| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC läuft sehr langsam, svchost.exe lastet das System extrem ausWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.08.2010, 22:07
| #1 |
 |  PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo zusammen, mein notebook läuft extrem langsam, besonders der Seitenaufbau von Internetseiten ist slow-motion. Google hat mich auch mit diesem Problem auf dieses Forum geführt. Ich habe hier gelesen habe, dass ggf. fehlende Windows-Updates zu diesem Problem führen. Mein Vista weigert sich standhaft das update KB973917 zu installieren. Der Ressourcen-Monitor zeigt an, dass svchost.exe das System extrem auslastet. Hier der Malwarebytes Bericht Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4447 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 18.08.2010 23:50:01 mbam-log-2010-08-18 (23-50-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 134803 Laufzeit: 9 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 27 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 7 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bd4438c-2511-4b93-ad34-2bdcd0ff78d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\***\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. habe heute noch einen Scan gemacht: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4478 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 25.08.2010 22:05:07 mbam-log-2010-08-25 (22-05-07).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 135694 Laufzeit: 9 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Hier der OTL LogFile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.08.2010 22:26:58 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\*****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 88,31 Gb Total Space | 30,33 Gb Free Space | 34,35% Space Free | Partition Type: NTFS Drive D: | 88,00 Gb Total Space | 49,25 Gb Free Space | 55,97% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\*****\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe () PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Windows\System32\perfmon.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe () PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation) SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys File not found DRV - (RimUsb) -- C:\Windows\System32\Drivers\RimUsb.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\***.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://***.myownstartpage.net/?cm=640368<=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://dsl-start.computerbild.de/" FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3 FF - prefs.js..extensions.enabledItems: de-DE(at)dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.5 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: DeviceDetection(at)logitech.com:1.0.176.0 FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.17 01:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.16 21:25:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.28 21:25:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 23:48:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.16 21:25:16 | 000,000,000 | ---D | M] [2008.06.18 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.08.24 22:57:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions [2010.01.18 20:39:57 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2010.01.18 20:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}-trash [2010.02.13 20:48:25 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.05.12 21:29:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.04 10:30:11 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} [2008.06.22 16:27:46 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2010.06.22 09:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2010.02.13 20:48:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.08.12 22:33:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com [2010.08.22 20:44:19 | 000,001,496 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\altavista-deutschland.xml [2009.02.11 23:53:13 | 000,000,681 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\ask.xml [2009.06.16 23:58:08 | 000,002,836 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\bing.xml [2008.07.12 14:00:06 | 000,001,722 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\computer-bild-suche.xml [2008.12.19 22:56:48 | 000,005,310 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\footiefox.xml [2008.07.11 23:11:18 | 000,001,504 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\imdb.xml [2010.08.23 22:50:43 | 000,001,595 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\ixquick---deutsch.xml [2008.10.03 01:10:14 | 000,001,733 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\live-search.xml [2010.08.22 20:44:20 | 000,001,659 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\metacrawlerde.xml [2010.08.22 20:44:19 | 000,002,271 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\idf69tkz.default\searchplugins\xing.xml [2010.04.27 21:56:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.27 21:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.02.12 20:13:13 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.01.26 01:27:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.26 01:27:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.26 01:27:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.26 01:27:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.26 01:27:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100728212538.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\*****\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\Pictures\Madeira 2008\Madeira 2008 054.JPG O24 - Desktop BackupWallPaper: C:\Users\*****\Pictures\Madeira 2008\Madeira 2008 054.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5963dc93-afa3-11de-b6b8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5963dc93-afa3-11de-b6b8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\zdata\cobi.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.18 23:36:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.08.18 23:36:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.18 23:36:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.18 23:36:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.18 23:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.17 20:46:48 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2010.08.17 20:39:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.08.17 20:26:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.11 23:49:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.11 23:49:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.11 23:49:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.11 23:49:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.11 23:49:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.11 23:49:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 23:49:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.11 23:49:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.11 23:49:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.11 23:49:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.11 23:49:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.11 23:49:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.11 23:49:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.11 23:49:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.11 23:49:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.11 23:49:20 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 23:49:07 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 23:49:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 23:49:00 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 23:49:00 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.07 13:56:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2010.08.07 13:55:54 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2010.08.07 13:55:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2010.08.07 13:55:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2010.08.07 13:55:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2010.08.07 13:55:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2010.08.07 13:55:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2010.08.07 13:55:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2010.08.07 13:55:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2010.08.07 13:55:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2010.08.07 13:55:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2010.08.07 13:55:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2010.08.07 13:55:47 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2010.08.07 13:55:47 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2010.08.07 13:55:47 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2010.08.07 13:55:47 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.08.07 13:52:06 | 000,092,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL [2010.07.30 11:15:01 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.30 11:11:15 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.07.30 10:38:40 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2010.07.30 10:38:40 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2010.07.30 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Deployment [2010.07.30 