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!OpenServiceW                                                                                       765F8354 5 Bytes  JMP 003E600C 
.text           C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!CreateServiceW                                                                                     76619EB4 5 Bytes  JMP 003E900C 
.text           C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!ControlService                                                                                     76619FB8 5 Bytes  JMP 003E700C 
.text           C:\Windows\system32\nvvsvc.exe[988] ole32.dll!CoCreateInstanceEx                                                                                    761F9EE9 5 Bytes  JMP 003EA00C 
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0027000C 
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0027100C 
.text           C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0027200C 
.text           C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 013B000C 
.text           C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 013B100C 
.text           C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 013B200C 
.text           C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0043000C 
.text           C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0043100C 
.text           C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0043200C 
.text           C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 00DB000C 
.text           C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 00DB100C 
.text           C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 00DB200C 
.text           C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 012D000C 
.text           C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 012D100C 
.text           C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 012D200C 
.text           C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0042000C 
.text           C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0042100C 
.text           C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0042200C 
.text           C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0021000C 
.text           C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0021100C 
.text           C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0021200C 
.text           C:\Windows\system32\winlogon.exe[1404] ntdll.dll!NtCreateProcess                                                                                    77634494 5 Bytes  JMP 0086000C 
.text           C:\Windows\system32\winlogon.exe[1404] ntdll.dll!NtCreateProcessEx                                                                                  776344A4 5 Bytes  JMP 0086100C 
.text           C:\Windows\system32\winlogon.exe[1404] ntdll.dll!NtCreateUserProcess                                                                                77635804 5 Bytes  JMP 0086200C 
.text           C:\Windows\system32\winlogon.exe[1404] kernel32.dll!LoadLibraryExW                                                                                  75EF9109 5 Bytes  JMP 0086300C 
.text           C:\Windows\system32\winlogon.exe[1404] kernel32.dll!TerminateThread                                                                                 75F141F7 5 Bytes  JMP 0086400C 
.text           C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!CloseServiceHandle                                                                              765F82A5 5 Bytes  JMP 0086800C 
.text           C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!OpenServiceW                                                                                    765F8354 5 Bytes  JMP 0086600C 
.text           C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!CreateServiceW                                                                                  76619EB4 5 Bytes  JMP 0086900C 
.text           C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!ControlService                                                                                  76619FB8 5 Bytes  JMP 0086700C 
.text           C:\Windows\system32\winlogon.exe[1404] USER32.dll!SetWindowsHookExW                                                                                 762F87AD 5 Bytes  JMP 0086500C 
.text           C:\Windows\system32\winlogon.exe[1404] USER32.dll!DdeConnect                                                                                        76339A1F 5 Bytes  JMP 0086B00C 
.text           C:\Windows\system32\winlogon.exe[1404] ole32.dll!CoCreateInstanceEx                                                                                 761F9EE9 5 Bytes  JMP 0086A00C 
.text           C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 00FE000C 
.text           C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 00FE100C 
.text           C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 00FE200C 
.text           C:\Windows\system32\WLANExt.exe[1600] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0190000C 
.text           C:\Windows\system32\WLANExt.exe[1600] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0190100C 
.text           C:\Windows\system32\WLANExt.exe[1600] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0190200C 
.text           C:\Windows\system32\WLANExt.exe[1600] kernel32.dll!LoadLibraryExW                                                                                   75EF9109 5 Bytes  JMP 0190300C 
.text           C:\Windows\system32\WLANExt.exe[1600] kernel32.dll!TerminateThread                                                                                  75F141F7 5 Bytes  JMP 0190400C 
.text           C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!CloseServiceHandle                                                                               765F82A5 5 Bytes  JMP 0190800C 
.text           C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!OpenServiceW                                                                                     765F8354 5 Bytes  JMP 0190600C 
.text           C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!CreateServiceW                                                                                   76619EB4 5 Bytes  JMP 0190900C 
.text           C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!ControlService                                                                                   76619FB8 5 Bytes  JMP 0190700C 
.text           C:\Windows\system32\WLANExt.exe[1600] USER32.dll!SetWindowsHookExW                                                                                  762F87AD 5 Bytes  JMP 0190500C 
.text           C:\Windows\system32\WLANExt.exe[1600] USER32.dll!DdeConnect                                                                                         76339A1F 5 Bytes  JMP 0190B00C 
.text           C:\Windows\system32\WLANExt.exe[1600] ole32.dll!CoCreateInstanceEx                                                                                  761F9EE9 5 Bytes  JMP 0190A00C 
.text           C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 003F000C 
.text           C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 003F100C 
.text           C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 003F200C 
.text           C:\Windows\system32\Dwm.exe[1816] ntdll.dll!NtCreateProcess                                                                                         77634494 5 Bytes  JMP 0013000C 
.text           C:\Windows\system32\Dwm.exe[1816] ntdll.dll!NtCreateProcessEx                                                                                       776344A4 5 Bytes  JMP 0013100C 
.text           C:\Windows\system32\Dwm.exe[1816] ntdll.dll!NtCreateUserProcess                                                                                     77635804 5 Bytes  JMP 0013200C 
.text           C:\Windows\system32\Dwm.exe[1816] kernel32.dll!LoadLibraryExW                                                                                       75EF9109 5 Bytes  JMP 0013300C 
.text           C:\Windows\system32\Dwm.exe[1816] kernel32.dll!TerminateThread                                                                                      75F141F7 5 Bytes  JMP 0013400C 
.text           C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!CloseServiceHandle                                                                                   765F82A5 5 Bytes  JMP 0013800C 
.text           C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!OpenServiceW                                                                                         765F8354 5 Bytes  JMP 0013600C 
.text           C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!CreateServiceW                                                                                       76619EB4 5 Bytes  JMP 0013900C 
.text           C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!ControlService                                                                                       76619FB8 5 Bytes  JMP 0013700C 