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Apps [2010.07.28 23:56:33 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2010.07.28 23:56:28 | 000,000,000 | ---D | C] -- C:\Users\*****\SystemRequirementsLab [2010.07.28 23:35:27 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.07.28 21:25:36 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys [2010.07.28 21:24:26 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys [2010.07.28 21:24:25 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys [2010.07.28 21:24:25 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys [2010.07.28 21:24:25 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys [2010.07.28 21:24:25 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys [2010.07.28 21:24:24 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys [2010.07.28 21:24:24 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys [2010.07.28 21:24:24 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys [2010.07.28 21:24:24 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys [2007.04.26 21:36:39 | 000,528,040 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Programme\MSetup.exe [2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.25 22:25:31 | 003,932,160 | ---- | M] () -- C:\Users\*****\NTUSER.DAT [2010.08.25 22:24:49 | 000,083,438 | ---- | M] () -- C:\Users\*****\AppData\Roaming\nvModes.001 [2010.08.25 22:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.25 21:42:31 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job [2010.08.25 21:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.25 21:21:38 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.08.25 21:19:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.25 21:19:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 21:19:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 21:19:10 | 000,000,202 | ---- | M] () -- C:\Windows\System32\PSLOG [2010.08.25 21:19:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.25 21:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.25 11:07:21 | 000,007,692 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.25 11:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{632c543c-546a-11df-92c9-00027875610f}.TMContainer00000000000000000001.regtrans-ms [2010.08.25 11:07:01 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{632c543c-546a-11df-92c9-00027875610f}.TM.blf [2010.08.25 11:06:26 | 003,947,799 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.08.24 21:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job [2010.08.18 23:36:28 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.18 15:12:22 | 000,122,241 | ---- | M] () -- C:\Users\*****\Desktop\Adecco Senior Persona....pdf [2010.08.17 20:46:50 | 000,001,702 | ---- | M] () -- C:\Users\*****\Desktop\Defraggler.lnk [2010.08.17 20:32:53 | 000,027,296 | ---- | M] () -- C:\Users\*****\Documents\cc_20100817_203240.reg [2010.08.17 20:26:03 | 000,000,804 | ---- | M] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.08.17 19:08:04 | 000,083,438 | ---- | M] () -- C:\Users\*****\AppData\Roaming\nvModes.dat [2010.08.16 23:24:26 | 000,142,935 | ---- | M] () -- C:\Windows\hppins23.dat [2010.08.12 21:01:16 | 000,396,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.12 19:46:57 | 000,000,186 | ---- | M] () -- C:\Users\*****\Desktop\Synchronisierungsergebnisse - Verknüpfung.lnk [2010.07.30 11:54:54 | 001,867,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.30 11:54:54 | 000,788,886 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.30 11:54:54 | 000,738,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.30 11:54:54 | 000,185,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.30 11:54:54 | 000,156,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.30 10:38:35 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2010.07.30 10:38:35 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.18 23:36:28 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.18 15:12:22 | 000,122,241 | ---- | C] () -- C:\Users\*****\Desktop\Adecco Senior Persona....pdf [2010.08.17 20:46:50 | 000,001,702 | ---- | C] () -- C:\Users\*****\Desktop\Defraggler.lnk [2010.08.17 20:32:47 | 000,027,296 | ---- | C] () -- C:\Users\*****\Documents\cc_20100817_203240.reg [2010.08.17 20:26:03 | 000,000,804 | ---- | C] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.08.12 19:46:57 | 000,000,186 | ---- | C] () -- C:\Users\*****\Desktop\Synchronisierungsergebnisse - Verknüpfung.lnk [2010.08.07 13:55:48 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2010.08.07 13:55:48 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.08.07 13:55:48 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2009.06.13 17:01:56 | 000,022,016 | ---- | C] () -- C:\Windows\System32\msdri32.dll [2009.06.07 16:29:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.12.06 23:44:36 | 000,000,938 | ---- | C] () -- C:\Windows\WISO.INI [2008.07.12 16:15:08 | 000,000,669 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\vispa.ini [2008.05.17 09:38:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008.04.13 16:08:16 | 000,000,037 | ---- | C] () -- C:\Windows\easyprint.INI [2007.12.08 19:59:57 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2007.11.03 19:05:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\Bot.dll [2007.11.03 19:05:49 | 000,000,101 | ---- | C] () -- C:\Windows\PSXLPR.INI [2007.09.03 11:57:34 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.04 01:12:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2007.08.02 08:15:56 | 000,024,206 | ---- | C] () -- C:\Users\*****\AppData\Roaming\UserTile.png [2007.07.22 21:25:35 | 000,001,356 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2007.07.22 17:19:50 | 000,083,438 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.001 [2007.07.22 00:31:09 | 000,083,438 | ---- | C] () -- C:\Users\*****\AppData\Roaming\nvModes.dat [2007.07.21 21:31:24 | 000,019,456 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.26 21:37:33 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2007.04.26 21:37:33 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2007.04.26 21:36:39 | 000,003,062 | ---- | C] () -- C:\Programme\MSetup.xml [2007.04.26 21:36:39 | 000,002,010 | ---- | C] () -- C:\Programme\MSetup.ini [2007.04.26 03:53:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.04.26 03:52:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.12.20 05:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2006.09.20 09:34:10 | 000,000,186 | ---- | C] () -- C:\Windows\Buhl.ini [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2008.02.19 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\aignes [2008.12.11 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo [2009.04.07 23:53:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BOM [2008.12.06 23:45:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service [2008.12.15 15:57:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service GmbH [2010.08.13 21:33:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon [2007.07.29 14:42:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CopyTrans [2007.11.25 00:47:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DataDesign [2009.06.06 00:14:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Foxit [2010.04.22 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GARMIN [2009.02.11 23:41:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GlarySoft [2009.02.21 23:34:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView [2008.11.10 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KeePass [2010.02.15 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LetsTrade [2010.03.15 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia [2010.03.15 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite [2008.11.15 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2009.05.02 21:18:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite [2008.04.13 14:25:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Pixum [2007.10.13 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung [2009.02.22 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TerraTec [2009.06.11 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software [2010.08.25 22:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.08.25 11:07:24 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.25 21:42:31 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job [2010.08.24 21:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job ========== Purity Check ========== < End of report > Und hier der 2. OTL LogFile:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.08.2010 22:26:58 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 30,33 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 49,25 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
h**p [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
h**ps [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Directory [Pixum EasyBook.exe] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19076740-DDD5-4B5E-BAEA-490EA2676657}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{1CDA0482-07F9-4CF5-95FC-0793643CACBB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{485C1223-398B-4B2E-9430-2CF3D66E8FB2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{7C19A52B-6CD8-47BE-81A3-163FDCC2FAF9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