.text           C:\Windows\system32\Dwm.exe[1816] USER32.dll!SetWindowsHookExW                                                                                      762F87AD 5 Bytes  JMP 0013500C 
.text           C:\Windows\system32\Dwm.exe[1816] USER32.dll!DdeConnect                                                                                             76339A1F 5 Bytes  JMP 0013B00C 
.text           C:\Windows\system32\Dwm.exe[1816] ole32.dll!CoCreateInstanceEx                                                                                      761F9EE9 5 Bytes  JMP 0013A00C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ntdll.dll!NtCreateProcess                                                                                    77634494 5 Bytes  JMP 000B000C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ntdll.dll!NtCreateProcessEx                                                                                  776344A4 5 Bytes  JMP 000B100C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ntdll.dll!NtCreateUserProcess                                                                                77635804 5 Bytes  JMP 000B200C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] kernel32.dll!LoadLibraryExW                                                                                  75EF9109 5 Bytes  JMP 000B300C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] kernel32.dll!TerminateThread                                                                                 75F141F7 5 Bytes  JMP 000B400C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!CloseServiceHandle                                                                              765F82A5 5 Bytes  JMP 000B800C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!OpenServiceW                                                                                    765F8354 5 Bytes  JMP 000B600C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!CreateServiceW                                                                                  76619EB4 5 Bytes  JMP 000B900C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!ControlService                                                                                  76619FB8 5 Bytes  JMP 000B700C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] USER32.dll!SetWindowsHookExW                                                                                 762F87AD 5 Bytes  JMP 000B500C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] USER32.dll!DdeConnect                                                                                        76339A1F 5 Bytes  JMP 000BB00C 
.text           C:\Windows\system32\agrsmsvc.exe[1924] ole32.dll!CoCreateInstanceEx                                                                                 761F9EE9 5 Bytes  JMP 000BA00C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!NtCreateProcess                          77634494 5 Bytes  JMP 0017000C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!NtCreateProcessEx                        776344A4 5 Bytes  JMP 0017100C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!NtCreateUserProcess                      77635804 5 Bytes  JMP 0017200C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] kernel32.dll!LoadLibraryExW                        75EF9109 5 Bytes  JMP 0017300C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] kernel32.dll!TerminateThread                       75F141F7 5 Bytes  JMP 0017400C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!CloseServiceHandle                    765F82A5 5 Bytes  JMP 0017800C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!OpenServiceW                          765F8354 5 Bytes  JMP 0017600C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!CreateServiceW                        76619EB4 5 Bytes  JMP 0017900C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!ControlService                        76619FB8 5 Bytes  JMP 0017700C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!SetWindowsHookExW                       762F87AD 5 Bytes  JMP 0017500C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!DdeConnect                              76339A1F 5 Bytes  JMP 0017B00C 
.text           C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ole32.dll!CoCreateInstanceEx                       761F9EE9 5 Bytes  JMP 0017A00C 
.text           C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0021000C 
.text           C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0021100C 
.text           C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0021200C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ntdll.dll!NtCreateProcess                                                               77634494 5 Bytes  JMP 0036000C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ntdll.dll!NtCreateProcessEx                                                             776344A4 5 Bytes  JMP 0036100C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ntdll.dll!NtCreateUserProcess                                                           77635804 5 Bytes  JMP 0036200C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] kernel32.dll!LoadLibraryExW                                                             75EF9109 5 Bytes  JMP 0036300C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] kernel32.dll!TerminateThread                                                            75F141F7 5 Bytes  JMP 0036400C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!CloseServiceHandle                                                         765F82A5 5 Bytes  JMP 0036800C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!OpenServiceW                                                               765F8354 5 Bytes  JMP 0036600C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!CreateServiceW                                                             76619EB4 5 Bytes  JMP 0036900C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!ControlService                                                             76619FB8 5 Bytes  JMP 0036700C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] USER32.dll!SetWindowsHookExW                                                            762F87AD 5 Bytes  JMP 0036500C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] USER32.dll!DdeConnect                                                                   76339A1F 5 Bytes  JMP 0036B00C 
.text           C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ole32.dll!CoCreateInstanceEx                                                            761F9EE9 5 Bytes  JMP 0036A00C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ntdll.dll!NtCreateProcess                                           77634494 5 Bytes  JMP 007B000C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ntdll.dll!NtCreateProcessEx                                         776344A4 5 Bytes  JMP 007B100C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ntdll.dll!NtCreateUserProcess                                       77635804 5 Bytes  JMP 007B200C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] kernel32.dll!LoadLibraryExW                                         75EF9109 5 Bytes  JMP 007B300C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] kernel32.dll!TerminateThread                                        75F141F7 5 Bytes  JMP 007B400C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!CloseServiceHandle                                     765F82A5 5 Bytes  JMP 007B800C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!OpenServiceW                                           765F8354 5 Bytes  JMP 007B600C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!CreateServiceW                                         76619EB4 5 Bytes  JMP 007B900C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!ControlService                                         76619FB8 5 Bytes  JMP 007B700C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] USER32.dll!SetWindowsHookExW                                        762F87AD 5 Bytes  JMP 007B500C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] USER32.dll!DdeConnect                                               76339A1F 5 Bytes  JMP 007BB00C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ole32.dll!CoCreateInstanceEx                                        761F9EE9 5 Bytes  JMP 007BA00C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ntdll.dll!NtCreateProcess                                                                                    77634494 5 Bytes  JMP 00E1000C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ntdll.dll!NtCreateProcessEx                                                                                  776344A4 5 Bytes  JMP 00E1100C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ntdll.dll!NtCreateUserProcess                                                                                77635804 5 Bytes  JMP 00E1200C 