"{E0CD1A15-0050-48F7-9956-B2DE4E77DED2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\wnt500x86\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0469BC87-F742-4E2F-A59C-6DA85E526EFB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{13EB55C5-29D3-4D46-984D-E9E7B867F049}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{16D370B8-1B1B-40D9-B1B3-649CDCB2B38C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{20111CF3-786A-4F4D-8A84-F7EF5D817CE2}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{21874EB7-8AFE-4523-B419-738AB1170B60}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{22053988-B2D0-44DA-8299-699DB30E98CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2461A41F-5647-403B-8181-33C07A705C79}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\apps\2.0\a6lezjwd.orc\npzezq0n.7zl\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{2F5D5C3D-C0BA-49BC-808B-38D36443812A}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{36581106-7CE2-4880-9732-8B9BC04F0114}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{3D9AA6B1-B17B-41E1-A1B4-DB55D3BB50B1}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{43BF04D5-2979-4C85-8A70-07F7F8C7ED08}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5F11DDB2-3452-43C5-8BAF-55BFC24ED4EA}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{68A6F5CE-6A8A-4A5A-B173-09C0EC18CCEC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87AD2AE4-02B9-433F-A39F-76EC29E78526}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{90BEF2A9-46EC-4B22-AA13-1B7ADA797246}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{91621E5D-8236-421C-926B-F4694D8A665A}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\apps\2.0\a6lezjwd.orc\npzezq0n.7zl\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe |
"{9A9D55DF-B2B9-428B-A23B-C84A9BDC21F2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6B89DF6-5104-48FF-BB56-3A697947D567}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5B31BDE-32F2-4BD3-8D13-7C7D2E2C8316}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BBA94029-BB11-49C2-B339-2EF0463C666A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C3088EE2-2FD5-413E-879A-9592DE0A8DC5}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{D1F97D5D-B5A6-488F-8B6B-DD09B2BC746B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DCF9452D-9B23-431F-8262-3A51260E44DF}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{E1DDEE71-BB06-4BB2-84C5-19CE28B8B55A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{E586CCB6-6F09-4A2A-90EA-98331485675A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{00B8E278-E260-43F9-A2A1-9705578D5294}" = Microsoft Web Farm Framework Version 1 for IIS 7
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{16376CAE-A46A-40a5-BD8D-A272F690A2E0}" = 8200
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1CE975D2-718E-465d-BBCB-8655F097C120}" = SF_CDD_Software
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{215C2536-35C7-4602-9612-A8833FBE0E20}" = SF_CDD_ProductContext
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}" = Internet Information Services (IIS) 7.0 Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{370BBA05-01E7-4BCC-9B38-E85DB8E13E11}" = Microsoft Silverlight 2 SDK
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{44061C54-0775-4AE1-B433-79BCC6431817}" = WISO Mein Geld 2009 Professional
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{596A8F65-C705-4e68-B85E-CE0B45490712}" = HP Photosmart Appliance Printer Driver Software 8.0.D
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729EC8B-AC5F-47A9-B825-C2BFB19A295C}" = Microsoft External Cache Version 1 for IIS 7
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{971CB542-EB91-45D1-8D47-593A2F945BD4}" = Microsoft URL Rewrite Module for IIS 7.0
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A6D39A1D-1797-44FF-91AD-66698188764F}" = IIS Media Pack 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB4EDC19-3B5E-4838-80E7-92454323B0FE}" = Garmin VoiceStudio v2.10
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE40A626-2967-40F3-9D6B-810511AF76BE}" = Microsoft Dynamic IP Restrictions for IIS 7 - Beta
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1DBECBB-6A81-483C-9D27-D9F121D12EBC}" = Web Deployment Tool Release Candidate 1
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA544957-00CB-4A5F-9A34-F49662C7DD5F}" = Microsoft Web Platform Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09B6E1D-2AFE-4EAA-A439-6389353B0780}" = Microsoft Application Request Routing Version 1 for IIS 7
"{E27DEAFD-1339-4D58-955D-06F6F7A35690}" = IIS Smooth Streaming - Beta
"{E36EE103-D2AA-41AD-81C4-0117A45B95AE}" = Microsoft Silverlight Tools for Visual Web Developer Express 2008 SP1 - ENU
"{E59555E2-6572-4BA5-90A9-3D2327739979}" = WebDAV 7.5 For IIS 7.0
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCC79EC-7CC0-46D6-A3D1-015169B6C293}" = OpenOffice.org 3.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F992232D-9989-484f-8419-6D5CBD462615}" = 8200_Help
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"aignesamdeadlink" = AM-DeadLink 3.3
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Biet-O-Matic v2.10.0" = Biet-O-Matic v2.10.0
"CCleaner" = CCleaner
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.1
"Defraggler" = Defraggler
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Free YouTube Download_is1" = Free YouTube Download 2.3
"FreePDF_XP" = FreePDF XP (Remove only)
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"Google Updater" = Google Updater
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"KeePass-1.11" = KeePass-1.11
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSC" = McAfee AntiVirus Plus
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Pixum EasyBook" = Pixum EasyBook
"Pixum EasyPrint" = Pixum EasyPrint 1.2
"PrintServer Utilities" = PrintServer Utilities
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Vista Anti-Lag" = Vista Anti-Lag 1.1.1
"VistaGlazz_is1" = VistaGlazz 2.0
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.08.2010 16:07:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1974333
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1975877
Error - 22.08.2010 16:07:42 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1975877
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1977468
Error - 22.08.2010 16:07:44 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1977468
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1978935
Error - 22.08.2010 16:07:45 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1978935
[ System Events ]
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 25.08.2010 04:59:20 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 25.08.2010 05:06:50 | Computer Name = ***-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.08.2010 15:19:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.08.2010 15:21:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
[ TuneUp Events ]
Error - 18.08.2010 17:36:38 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:36:37', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','332',0)
Error - 18.08.2010 17:37:18 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:37:18', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','3376',0)
Error - 18.08.2010 17:57:08 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:57:08', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','2196',0)
Error - 18.08.2010 17:57:18 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-18 23:57:18', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4248',0)
< End of report >
Ich würde mich sehr freuen, wenn mir jemand helfen könnte, den Rechner wieder auf Trab zu bringen. Schon jetzt vielen Dank im Voraus Grüße Geändert von intrus (25.08.2010 um 22:28 Uhr) |
|
25.08.2010, 22:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ |
|
26.08.2010, 06:16
| #3 |
| | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo Arne,
__________________hier der Log des Vollscans mit Malwarebyte: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4479 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 26.08.2010 01:17:59 mbam-log-2010-08-26 (01-17-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 277994 Laufzeit: 1 Stunde(n), 51 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Grüße Holger |
|
29.08.2010, 10:37
| #4 |
| | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo cosinus, auf den Thread "was tun, wenn niemand antwortet" kann ich nicht antworten. Ich bekomme nur die Meldung, dass ich dazu keine Rechte habe. Woran kann das liegen? Vielleicht findest Du diese Anfrage ja jetzt wieder. Das Problem ist das alte. Der Vollscan mit Mawarebytes hat das oben stehende ERgebnis gebracht. Danke für Deine Mühe Grüße intrus |
|
29.08.2010, 20:05
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Sry hab Deinen Strang übersehen. Hier ist zuviel los, passiert leider. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.08.2010, 18:57
| #6 |
| | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo cosinus, vielen Dank für Deine Antwort. CC Cleaner und ComboFix habe ich wie vorgeschlagen durchgeführt. Grüße intrus Hier die Log-Datei von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-29.04 - *** 30.08.2010 19:23:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.988 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Helper
c:\users\***\AppData\Local\Temp\ppcrlui_3136_2
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-30 ))))))))))))))))))))))))))))))
.