.text           C:\Program Files\Prevx\prevx.exe[2024] kernel32.dll!LoadLibraryExW                                                                                  75EF9109 5 Bytes  JMP 00E1300C 
.text           C:\Program Files\Prevx\prevx.exe[2024] kernel32.dll!TerminateThread                                                                                 75F141F7 5 Bytes  JMP 00E1400C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!CloseServiceHandle                                                                              765F82A5 5 Bytes  JMP 00E1800C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!OpenServiceW                                                                                    765F8354 5 Bytes  JMP 00E1600C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!CreateServiceW                                                                                  76619EB4 5 Bytes  JMP 00E1900C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!ControlService                                                                                  76619FB8 5 Bytes  JMP 00E1700C 
.text           C:\Program Files\Prevx\prevx.exe[2024] USER32.dll!SetWindowsHookExW                                                                                 762F87AD 5 Bytes  JMP 00E1500C 
.text           C:\Program Files\Prevx\prevx.exe[2024] USER32.dll!DdeConnect                                                                                        76339A1F 5 Bytes  JMP 00E1B00C 
.text           C:\Program Files\Prevx\prevx.exe[2024] ole32.dll!CoCreateInstanceEx                                                                                 761F9EE9 5 Bytes  JMP 00E1A00C 
.text           C:\Windows\system32\rundll32.exe[2272] ntdll.dll!NtCreateProcess                                                                                    77634494 5 Bytes  JMP 0014000C 
.text           C:\Windows\system32\rundll32.exe[2272] ntdll.dll!NtCreateProcessEx                                                                                  776344A4 5 Bytes  JMP 0014100C 
.text           C:\Windows\system32\rundll32.exe[2272] ntdll.dll!NtCreateUserProcess                                                                                77635804 5 Bytes  JMP 0014200C 
.text           C:\Windows\system32\rundll32.exe[2272] kernel32.dll!LoadLibraryExW                                                                                  75EF9109 5 Bytes  JMP 0014300C 
.text           C:\Windows\system32\rundll32.exe[2272] kernel32.dll!TerminateThread                                                                                 75F141F7 5 Bytes  JMP 0014400C 
.text           C:\Windows\system32\rundll32.exe[2272] USER32.dll!SetWindowsHookExW                                                                                 762F87AD 5 Bytes  JMP 0014500C 
.text           C:\Windows\system32\rundll32.exe[2272] USER32.dll!DdeConnect                                                                                        76339A1F 5 Bytes  JMP 0014B00C 
.text           C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!CloseServiceHandle                                                                              765F82A5 5 Bytes  JMP 0014800C 
.text           C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!OpenServiceW                                                                                    765F8354 5 Bytes  JMP 0014600C 
.text           C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!CreateServiceW                                                                                  76619EB4 5 Bytes  JMP 0014900C 
.text           C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!ControlService                                                                                  76619FB8 5 Bytes  JMP 0014700C 
.text           C:\Windows\system32\rundll32.exe[2272] ole32.dll!CoCreateInstanceEx                                                                                 761F9EE9 5 Bytes  JMP 0014A00C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ntdll.dll!NtCreateProcess                                                    77634494 5 Bytes  JMP 003B000C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ntdll.dll!NtCreateProcessEx                                                  776344A4 5 Bytes  JMP 003B100C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ntdll.dll!NtCreateUserProcess                                                77635804 5 Bytes  JMP 003B200C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] kernel32.dll!LoadLibraryExW                                                  75EF9109 5 Bytes  JMP 003B300C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] kernel32.dll!TerminateThread                                                 75F141F7 5 Bytes  JMP 003B400C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] USER32.dll!SetWindowsHookExW                                                 762F87AD 5 Bytes  JMP 003B500C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] USER32.dll!DdeConnect                                                        76339A1F 5 Bytes  JMP 003BB00C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!CloseServiceHandle                                              765F82A5 5 Bytes  JMP 003B800C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!OpenServiceW                                                    765F8354 5 Bytes  JMP 003B600C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!CreateServiceW                                                  76619EB4 5 Bytes  JMP 003B900C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!ControlService                                                  76619FB8 5 Bytes  JMP 003B700C 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ole32.dll!CoCreateInstanceEx                                                 761F9EE9 5 Bytes  JMP 003BA00C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ntdll.dll!NtCreateProcess                                                                77634494 5 Bytes  JMP 00B9000C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ntdll.dll!NtCreateProcessEx                                                              776344A4 5 Bytes  JMP 00B9100C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ntdll.dll!NtCreateUserProcess                                                            77635804 5 Bytes  JMP 00B9200C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] kernel32.dll!LoadLibraryExW                                                              75EF9109 5 Bytes  JMP 00B9300C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] kernel32.dll!TerminateThread                                                             75F141F7 5 Bytes  JMP 00B9400C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] USER32.dll!SetWindowsHookExW                                                             762F87AD 5 Bytes  JMP 00B9500C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] USER32.dll!DdeConnect                                                                    76339A1F 5 Bytes  JMP 00B9A00C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!CloseServiceHandle                                                          765F82A5 5 Bytes  JMP 00B9800C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!OpenServiceW                                                                765F8354 5 Bytes  JMP 00B9600C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!CreateServiceW                                                              76619EB4 5 Bytes  JMP 00B9900C 
.text           C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!ControlService                                                              76619FB8 5 Bytes  JMP 00B9700C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ntdll.dll!NtCreateProcess                                                                     77634494 5 Bytes  JMP 0092000C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ntdll.dll!NtCreateProcessEx                                                                   776344A4 5 Bytes  JMP 0092100C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ntdll.dll!NtCreateUserProcess                                                                 77635804 5 Bytes  JMP 0092200C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] kernel32.dll!LoadLibraryExW                                                                   75EF9109 5 Bytes  JMP 0092300C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] kernel32.dll!TerminateThread                                                                  75F141F7 5 Bytes  JMP 0092400C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ole32.dll!CoCreateInstanceEx                                                                  761F9EE9 5 Bytes  JMP 0092A00C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] USER32.dll!SetWindowsHookExW                                                                  762F87AD 5 Bytes  JMP 0092500C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] USER32.dll!DdeConnect