2010-08-30 17:34 . 2010-08-30 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-18 21:36 . 2010-08-18 21:36 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-08-18 21:36 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 21:36 . 2010-08-18 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:36 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 18:46 . 2010-08-17 18:46 -------- d-----w- c:\program files\Defraggler
2010-08-17 18:26 . 2010-08-30 17:10 -------- d-----w- c:\program files\CCleaner
2010-08-12 20:33 . 2010-01-21 09:46 441168 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-08-11 21:48 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 21:48 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 21:48 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 21:48 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 11:56 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-08-07 11:52 . 2008-07-11 00:28 92184 ----a-w- c:\windows\system32\SQSRVRES.DLL
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 16:00 . 2008-11-15 13:42 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 22:23 . 2007-04-26 19:10 7692 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 16:30 . 2007-11-24 22:50 -------- d-----w- c:\users\***\AppData\Roaming\Buhl Data Service GmbH
2010-08-29 16:15 . 2007-07-21 15:36 105800 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 11:27 . 2007-11-24 22:38 -------- d-----w- c:\program files\Buhl
2010-08-29 11:27 . 2007-11-24 22:39 -------- d-----w- c:\program files\Common Files\Buhl Data Service
2010-08-17 17:08 . 2007-07-21 22:31 83438 ----a-w- c:\users\***\AppData\Roaming\nvModes.dat
2010-08-16 21:24 . 2009-11-24 22:48 142935 ----a-w- c:\windows\hppins23.dat
2010-08-13 19:33 . 2007-08-03 20:58 -------- d-----w- c:\users\***\AppData\Roaming\Canon
2010-08-12 18:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 11:49 . 2007-04-26 20:02 -------- d-----w- c:\program files\Microsoft.NET
2010-08-07 11:46 . 2007-04-26 20:05 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-30 09:54 . 2007-04-26 01:59 788886 ----a-w- c:\windows\system32\perfh007.dat
2010-07-30 09:54 . 2007-04-26 01:59 185136 ----a-w- c:\windows\system32\perfc007.dat
2010-07-30 09:15 . 2010-06-21 19:17 -------- d-----w- c:\program files\iTunes
2010-07-30 09:15 . 2010-07-30 09:15 -------- d-----w- c:\program files\iPod
2010-07-30 09:15 . 2007-07-29 12:11 -------- d-----w- c:\program files\Common Files\Apple
2010-07-30 09:11 . 2010-07-30 09:11 -------- d-----w- c:\program files\Bonjour
2010-07-30 08:38 . 2010-07-30 08:38 32256 ----a-w- c:\windows\system32\MiniInstaller.dll
2010-07-30 08:38 . 2010-07-30 08:38 101248 ----a-w- c:\windows\system32\drivers\avmaudio.sys
2010-07-29 21:52 . 2007-04-26 20:11 -------- d-----w- c:\program files\McAfee.com
2010-07-28 22:20 . 2009-11-25 07:21 -------- d-----w- c:\users\***\AppData\Roaming\HP
2010-07-28 21:56 . 2010-07-28 21:56 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-28 21:47 . 2007-04-26 19:29 -------- d-----w- c:\program files\Samsung
2010-07-28 21:47 . 2007-04-26 19:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-28 21:40 . 2007-12-26 13:30 -------- d-----w- c:\users\***\AppData\Roaming\InstallShield
2010-07-28 21:11 . 2009-04-27 21:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-28 19:35 . 2007-04-26 20:10 -------- d-----w- c:\program files\McAfee
2010-07-28 19:33 . 2007-04-26 20:11 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-06 21:57 . 2008-12-30 22:55 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-07-06 18:19 . 2008-12-30 23:15 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-06-26 06:05 . 2010-08-11 21:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 21:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 21:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 21:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 21:49 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 21:49 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 21:49 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-11 21:49 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 21:49 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 09:37 . 2010-06-04 08:30 50176 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-02 09:37 . 2010-06-04 08:30 80896 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2007-03-21 00:32 . 2007-04-26 19:36 3062 ----a-w- c:\program files\MSetup.xml
2007-02-12 03:12 . 2007-04-26 19:36 2010 ----a-w- c:\program files\MSetup.ini
2007-01-09 00:43 . 2007-04-26 19:36 528040 ----a-w- c:\program files\MSetup.exe
2010-05-31 18:32 . 2010-07-28 19:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
------- Sigcheck -------
[-] 2009-11-24 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AVMUSBFernanschluss"="c:\users\***\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-07-30 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 805392]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Play AVStation TV Scheduler"=c:\program files\Samsung\Play AVStation\TvScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,24,48,2a,81,e7,c9,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2009-04-08 42888]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WMSvc;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-04-26 13312]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-07-30 101248]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-08-30 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
2010-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-03 20:29]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]
2010-08-30 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-09-25 12:26]
2010-08-30 c:\windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.myownstartpage.net/?cm=640368<=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl-start.computerbild.de/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-30 19:34
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-08-30 19:38:59
ComboFix-quarantined-files.txt 2010-08-30 17:38
Vor Suchlauf: 13 Verzeichnis(se), 27.746.078.720 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 27.553.845.248 Bytes frei
- - End Of File - - 2EE07E69FDE79A5DBB11AEB5B7FC41B0
|
|
30.08.2010, 19:06
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\windows\system32\msxml3.dll
c:\windows\system32\drivers\srv.sys
c:\windows\system32\drivers\srv2.sys
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\winrsmgr.dll
c:\windows\system32\SQSRVRES.DLL
c:\windows\System32\shsvcs.dll
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.08.2010, 23:22
| #8 |
| | PC läuft sehr langsam, svchost.exe lastet das System extrem aus So, alles wie beschrieben gemacht. Bin gespannt, wie es weiter geht. Grüße und Danke intrus Hier der Log-File von Combo-Fix: Combofix Logfile: Code:
ATTFilter ComboFix 10-08-29.04 - *** 31.08.2010 0:01.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1121 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Local\Temp\ppcrlui_1852_2
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-30 ))))))))))))))))))))))))))))))
.