Alt 06.01.2010, 20:38   #8
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


es gibt 2 teile da eines auf einmal zu lang wäre
Code:
ATTFilter
76339A1F 5 Bytes  JMP 0092B00C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!CloseServiceHandle                                                               765F82A5 5 Bytes  JMP 0092800C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!OpenServiceW                                                                     765F8354 5 Bytes  JMP 0092600C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!CreateServiceW                                                                   76619EB4 5 Bytes  JMP 0092900C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!ControlService                                                                   76619FB8 5 Bytes  JMP 0092700C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ntdll.dll!NtCreateProcess                                                                                         77634494 5 Bytes  JMP 0006000C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ntdll.dll!NtCreateProcessEx                                                                                       776344A4 5 Bytes  JMP 0006100C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ntdll.dll!NtCreateUserProcess                                                                                     77635804 5 Bytes  JMP 0006200C 
.text           C:\Windows\ehome\ehmsas.exe[2640] kernel32.dll!LoadLibraryExW                                                                                       75EF9109 5 Bytes  JMP 0006300C 
.text           C:\Windows\ehome\ehmsas.exe[2640] kernel32.dll!TerminateThread                                                                                      75F141F7 5 Bytes  JMP 0006400C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!CloseServiceHandle                                                                                   765F82A5 5 Bytes  JMP 0006800C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!OpenServiceW                                                                                         765F8354 5 Bytes  JMP 0006600C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!CreateServiceW                                                                                       76619EB4 5 Bytes  JMP 0006900C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!ControlService                                                                                       76619FB8 5 Bytes  JMP 0006700C 
.text           C:\Windows\ehome\ehmsas.exe[2640] USER32.dll!SetWindowsHookExW                                                                                      762F87AD 5 Bytes  JMP 0006500C 
.text           C:\Windows\ehome\ehmsas.exe[2640] USER32.dll!DdeConnect                                                                                             76339A1F 5 Bytes  JMP 0006B00C 
.text           C:\Windows\ehome\ehmsas.exe[2640] ole32.dll!CoCreateInstanceEx                                                                                      761F9EE9 5 Bytes  JMP 0006A00C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ntdll.dll!NtCreateProcess                                                 77634494 5 Bytes  JMP 01DD000C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ntdll.dll!NtCreateProcessEx                                               776344A4 5 Bytes  JMP 01DD100C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ntdll.dll!NtCreateUserProcess                                             77635804 5 Bytes  JMP 01DD200C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] kernel32.dll!LoadLibraryExW                                               75EF9109 5 Bytes  JMP 01DD300C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] kernel32.dll!TerminateThread                                              75F141F7 5 Bytes  JMP 01DD400C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!CloseServiceHandle                                           765F82A5 5 Bytes  JMP 01DD800C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!OpenServiceW                                                 765F8354 5 Bytes  JMP 01DD600C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!CreateServiceW                                               76619EB4 5 Bytes  JMP 01DD900C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!ControlService                                               76619FB8 5 Bytes  JMP 01DD700C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] USER32.dll!SetWindowsHookExW                                              762F87AD 5 Bytes  JMP 01DD500C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] USER32.dll!DdeConnect                                                     76339A1F 5 Bytes  JMP 01DDB00C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ole32.dll!CoCreateInstanceEx                                              761F9EE9 5 Bytes  JMP 01DDA00C 
.text           C:\Windows\Explorer.EXE[2928] ntdll.dll!NtWriteFile                                                                                                 77635644 5 Bytes  JMP 6B835C30 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\Windows\Explorer.EXE[2928] kernel32.dll!LoadLibraryExW + 5                                                                                       75EF910E 1 Byte  [E1]
.text           C:\Windows\Explorer.EXE[2928] kernel32.dll!CreateThread                                                                                             75F1C90E 5 Bytes  JMP 6B8352E0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text           C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!CloseServiceHandle                                                                                       765F82A5 5 Bytes  JMP 0030800C 
.text           C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!OpenServiceW                                                                                             765F8354 5 Bytes  JMP 0030600C 
.text           C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!CreateServiceW                                                                                           76619EB4 5 Bytes  JMP 0030900C 
.text           C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!ControlService                                                                                           76619FB8 5 Bytes  JMP 0030700C 
.text           C:\Windows\Explorer.EXE[2928] USER32.dll!SetWindowsHookExW                                                                                          762F87AD 5 Bytes  JMP 0030500C 
.text           C:\Windows\Explorer.EXE[2928] USER32.dll!DdeConnect                                                                                                 76339A1F 5 Bytes  JMP 0030B00C 
.text           C:\Windows\Explorer.EXE[2928] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9                                                                          768EB364 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text           C:\Windows\Explorer.EXE[2928] ole32.dll!CoCreateInstanceEx                                                                                          761F9EE9 5 Bytes  JMP 0030A00C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ntdll.dll!NtCreateProcess                                              77634494 5 Bytes  JMP 008C000C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ntdll.dll!NtCreateProcessEx                                            776344A4 5 Bytes  JMP 008C100C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ntdll.dll!NtCreateUserProcess                                          77635804 5 Bytes  JMP 008C200C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] kernel32.dll!LoadLibraryExW                                            75EF9109 5 Bytes  JMP 008C300C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] kernel32.dll!TerminateThread                                           75F141F7 5 Bytes  JMP 008C400C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] USER32.dll!SetWindowsHookExW                                           762F87AD 5 Bytes  JMP 008C500C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] USER32.dll!DdeConnect                                                  76339A1F 5 Bytes  JMP 008CB00C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!CloseServiceHandle                                        765F82A5 5 Bytes  JMP 008C800C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!OpenServiceW                                              765F8354 5 Bytes  JMP 008C600C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!CreateServiceW                                            76619EB4 5 Bytes  JMP 008C900C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!ControlService                                            76619FB8 5 Bytes  JMP 008C700C 
.text           C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ole32.dll!CoCreateInstanceEx                                           761F9EE9 5 Bytes  JMP 008CA00C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ntdll.dll!NtCreateProcess                                                                                    77634494 5 Bytes  JMP 0028000C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ntdll.dll!NtCreateProcessEx                                                                                  776344A4 5 Bytes  JMP 0028100C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ntdll.dll!NtCreateUserProcess                                                                                77635804 5 Bytes  JMP 0028200C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] kernel32.dll!LoadLibraryExW                                                                                  75EF9109 5 Bytes  JMP 0028300C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] kernel32.dll!TerminateThread                                                                                 75F141F7 5 Bytes  JMP 0028400C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!CloseServiceHandle                                                                              765F82A5 5 Bytes  JMP 0028800C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!OpenServiceW                                                                                    765F8354 5 Bytes  JMP 0028600C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!CreateServiceW                                                                                  76619EB4 5 Bytes  JMP 0028900C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!ControlService                                                                                  76619FB8 5 Bytes  JMP 0028700C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] USER32.dll!SetWindowsHookExW                                                                                 762F87AD 5 Bytes  JMP 0028500C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] USER32.dll!DdeConnect                                                                                        76339A1F 5 Bytes  JMP 0028B00C 
.text           C:\Windows\system32\PnkBstrA.exe[3080] ole32.dll!CoCreateInstanceEx                                                                                 761F9EE9 5 Bytes  JMP 0028A00C 
.text           C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 002C000C 
.text           C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 002C100C 
.text           C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 002C200C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ntdll.dll!NtCreateProcess                                             77634494 5 Bytes  JMP 0016000C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ntdll.dll!NtCreateProcessEx                                           776344A4 5 Bytes  JMP 0016100C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ntdll.dll!NtCreateUserProcess                                         77635804 5 Bytes  JMP 0016200C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] kernel32.dll!LoadLibraryExW                                           75EF9109 5 Bytes  JMP 0016300C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] kernel32.dll!TerminateThread                                          75F141F7 5 Bytes  JMP 0016400C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!CloseServiceHandle                                       765F82A5 5 Bytes  JMP 0016800C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!OpenServiceW                                             765F8354 5 Bytes  JMP 0016600C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!CreateServiceW                                           76619EB4 5 Bytes  JMP 0016900C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!ControlService                                           76619FB8 5 Bytes  JMP 0016700C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] USER32.dll!SetWindowsHookExW                                          762F87AD 5 Bytes  JMP 0016500C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] USER32.dll!DdeConnect                                                 76339A1F 5 Bytes  JMP 0016B00C 
.text           C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ole32.dll!CoCreateInstanceEx                                          761F9EE9 5 Bytes  JMP 0016A00C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ntdll.dll!NtCreateProcess                                                      77634494 5 Bytes  JMP 0092000C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ntdll.dll!NtCreateProcessEx                                                    776344A4 5 Bytes  JMP 0092100C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ntdll.dll!NtCreateUserProcess                                                  77635804 5 Bytes  JMP 0092200C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] kernel32.dll!LoadLibraryExW                                                    75EF9109 5 Bytes  JMP 0092300C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] kernel32.dll!TerminateThread                                                   75F141F7 5 Bytes  JMP 0092400C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!CloseServiceHandle                                                765F82A5 5 Bytes  JMP 0092800C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!OpenServiceW                                                      765F8354 5 Bytes  JMP 0092600C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!CreateServiceW                                                    76619EB4 5 Bytes  JMP 0092900C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!ControlService                                                    76619FB8 5 Bytes  JMP 0092700C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] USER32.dll!SetWindowsHookExW                                                   762F87AD 5 Bytes  JMP 0092500C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] USER32.dll!DdeConnect                                                          76339A1F 5 Bytes  JMP 0092B00C 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ole32.dll!CoCreateInstanceEx                                                   761F9EE9 5 Bytes  JMP 0092A00C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ntdll.dll!NtCreateProcess                                              77634494 5 Bytes  JMP 00C5000C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ntdll.dll!NtCreateProcessEx                                            776344A4 5 Bytes  JMP 00C5100C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ntdll.dll!NtCreateUserProcess                                          77635804 5 Bytes  JMP 00C5200C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] kernel32.dll!LoadLibraryExW                                            75EF9109 5 Bytes  JMP 00C5300C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] kernel32.dll!TerminateThread                                           75F141F7 5 Bytes  JMP 00C5400C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!CloseServiceHandle                                        765F82A5 5 Bytes  JMP 00C5800C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!OpenServiceW                                              765F8354 5 Bytes  JMP 00C5600C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!CreateServiceW                                            76619EB4 5 Bytes  JMP 00C5900C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!ControlService                                            76619FB8 5 Bytes  JMP 00C5700C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] USER32.dll!SetWindowsHookExW                                           762F87AD 5 Bytes  JMP 00C5500C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] USER32.dll!DdeConnect                                                  76339A1F 5 Bytes  JMP 00C5B00C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ole32.dll!CoCreateInstanceEx                                           761F9EE9 5 Bytes  JMP 00C5A00C 
.text           C:\Windows\system32\svchost.exe[3252] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0043000C 
.text           C:\Windows\system32\svchost.exe[3252] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0043100C 
.text           C:\Windows\system32\svchost.exe[3252] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0043200C 
.text           C:\Windows\System32\svchost.exe[3300] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0016000C 
.text           C:\Windows\System32\svchost.exe[3300] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0016100C 
.text           C:\Windows\System32\svchost.exe[3300] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0016200C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ntdll.dll!NtCreateProcess                                             77634494 5 Bytes  JMP 009E000C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ntdll.dll!NtCreateProcessEx                                           776344A4 5 Bytes  JMP 009E100C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ntdll.dll!NtCreateUserProcess                                         77635804 5 Bytes  JMP 009E200C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] kernel32.dll!LoadLibraryExW                                           75EF9109 5 Bytes  JMP 009E300C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] kernel32.dll!TerminateThread                                          75F141F7 5 Bytes  JMP 009E400C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!CloseServiceHandle                                       765F82A5 5 Bytes  JMP 009E800C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!OpenServiceW                                             765F8354 5 Bytes  JMP 009E600C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!CreateServiceW                                           76619EB4 5 Bytes  JMP 009E900C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!ControlService                                           76619FB8 5 Bytes  JMP 009E700C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ole32.dll!CoCreateInstanceEx                                          761F9EE9 5 Bytes  JMP 009EA00C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] USER32.dll!SetWindowsHookExW                                          762F87AD 5 Bytes  JMP 009E500C 
.text           C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] USER32.dll!DdeConnect                                                 76339A1F 5 Bytes  JMP 009EB00C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ntdll.dll!NtCreateProcess                                                                               77634494 5 Bytes  JMP 0559000C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ntdll.dll!NtCreateProcessEx                                                                             776344A4 5 Bytes  JMP 0559100C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ntdll.dll!NtCreateUserProcess                                                                           77635804 5 Bytes  JMP 0559200C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] kernel32.dll!LoadLibraryExW                                                                             75EF9109 5 Bytes  JMP 0559300C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] kernel32.dll!TerminateThread                                                                            75F141F7 5 Bytes  JMP 0559400C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!CloseServiceHandle                                                                         765F82A5 5 Bytes  JMP 0559800C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!OpenServiceW                                                                               765F8354 5 Bytes  JMP 0559600C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!CreateServiceW                                                                             76619EB4 5 Bytes  JMP 0559900C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!ControlService                                                                             76619FB8 5 Bytes  JMP 0559700C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] USER32.dll!SetWindowsHookExW                                                                            762F87AD 5 Bytes  JMP 0559500C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] USER32.dll!DdeConnect                                                                                   76339A1F 5 Bytes  JMP 0559B00C 
.text           C:\Windows\system32\SearchIndexer.exe[3412] ole32.dll!CoCreateInstanceEx                                                                            761F9EE9 5 Bytes  JMP 0559A00C 
.text           C:\Windows\system32\taskeng.exe[3488] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0016000C 
.text           C:\Windows\system32\taskeng.exe[3488] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0016100C 
.text           C:\Windows\system32\taskeng.exe[3488] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0016200C 
.text           C:\Windows\system32\taskeng.exe[3488] kernel32.dll!LoadLibraryExW                                                                                   75EF9109 5 Bytes  JMP 0016300C 
.text           C:\Windows\system32\taskeng.exe[3488] kernel32.dll!TerminateThread                                                                                  75F141F7 5 Bytes  JMP 0016400C 