2010-08-30 22:11 . 2010-08-30 22:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-30 22:11 . 2010-08-30 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 17:19 . 2010-08-30 17:39 -------- d-----w- C:\cofi
2010-08-18 21:36 . 2010-08-18 21:36 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-08-18 21:36 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 21:36 . 2010-08-18 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 21:36 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 18:46 . 2010-08-17 18:46 -------- d-----w- c:\program files\Defraggler
2010-08-17 18:26 . 2010-08-30 17:10 -------- d-----w- c:\program files\CCleaner
2010-08-12 20:33 . 2010-01-21 09:46 441168 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-08-11 21:48 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 21:48 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 21:48 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 21:48 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 11:56 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-08-07 11:52 . 2008-07-11 00:28 92184 ----a-w- c:\windows\system32\SQSRVRES.DLL
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 17:54 . 2007-04-26 19:10 7692 ----a-w- c:\windows\bthservsdp.dat
2010-08-30 16:00 . 2008-11-15 13:42 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 16:30 . 2007-11-24 22:50 -------- d-----w- c:\users\***\AppData\Roaming\Buhl Data Service GmbH
2010-08-29 16:15 . 2007-07-21 15:36 105800 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 11:27 . 2007-11-24 22:38 -------- d-----w- c:\program files\Buhl
2010-08-29 11:27 . 2007-11-24 22:39 -------- d-----w- c:\program files\Common Files\Buhl Data Service
2010-08-17 17:08 . 2007-07-21 22:31 83438 ----a-w- c:\users\***\AppData\Roaming\nvModes.dat
2010-08-16 21:24 . 2009-11-24 22:48 142935 ----a-w- c:\windows\hppins23.dat
2010-08-13 19:33 . 2007-08-03 20:58 -------- d-----w- c:\users\***\AppData\Roaming\Canon
2010-08-12 18:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 11:49 . 2007-04-26 20:02 -------- d-----w- c:\program files\Microsoft.NET
2010-08-07 11:46 . 2007-04-26 20:05 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-30 09:54 . 2007-04-26 01:59 788886 ----a-w- c:\windows\system32\perfh007.dat
2010-07-30 09:54 . 2007-04-26 01:59 185136 ----a-w- c:\windows\system32\perfc007.dat
2010-07-30 09:15 . 2010-06-21 19:17 -------- d-----w- c:\program files\iTunes
2010-07-30 09:15 . 2010-07-30 09:15 -------- d-----w- c:\program files\iPod
2010-07-30 09:15 . 2007-07-29 12:11 -------- d-----w- c:\program files\Common Files\Apple
2010-07-30 09:11 . 2010-07-30 09:11 -------- d-----w- c:\program files\Bonjour
2010-07-30 08:38 . 2010-07-30 08:38 32256 ----a-w- c:\windows\system32\MiniInstaller.dll
2010-07-30 08:38 . 2010-07-30 08:38 101248 ----a-w- c:\windows\system32\drivers\avmaudio.sys
2010-07-29 21:52 . 2007-04-26 20:11 -------- d-----w- c:\program files\McAfee.com
2010-07-28 22:20 . 2009-11-25 07:21 -------- d-----w- c:\users\***\AppData\Roaming\HP
2010-07-28 21:56 . 2010-07-28 21:56 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-28 21:47 . 2007-04-26 19:29 -------- d-----w- c:\program files\Samsung
2010-07-28 21:47 . 2007-04-26 19:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-28 21:40 . 2007-12-26 13:30 -------- d-----w- c:\users\***\AppData\Roaming\InstallShield
2010-07-28 21:11 . 2009-04-27 21:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-28 19:35 . 2007-04-26 20:10 -------- d-----w- c:\program files\McAfee
2010-07-28 19:33 . 2007-04-26 20:11 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-06 21:57 . 2008-12-30 22:55 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-07-06 18:19 . 2008-12-30 23:15 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-06-26 06:05 . 2010-08-11 21:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 21:49 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 21:49 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 21:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 21:49 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 21:49 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 21:49 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 17:35 . 2010-08-11 21:49 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 21:49 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 09:37 . 2010-06-04 08:30 50176 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2010-06-02 09:37 . 2010-06-04 08:30 80896 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2007-03-21 00:32 . 2007-04-26 19:36 3062 ----a-w- c:\program files\MSetup.xml
2007-02-12 03:12 . 2007-04-26 19:36 2010 ----a-w- c:\program files\MSetup.ini
2007-01-09 00:43 . 2007-04-26 19:36 528040 ----a-w- c:\program files\MSetup.exe
2010-05-31 18:32 . 2010-07-28 19:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\drivers\srv.sys ---
Company: Microsoft Corporation
File Description: Server driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: SRV.SYS.MUI
File size: 302080
Created time: 2010-08-11 21:48
Modified time: 2010-06-18 15:04
MD5: 96A5E2C642AF8F591A7366429809506B
SHA1: FB97D29B586DF5E6F8B0834E60452ACE07E7A284
--- c:\windows\system32\drivers\srv2.sys ---
Company: Microsoft Corporation
File Description: Smb 2.0 Server driver
File Version: 6.0.6002.18274 (vistasp2_gdr.100618-0530)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: SRV2.SYS
File size: 144896
Created time: 2010-08-11 21:48
Modified time: 2010-06-18 15:04
MD5: 71DA2D64880C97E5FFC3C81761632751
SHA1: D5F4D1673C2EC8132836A83A74E06AE9757A83F2
--- c:\windows\system32\drivers\tcpip.sys ---
Company: Microsoft Corporation
File Description: TCP/IP Driver
File Version: 6.0.6002.18272 (vistasp2_gdr.100616-0352)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: tcpip.sys
File size: 905088
Created time: 2010-08-11 21:48
Modified time: 2010-06-16 16:04
MD5: A474879AFA4A596B3A531F3E69730DBF
SHA1: 2B3E360D5E13F513640865CFC1F111620B5A8DD5
--- c:\windows\system32\msxml3.dll ---
Company: Microsoft Corporation
File Description: MSXML 3.0 SP10
File Version: 8.100.5003.0
Product Name: Microsoft(R) MSXML 3.0 SP10
Copyright: Copyright (C) Microsoft Corporation. 1981-2007
Original Filename: MSXML3.dll
File size: 1248768
Created time: 2010-08-11 21:48
Modified time: 2010-06-11 16:15
MD5: 2B338AB80CF27D14CB75D94E294A1AB8
SHA1: 0545925B9D7450A717FDECBBC764DDE238F34D87
--- c:\windows\System32\shsvcs.dll ---
Company: Microsoft Corporation
File Description: Windows-Shelldienste-DLL
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: SHSVCS.DLL.MUI
File size: 247296
Created time: 2009-06-07 14:28
Modified time: 2009-11-24 09:03
MD5: 690D53BD10A804BB6D0A772D1C0E6907
SHA1: 017BDF4DF8D78179CE6E2B76C097F91451784CD4
--- c:\windows\system32\SQSRVRES.DLL ---
Company: Microsoft Corporation
File Description: SQL Server Cluster Resource DLL
File Version: 2007.0100.1600.022 ((SQL_PreRelease).080709-1414 )
Product Name: Microsoft SQL Server
Copyright: Microsoft Corp. All rights reserved.
Original Filename: sqsrvres.dll
File size: 92184
Created time: 2010-08-07 11:52
Modified time: 2008-07-11 00:28
MD5: D99329DDB92A0C3F1DCE29B706514A2E
SHA1: 28F56B97EFB1F46D384E699EBBDAFA01CB075E3C
--- c:\windows\system32\winrsmgr.dll ---
Company: Microsoft Corporation
File Description: WSMan Shell API
File Version: 6.0.6002.18111 (vistasp2_gdr_win7ip_winman(wmbla).091009-1451)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: winrsmgr.dll
File size: 2048
Created time: 2010-08-07 11:56
Modified time: 2009-10-09 21:56
MD5: 3FA837E3C30334BA8CA5EEB2B375D50C
SHA1: 7D913CC7280CB6F2CBB9B016C7A3C92EE9314C2F
------- Sigcheck -------
[-] 2009-11-24 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-30_17.34.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-21 14:33 . 2010-08-30 16:16 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-21 14:33 . 2010-08-30 20:24 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-07-21 14:33 . 2010-08-30 20:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-21 14:33 . 2010-08-30 16:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-21 14:33 . 2010-08-30 20:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-07-21 14:33 . 2010-08-30 16:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-16 15:21 . 2010-08-30 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-16 15:21 . 2010-08-30 17:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-16 15:21 . 2010-08-30 17:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-16 15:21 . 2010-08-30 15:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-16 15:21 . 2010-08-30 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-16 15:21 . 2010-08-30 17:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-30 18:14 . 2010-08-30 18:14 25214 c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14 25214 c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14 25214 c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14 25214 c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14 25214 c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14 25214 c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-08-30 18:14 . 2010-08-30 18:14 25214 c:\windows\Installer\{BF1EC9C0-9C10-11DF-BBC7-005056C00008}\ARPPRODUCTICON.exe
+ 2010-08-30 17:56 . 2010-08-30 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-30 15:37 . 2010-08-30 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-30 17:56 . 2010-08-30 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-30 15:37 . 2010-08-30 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-30 18:14 . 2010-08-30 18:14 1219584 c:\windows\Installer\a1b5e.msi
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AVMUSBFernanschluss"="c:\users\***\AppData\Local\Apps\2.0\A6LEZJWD.ORC\NPZEZQ0N.7ZL\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe" [2010-07-30 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-16 805392]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Play AVStation TV Scheduler"=c:\program files\Samsung\Play AVStation\TvScheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,24,48,2a,81,e7,c9,01
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2009-04-08 42888]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WMSvc;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-04-26 13312]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2010-07-30 101248]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [2009-01-23 243840]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-08-30 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
2010-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-03 20:29]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]
2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 20:20]
2010-08-30 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-09-25 12:26]
2010-08-30 c:\windows\Tasks\User_Feed_Synchronization-{8E8A436B-0DAD-463B-A292-076DE172E0AC}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.myownstartpage.net/?cm=640368<=2&it=2008-02-16%2000%3A06%3A17&dt=2008-02-16%2000%3A52%3A40&q=about:blank
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://dsl-start.computerbild.de/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\idf69tkz.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-31 00:11
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-08-31 00:16:09
ComboFix-quarantined-files.txt 2010-08-30 22:16
ComboFix2.txt 2010-08-30 17:39
Vor Suchlauf: 19 Verzeichnis(se), 27.162.263.552 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 27.209.764.864 Bytes frei
- - End Of File - - CC0814742260491A473D60761B4B7911
|
|
31.08.2010, 08:30
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.08.2010, 21:38
| #10 |
| | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo cosinus, GMER ist beim 2. Mal gelaufen. Die osam.exe wird sofort von McAfee als Trojaner gelöscht. Wenn ich McAfee abschalte beendet OSAM den Scan nicht. Das Ergebnis des Remover darunter Grüße intrus Hier der GMER Log-File: {\rtf1\ansi\ansicpg1252\deff0\deflang1031{\fonttbl{\f0\fswiss\fcharset0 Arial;}} {\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\f0\fs20 GMER 1.0.15.15281 - hxxp://www.gmer.net\par Rootkit scan 2010-08-31 21:08:38\par Windows 6.0.6002 Service Pack 2\par Running: 8qhdetxd.exe; Driver: C:\\Users\\***\\AppData\\Local\\Temp\\ufryrpod.sys\par \par \par ---- System - GMER 1.0.15 ----\par \par Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88434D88]\par Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88434DB2]\par Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88434D9E]\par Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88434D74]\par Code \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection\par \par ---- Kernel code sections - GMER 1.0.15 ----\par \par .text ntoskrnl.exe!ZwYieldExecution 82879C0E 5 Bytes JMP 88434D78 \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par PAGE ntoskrnl.exe!ZwUnmapViewOfSection 82A50510 5 Bytes JMP 88434DA2 \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par PAGE ntoskrnl.exe!NtMapViewOfSection 82A50899 7 Bytes JMP 88434D8C \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par PAGE ntoskrnl.exe!ZwTerminateProcess 82A6004F 5 Bytes JMP 88434DB6 \\SystemRoot\\system32\\drivers\\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par .text C:\\Windows\\system32\\DRIVERS\\nvlddmkm.sys section is writeable [0x8CC0F340, 0x3448B7, 0xE8000020]\par \par ---- User code sections - GMER 1.0.15 ----\par \par .text C:\\Windows\\system32\\svchost.exe[308] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00240FE5 \par .text C:\\Windows\\system32\\svchost.exe[308] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00240000 \par .text C:\\Windows\\system32\\svchost.exe[308] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00240FCA \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 002200A7 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00220F61 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 002200E7 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 002200D6 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00220060 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 0022000A \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00220FAF \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0022008C \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00220F7C \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00220F9E \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00220F8D \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00220025 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00220071 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00220F35 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00220FD4 \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00220FEF \par .text C:\\Windows\\system32\\svchost.exe[308] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00220F50 \par .text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00720042 \par .text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!system 77C6804B 5 Bytes JMP 00720027 \par .text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00720FC8 \par .text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_open 77C6D106 5 Bytes JMP 0072000C \par .text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00720FB7 \par .text C:\\Windows\\system32\\svchost.exe[308] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00720FEF \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00230F97 \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00230FBC \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00230FEF \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00230039 \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00230F86 \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 0023001E \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00230FDE \par .text C:\\Windows\\system32\\svchost.exe[308] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00230FCD \par .text C:\\Windows\\system32\\svchost.exe[308] WS2_32.dll!socket 769936D1 3 Bytes JMP 00250000 \par .text C:\\Windows\\system32\\svchost.exe[308] WS2_32.dll!socket + 4 769936D5 1 Byte [89]\par .text C:\\Windows\\Explorer.EXE[684] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 03FD000A \par .text C:\\Windows\\Explorer.EXE[684] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 03FD0FEF \par .text C:\\Windows\\Explorer.EXE[684] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 03FD001B \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 01CD00E2 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 01CD0F9C \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 01CD0F55 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 01CD0F70 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 01CD00AC \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 01CD0040 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 01CD0051 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 01CD0FB7 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 01CD0091 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 01CD0FD4 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 01CD0080 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 01CD0FE5 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 01CD00C7 \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 01CD0F3A \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 01CD001B \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 01CD000A \par .text C:\\Windows\\Explorer.EXE[684] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 01CD0F81 \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 01CF0039 \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 01CF0FB2 \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 