.text           C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!CloseServiceHandle                                                                               765F82A5 5 Bytes  JMP 0016800C 
.text           C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!OpenServiceW                                                                                     765F8354 5 Bytes  JMP 0016600C 
.text           C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!CreateServiceW                                                                                   76619EB4 5 Bytes  JMP 0016900C 
.text           C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!ControlService                                                                                   76619FB8 5 Bytes  JMP 0016700C 
.text           C:\Windows\system32\taskeng.exe[3488] USER32.dll!SetWindowsHookExW                                                                                  762F87AD 5 Bytes  JMP 0016500C 
.text           C:\Windows\system32\taskeng.exe[3488] USER32.dll!DdeConnect                                                                                         76339A1F 5 Bytes  JMP 0016B00C 
.text           C:\Windows\system32\taskeng.exe[3488] ole32.dll!CoCreateInstanceEx                                                                                  761F9EE9 5 Bytes  JMP 0016A00C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ntdll.dll!NtCreateProcess                                                                               77634494 5 Bytes  JMP 006E000C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ntdll.dll!NtCreateProcessEx                                                                             776344A4 5 Bytes  JMP 006E100C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ntdll.dll!NtCreateUserProcess                                                                           77635804 5 Bytes  JMP 006E200C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] kernel32.dll!LoadLibraryExW                                                                             75EF9109 5 Bytes  JMP 006E300C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] kernel32.dll!TerminateThread                                                                            75F141F7 5 Bytes  JMP 006E400C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!CloseServiceHandle                                                                         765F82A5 5 Bytes  JMP 006E800C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!OpenServiceW                                                                               765F8354 5 Bytes  JMP 006E600C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!CreateServiceW                                                                             76619EB4 5 Bytes  JMP 006E900C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!ControlService                                                                             76619FB8 5 Bytes  JMP 006E700C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] USER32.dll!SetWindowsHookExW                                                                            762F87AD 5 Bytes  JMP 006E500C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] USER32.dll!DdeConnect                                                                                   76339A1F 5 Bytes  JMP 006EB00C 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3916] ole32.dll!CoCreateInstanceEx                                                                            761F9EE9 5 Bytes  JMP 006EA00C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ntdll.dll!NtCreateProcess                                                                               77634494 5 Bytes  JMP 002C000C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ntdll.dll!NtCreateProcessEx                                                                             776344A4 5 Bytes  JMP 002C100C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ntdll.dll!NtCreateUserProcess                                                                           77635804 5 Bytes  JMP 002C200C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] kernel32.dll!LoadLibraryExW                                                                             75EF9109 5 Bytes  JMP 002C300C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] kernel32.dll!TerminateThread                                                                            75F141F7 5 Bytes  JMP 002C400C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!CloseServiceHandle                                                                         765F82A5 5 Bytes  JMP 002C800C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!OpenServiceW                                                                               765F8354 5 Bytes  JMP 002C600C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!CreateServiceW                                                                             76619EB4 5 Bytes  JMP 002C900C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!ControlService                                                                             76619FB8 5 Bytes  JMP 002C700C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] ole32.dll!CoCreateInstanceEx                                                                            761F9EE9 5 Bytes  JMP 002CA00C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] USER32.dll!SetWindowsHookExW                                                                            762F87AD 5 Bytes  JMP 002C500C 
.text           C:\Windows\system32\wbem\unsecapp.exe[3940] USER32.dll!DdeConnect                                                                                   76339A1F 5 Bytes  JMP 002CB00C 
.text           C:\Windows\system32\taskeng.exe[4220] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0016000C 
.text           C:\Windows\system32\taskeng.exe[4220] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0016100C 
.text           C:\Windows\system32\taskeng.exe[4220] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0016200C 
.text           C:\Windows\system32\taskeng.exe[4220] kernel32.dll!LoadLibraryExW                                                                                   75EF9109 5 Bytes  JMP 0016300C 
.text           C:\Windows\system32\taskeng.exe[4220] kernel32.dll!TerminateThread                                                                                  75F141F7 5 Bytes  JMP 0016400C 
.text           C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!CloseServiceHandle                                                                               765F82A5 5 Bytes  JMP 0016800C 
.text           C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!OpenServiceW                                                                                     765F8354 5 Bytes  JMP 0016600C 
.text           C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!CreateServiceW                                                                                   76619EB4 5 Bytes  JMP 0016900C 
.text           C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!ControlService                                                                                   76619FB8 5 Bytes  JMP 0016700C 
.text           C:\Windows\system32\taskeng.exe[4220] USER32.dll!SetWindowsHookExW                                                                                  762F87AD 5 Bytes  JMP 0016500C 
.text           C:\Windows\system32\taskeng.exe[4220] USER32.dll!DdeConnect                                                                                         76339A1F 5 Bytes  JMP 0016B00C 
.text           C:\Windows\system32\taskeng.exe[4220] ole32.dll!CoCreateInstanceEx                                                                                  761F9EE9 5 Bytes  JMP 0016A00C 
.text           C:\Windows\system32\taskeng.exe[4276] ntdll.dll!NtCreateProcess                                                                                     77634494 5 Bytes  JMP 0009000C 
.text           C:\Windows\system32\taskeng.exe[4276] ntdll.dll!NtCreateProcessEx                                                                                   776344A4 5 Bytes  JMP 0009100C 
.text           C:\Windows\system32\taskeng.exe[4276] ntdll.dll!NtCreateUserProcess                                                                                 77635804 5 Bytes  JMP 0009200C 
.text           C:\Windows\system32\taskeng.exe[4276] kernel32.dll!LoadLibraryExW                                                                                   75EF9109 5 Bytes  JMP 0009300C 
.text           C:\Windows\system32\taskeng.exe[4276] kernel32.dll!TerminateThread                                                                                  75F141F7 5 Bytes  JMP 0009400C 
.text           C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!CloseServiceHandle                                                                               765F82A5 5 Bytes  JMP 0009800C 
.text           C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!OpenServiceW                                                                                     765F8354 5 Bytes  JMP 0009600C 
.text           C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!CreateServiceW                                                                                   76619EB4 5 Bytes  JMP 0009900C 
.text           C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!ControlService                                                                                   76619FB8 5 Bytes  JMP 0009700C 
.text           C:\Windows\system32\taskeng.exe[4276] USER32.dll!SetWindowsHookExW                                                                                  762F87AD 5 Bytes  JMP 0009500C 
.text           C:\Windows\system32\taskeng.exe[4276] USER32.dll!DdeConnect                                                                                         76339A1F 5 Bytes  JMP 0009B00C 
.text           C:\Windows\system32\taskeng.exe[4276] ole32.dll!CoCreateInstanceEx                                                                                  761F9EE9 5 Bytes  JMP 0009A00C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ntdll.dll!NtCreateProcess                                                                               77634494 5 Bytes  JMP 0006000C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ntdll.dll!NtCreateProcessEx                                                                             776344A4 5 Bytes  JMP 0006100C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ntdll.dll!NtCreateUserProcess                                                                           77635804 5 Bytes  JMP 0006200C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] kernel32.dll!LoadLibraryExW                                                                             75EF9109 5 Bytes  JMP 0006300C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] kernel32.dll!TerminateThread                                                                            75F141F7 5 Bytes  JMP 0006400C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!CloseServiceHandle                                                                         765F82A5 5 Bytes  JMP 0006800C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!OpenServiceW                                                                               765F8354 5 Bytes  JMP 0006600C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!CreateServiceW                                                                             76619EB4 5 Bytes  JMP 0006900C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!ControlService                                                                             76619FB8 5 Bytes  JMP 0006700C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] ole32.dll!CoCreateInstanceEx                                                                            761F9EE9 5 Bytes  JMP 0006A00C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] USER32.dll!SetWindowsHookExW                                                                            762F87AD 5 Bytes  JMP 0006500C 
.text           C:\Windows\system32\wbem\unsecapp.exe[4896] USER32.dll!DdeConnect                                                                                   76339A1F 5 Bytes  JMP 0006B00C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ntdll.dll!NtCreateProcess                                                                        77634494 5 Bytes  JMP 009A000C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ntdll.dll!NtCreateProcessEx                                                                      776344A4 5 Bytes  JMP 009A100C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ntdll.dll!NtCreateUserProcess                                                                    77635804 5 Bytes  JMP 009A200C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] kernel32.dll!LoadLibraryExW                                                                      75EF9109 5 Bytes  JMP 009A300C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] kernel32.dll!TerminateThread                                                                     75F141F7 5 Bytes  JMP 009A400C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!CloseServiceHandle                                                                  765F82A5 5 Bytes  JMP 009A800C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!OpenServiceW                                                                        765F8354 5 Bytes  JMP 009A600C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!CreateServiceW                                                                      76619EB4 5 Bytes  JMP 009A900C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!ControlService                                                                      76619FB8 5 Bytes  JMP 009A700C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] USER32.dll!SetWindowsHookExW                                                                     762F87AD 5 Bytes  JMP 009A500C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] USER32.dll!DdeConnect                                                                            76339A1F 5 Bytes  JMP 009AB00C 
.text           C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ole32.dll!CoCreateInstanceEx                                                                     761F9EE9 5 Bytes  JMP 009AA00C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ntdll.dll!NtCreateProcess                                                                    77634494 5 Bytes  JMP 0023000C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ntdll.dll!NtCreateProcessEx                                                                  776344A4 5 Bytes  JMP 0023100C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ntdll.dll!NtCreateUserProcess                                                                77635804 5 Bytes  JMP 0023200C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] kernel32.dll!LoadLibraryExW                                                                  75EF9109 5 Bytes  JMP 0023300C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] kernel32.dll!TerminateThread                                                                 75F141F7 5 Bytes  JMP 0023400C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] USER32.dll!SetWindowsHookExW                                                                 762F87AD 5 Bytes  JMP 0023500C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] USER32.dll!DdeConnect                                                                        76339A1F 5 Bytes  JMP 0023A00C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!CloseServiceHandle                                                              765F82A5 5 Bytes  JMP 0023800C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!OpenServiceW                                                                    765F8354 5 Bytes  JMP 0023600C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!CreateServiceW                                                                  76619EB4 5 Bytes  JMP 0023900C 
.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!ControlService                                                                  76619FB8 5 Bytes  JMP 0023700C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ntdll.dll!NtCreateProcess        77634494 5 Bytes  JMP 0016000C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ntdll.dll!NtCreateProcessEx      776344A4 5 Bytes  JMP 0016100C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ntdll.dll!NtCreateUserProcess    77635804 5 Bytes  JMP 0016200C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] kernel32.dll!LoadLibraryExW      75EF9109 5 Bytes  JMP 0016300C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] kernel32.dll!TerminateThread     75F141F7 5 Bytes  JMP 0016400C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] USER32.dll!SetWindowsHookExW     762F87AD 5 Bytes  JMP 0016500C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] USER32.dll!DdeConnect            76339A1F 5 Bytes  JMP 0016A00C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!CloseServiceHandle  765F82A5 5 Bytes  JMP 0016800C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!OpenServiceW        765F8354 5 Bytes  JMP 0016600C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!CreateServiceW      76619EB4 5 Bytes  JMP 0016900C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!ControlService      76619FB8 5 Bytes  JMP 0016700C 
.text           C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ole32.dll!CoCreateInstanceEx     761F9EE9 5 Bytes  JMP 0016B00C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ntdll.dll!NtCreateProcess                                                                77634494 5 Bytes  JMP 0028000C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ntdll.dll!NtCreateProcessEx                                                              776344A4 5 Bytes  JMP 0028100C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ntdll.dll!NtCreateUserProcess                                                            77635804 5 Bytes  JMP 0028200C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] kernel32.dll!LoadLibraryExW                                                              75EF9109 5 Bytes  JMP 0028300C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] kernel32.dll!TerminateThread                                                             75F141F7 5 Bytes  JMP 0028400C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] USER32.dll!SetWindowsHookExW                                                             762F87AD 5 Bytes  JMP 0028500C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] USER32.dll!DdeConnect                                                                    76339A1F 5 Bytes  JMP 0028B00C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!CloseServiceHandle                                                          765F82A5 5 Bytes  JMP 0028800C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!OpenServiceW                                                                765F8354 5 Bytes  JMP 0028600C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!CreateServiceW                                                              76619EB4 5 Bytes  JMP 0028900C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!ControlService                                                              76619FB8 5 Bytes  JMP 0028700C 
.text           C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ole32.dll!CoCreateInstanceEx                                                             761F9EE9 5 Bytes  JMP 0028A00C 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                               [73A37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                [73A8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                            [73A3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                      [73A2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                [73A375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                             [73A2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                 [73A68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                    [73A3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                            [73A2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                             [73A2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                              [73A271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                      [73ABCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                         [73A5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                            [73A2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                      [73A26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                     [73A2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                        [73A32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                         [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                             [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                       [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                         [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                               [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                 [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                 [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                     [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                             pxrts.sys (Prevx Realtime Security/Prevx)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001638396a55                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001638396a55@0015b97e0e12                                                            0x9A 0x95 0xE5 0x36 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001638396a55 (not active ControlSet)                                                     
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001638396a55@0015b97e0e12                                                                0x9A 0x95 0xE5 0x36 ...