01CF0FEF \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 01CF0F97 \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 01CF004A \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 01CF0FCD \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 01CF0FDE \par .text C:\\Windows\\Explorer.EXE[684] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 01CF001E \par .text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 03FC003F \par .text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!system 77C6804B 5 Bytes JMP 03FC0FBE \par .text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 03FC001D \par .text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_open 77C6D106 5 Bytes JMP 03FC0000 \par .text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 03FC002E \par .text C:\\Windows\\Explorer.EXE[684] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 03FC0FE3 \par .text C:\\Windows\\Explorer.EXE[684] WS2_32.dll!socket 769936D1 5 Bytes JMP 01CC0000 \par .text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenA 76ACD690 5 Bytes JMP 01CE000A \par .text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenW 76ACDB09 5 Bytes JMP 01CE0025 \par .text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenUrlA 76ACF3A4 5 Bytes JMP 01CE0FEF \par .text C:\\Windows\\Explorer.EXE[684] WININET.dll!InternetOpenUrlW 76B16DDF 5 Bytes JMP 01CE0FCA \par .text C:\\Windows\\system32\\services.exe[820] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 0019000A \par .text C:\\Windows\\system32\\services.exe[820] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00190036 \par .text C:\\Windows\\system32\\services.exe[820] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00190025 \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00180F4D \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00180F68 \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00180F32 \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 001800BF \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00180F8D \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00180025 \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00180040 \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0018009D \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00180F9E \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00180FCA \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00180FAF \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 0018005B \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00180082 \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00180F17 \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00180FEF \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0018000A \par .text C:\\Windows\\system32\\services.exe[820] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 001800AE \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 001B0FBC \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 001B0FCD \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 001B0000 \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 001B0054 \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 001B006F \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 001B0FDE \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 001B0FEF \par .text C:\\Windows\\system32\\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 001B002F \par .text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00310FE5 \par .text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!system 77C6804B 5 Bytes JMP 00310070 \par .text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 0031003A \par .text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_open 77C6D106 5 Bytes JMP 0031000C \par .text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00310055 \par .text C:\\Windows\\system32\\services.exe[820] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00310029 \par .text C:\\Windows\\system32\\services.exe[820] WS2_32.dll!socket 769936D1 5 Bytes JMP 001A0000 \par .text C:\\Windows\\system32\\lsass.exe[948] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 000A0FE5 \par .text C:\\Windows\\system32\\lsass.exe[948] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 000A0FC0 \par .text C:\\Windows\\system32\\lsass.exe[948] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 000A0000 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00080F6D \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00080F7E \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00080F26 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00080F37 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 000800A2 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00080036 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00080FDB \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 000800B3 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00080087 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 0008006C \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00080FCA \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00080051 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00080FAD \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 000800D8 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00080025 \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0008000A \par .text C:\\Windows\\system32\\lsass.exe[948] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00080F52 \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00840F79 \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00840FAF \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00840000 \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00840F9E \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00840F68 \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 0084001B \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00840FE5 \par .text C:\\Windows\\system32\\lsass.exe[948] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00840FCA \par .text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00850FA8 \par .text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!system 77C6804B 5 Bytes JMP 00850FB9 \par .text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00850FD4 \par .text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00850FEF \par .text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00850029 \par .text C:\\Windows\\system32\\lsass.exe[948] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00850018 \par .text C:\\Windows\\system32\\lsass.exe[948] WS2_32.dll!socket 769936D1 5 Bytes JMP 00830FEF \par .text C:\\Windows\\system32\\svchost.exe[1136] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 008A0000 \par .text C:\\Windows\\system32\\svchost.exe[1136] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 008A0FE5 \par .text C:\\Windows\\system32\\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 008A001B \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 002A0F31 \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 002A0F4C \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 002A0F05 \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 002A0F16 \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 002A0F5D \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 002A0FCD \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 002A0FBC \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreatePipe 769E8E6E 3 Bytes JMP 002A0077 \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreatePipe + 4 769E8E72 1 Byte [89]\par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 002A0F6E \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryW 769E9362 3 Bytes JMP 002A0F90 \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryW + 4 769E9366 1 Byte [89]\par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryExA 769E94B4 3 Bytes JMP 002A0F7F \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryExA + 4 769E94B8 1 Byte [89]\par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryA 769E94DC 3 Bytes JMP 002A0FAB \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!LoadLibraryA + 4 769E94E0 1 Byte [89]\par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!VirtualProtectEx 769EDBDA 3 Bytes JMP 002A005C \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!VirtualProtectEx + 4 769EDBDE 1 Byte [89]\par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 002A00B7 \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 002A0FDE \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 002A0FEF \par .text C:\\Windows\\system32\\svchost.exe[1136] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 002A0092 \par .text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00300F8B \par .text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!system 77C6804B 5 Bytes JMP 00300FA6 \par .text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00300FB7 \par .text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00300FEF \par .text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 0030000C \par .text C:\\Windows\\system32\\svchost.exe[1136] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00300FD2 \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 002F0F9E \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 002F0FC0 \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 002F0000 \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 002F0FAF \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 002F0F83 \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 002F002C \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 002F001B \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 3 Bytes JMP 002F0FDB \par .text C:\\Windows\\system32\\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW + 4 77A37BA5 1 Byte [88]\par .text C:\\Windows\\system32\\svchost.exe[1136] WS2_32.dll!socket 769936D1 5 Bytes JMP 00290000 \par .text C:\\Windows\\system32\\svchost.exe[1144] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00750FEF \par .text C:\\Windows\\system32\\svchost.exe[1144] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00750011 \par .text C:\\Windows\\system32\\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00750000 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00740F63 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 007400B3 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00740F34 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 007400D5 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00740F92 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00740FEF \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00740040 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 007400A2 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00740FA3 