---- EOF - GMER 1.0.15 ----

Alt 07.01.2010, 16:56   #9
kira
/// Helfer-Team
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Zitat:
Zitat von Lachern Beitrag anzeigen
Hallo,
ich habe ein Problem mit der Firewall nämlich wenn ich mein PC(LAPTOTP) neu starte ist meine Firewall immer deaktiviert und es kommt auch eine Meldung.
Mein anderes Antiviren Programm (Bluewin Security) ist aber eingeschaltet.
Wieso ist meine Firewall eig aus und wie kann ich es Permanent eingeschaltet haben?
die Windows eigene Firewall oder v F-secure?

Alt 07.01.2010, 17:38   #10
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Zitat:
Zitat von Coverflow Beitrag anzeigen
die Windows eigene Firewall oder v F-secure?
Diese die bei windows schon drin ist

Alt 08.01.2010, 19:30   #11
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


und was nu?

Alt 09.01.2010, 12:16   #12
kira
/// Helfer-Team
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


1 Firewall reicht schon aus, zwar hast v F-secure aktiviert oder?!
also die Windows eigene FW soll deaktiviert bleiben, sonst dein System krascht
Wichtig:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!

Alt 09.01.2010, 18:33   #13
Lachern
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Zitat:
Zitat von Coverflow Beitrag anzeigen
1 Firewall reicht schon aus, zwar hast v F-secure aktiviert oder?!
also die Windows eigene FW soll deaktiviert bleiben, sonst dein System krascht
Wichtig:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
F-Security ?
Meinst du die von meinem Bluewin Security(Anti Viren Software)?
Und wieso ist mein compuer nach dem scan abgestürzt?

Alt 10.01.2010, 10:09   #14
kira
/// Helfer-Team
 
Firewall ist aussgeschaltet - Standard

Firewall ist aussgeschaltet


Zitat:
Zitat von Lachern Beitrag anzeigen
F-Security ?
Meinst du die von meinem Bluewin Security(Anti Viren Software)?
ja, meinte ich
aber die Windows eigene Firewall soll deaktiviert bleiben! Windows Defender kannst abschalten oder mit HJT fixen

Empfehlungen/Vorschläge:
1.
► BHO`s & Toolbars (im Logfile HijackThis 02 u. 03 aufgelistet):
Immer mehr Programme bringen eine Toolbar mit.(wie z.B. Google, Yaho,Messenger, Winamp, Adobe Reader usw). Manche Zustimmung der User installiert, manche wieder ohne Wissen des Benutzers Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...
Man kann sie deinstallieren oder mit HJT fixen: alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
Yahoo! Toolbar
Google Toolbar
2.
Wie lange dauert die Startvorgang?
- Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
- Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
"Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK"
it-academy.cc
pqtuning.de
Laden von Programmen beim Start von Windows Vista verhindern
- Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
- Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
- Falls Du mal brauchst, kannst manuell auch starten
- Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
Da es ist immer Benutzerspezifisch, ein allgemein gültiges Rezept gibt es nicht, finde über Google die Grundfunktionen der einzelnen Programme heraus!
Gleich ein paar Vorschläge:
Code:
ATTFilter
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
- (Nvidia "Erweiterungen" für die Anzeige/Einstellungen zuständig, kannst damit die Erweiterungbibliothek für Anzeigeeigenschaften des Nvidiagrafiktreibers 
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
- Nvidia Erweiterungen, in den Einstellungen für die Anzeige ("Rechtsklick auf den Desktop-> Eigenschaften-> Einstellungen-> Erweitert->Grafikkarte")
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
3.
- Überflüssige Dienste belasten nur den Prozessor und Arbeitsspeicher, daher solltest Du abschalten:
Code:
ATTFilter
O23 - Service: Google Update Service (gupdate1c9f1cd98326900) (gupdate1c9f1cd98326900) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
- unter `Systemsteuerung - Verwaltung - Dienste oder "Ausführen"-> gibst Du in das Dialogfenster den Befehl services.msc -> Ok
mit der rechten Maustaste auf den Dienstnamen klicken→ wähle `Eigenschaften`→ `Starttyp`→ Manuell, damit wird der Dienst ruhiggestellt. Den Dienst erst dann nur starten, wenn ein Programm ihn benötigt.
Geändert von kira (10.01.2010 um 10:42 Uhr)

Antwort

Themen zu Firewall ist aussgeschaltet
anderes, antiviren, deaktiviert, firewall, neu, permanent, problem, programm, security, starte


« Internet Explorer - Virus | Sicherheitskonzept optimieren »


Ähnliche Themen: Firewall ist aussgeschaltet


  1. Avira-Firewall oder die Windows-Firewall benutzen?
    Antiviren-, Firewall- und andere Schutzprogramme - 26.10.2015 (6)
  2. Firewall ?
    Antiviren-, Firewall- und andere Schutzprogramme - 03.11.2007 (11)
  3. Firewall hinter Router-Firewall ?
    Antiviren-, Firewall- und andere Schutzprogramme - 27.01.2007 (4)
  4. Windows XP Firewall Symbol in Taskleiste ist nicht da, obwohl Firewall aktiviert ist!
    Antiviren-, Firewall- und andere Schutzprogramme - 15.01.2007 (7)
  5. Firewall?
    Antiviren-, Firewall- und andere Schutzprogramme - 04.09.2006 (6)
  6. firewall
    Log-Analyse und Auswertung - 19.05.2006 (4)
  7. Firewall für KEN
    Antiviren-, Firewall- und andere Schutzprogramme - 15.10.2005 (2)
  8. Hat jmd nen Firewall Tip
    Antiviren-, Firewall- und andere Schutzprogramme - 23.06.2005 (9)
  9. aktivierte Windows Firewall ersetzt Personal Firewall??
    Antiviren-, Firewall- und andere Schutzprogramme - 22.02.2005 (3)
  10. Firewall
    Antiviren-, Firewall- und andere Schutzprogramme - 13.01.2005 (1)
  11. Firewall
    Antiviren-, Firewall- und andere Schutzprogramme - 07.01.2005 (1)
  12. Firewall bei T-DSL
    Antiviren-, Firewall- und andere Schutzprogramme - 13.11.2004 (19)
  13. Firewall
    Antiviren-, Firewall- und andere Schutzprogramme - 03.11.2004 (3)
  14. Firewall
    Plagegeister aller Art und deren Bekämpfung - 21.05.2004 (10)
  15. Firewall? Wie?
    Antiviren-, Firewall- und andere Schutzprogramme - 06.04.2004 (18)
  16. firewall ist weg
    Alles rund um Windows - 25.09.2003 (4)
  17. Firewall
    Plagegeister aller Art und deren Bekämpfung - 12.05.2003 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Firewall ist aussgeschaltet - Hallo, ich habe ein Problem mit der Firewall nämlich wenn ich mein PC(LAPTOTP) neu starte ist meine Firewall immer deaktiviert und es kommt auch eine Meldung. Mein anderes Antiviren Programm - Firewall ist aussgeschaltet...
Archiv
Du betrachtest: Firewall ist aussgeschaltet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130