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00740051 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 0074006C \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00740FD4 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00740091 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 007400E6 \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0074001B \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0074000A \par .text C:\\Windows\\system32\\svchost.exe[1144] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 007400C4 \par .text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 007A0F88 \par .text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!system 77C6804B 5 Bytes JMP 007A0FA3 \par .text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 007A0FC8 \par .text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_open 77C6D106 5 Bytes JMP 007A0000 \par .text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 007A001D \par .text C:\\Windows\\system32\\svchost.exe[1144] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 007A0FE3 \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00770F7C \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00770FB2 \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00770FEF \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00770F97 \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00770F6B \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00770FCD \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00770FDE \par .text C:\\Windows\\system32\\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 0077001E \par .text C:\\Windows\\system32\\svchost.exe[1144] WS2_32.dll!socket 769936D1 5 Bytes JMP 00760FE5 \par .text C:\\Windows\\system32\\svchost.exe[1204] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00850FEF \par .text C:\\Windows\\system32\\svchost.exe[1204] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00850FD4 \par .text C:\\Windows\\system32\\svchost.exe[1204] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 0085000A \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00840F28 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00840F4D \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00840EF2 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00840089 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00840067 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00840FD4 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00840FB9 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00840F5E \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00840F8D \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00840025 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00840040 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00840F9E \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00840078 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 0084009A \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0084000A \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00840FE5 \par .text C:\\Windows\\system32\\svchost.exe[1204] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00840F17 \par .text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 008E0031 \par .text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!system 77C6804B 5 Bytes JMP 008E0FA6 \par .text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 008E0FC1 \par .text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_open 77C6D106 5 Bytes JMP 008E0FEF \par .text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 008E0016 \par .text C:\\Windows\\system32\\svchost.exe[1204] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 008E0FD2 \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00870F83 \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 0087001B \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00870FEF \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00870F94 \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 0087004A \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00870FCA \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00870000 \par .text C:\\Windows\\system32\\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00870FAF \par .text C:\\Windows\\system32\\svchost.exe[1204] WS2_32.dll!socket 769936D1 5 Bytes JMP 00860FE5 \par .text C:\\Windows\\System32\\svchost.exe[1268] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00BB000A \par .text C:\\Windows\\System32\\svchost.exe[1268] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00BB0FD4 \par .text C:\\Windows\\System32\\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00BB0FE5 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00AD00B5 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00AD009A \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00AD00D7 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00AD00C6 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00AD005D \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00AD0FD4 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00AD0FB9 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00AD0089 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00AD004C \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00AD0F8D \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00AD002F \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00AD0FA8 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00AD0078 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00AD00E8 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00AD0000 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00AD0FE5 \par .text C:\\Windows\\System32\\svchost.exe[1268] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00AD0F54 \par .text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00F7005F \par .text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!system 77C6804B 5 Bytes JMP 00F70FDE \par .text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00F70033 \par .text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00F70000 \par .text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00F70044 \par .text C:\\Windows\\System32\\svchost.exe[1268] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00F70FEF \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00F60F94 \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00F60FC0 \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00F60000 \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00F60FAF \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00F60F83 \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00F60FE5 \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00F60011 \par .text C:\\Windows\\System32\\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00F60036 \par .text C:\\Windows\\System32\\svchost.exe[1268] WS2_32.dll!socket 769936D1 5 Bytes JMP 00BC0000 \par .text C:\\Windows\\system32\\svchost.exe[1308] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00650000 \par .text C:\\Windows\\system32\\svchost.exe[1308] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00650FE5 \par .text C:\\Windows\\system32\\svchost.exe[1308] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 0065001B \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 0062007B \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00620F2B \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00620EE4 \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00620EFF \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00620F5E \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 0062000A \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 0062001B \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00620F3C \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00620F6F \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 0062002C \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00620F80 \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00620FAF \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00620F4D \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00620ED3 \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00620FD4 \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00620FE5 \par .text C:\\Windows\\system32\\svchost.exe[1308] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00620F10 \par .text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00640FBC \par .text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!system 77C6804B 5 Bytes JMP 00640047 \par .text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00640022 \par .text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00640FEF \par .text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00640FCD \par .text C:\\Windows\\system32\\svchost.exe[1308] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00640FDE \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00630062 \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00630040 \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00630FE5 \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00630051 \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00630FAF \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00630025 \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00630000 \par .text C:\\Windows\\system32\\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00630FCA \par .text C:\\Windows\\system32\\svchost.exe[1308] WS2_32.dll!socket 769936D1 5 Bytes JMP 00610000 \par .text C:\\Windows\\system32\\svchost.exe[1316] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00E9000A \par .text C:\\Windows\\system32\\svchost.exe[1316] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00E90FDE \par .text C:\\Windows\\system32\\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00E90FEF \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 009D0F2B \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 009D0071 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 009D0096 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 009D0EFF \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 009D0056 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 009D0014 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 009D0FC3 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 009D0F50 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 009D0F7C \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 009D0039 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 009D0F97 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 009D0FB2 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 009D0F61 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 009D0EE4 \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 009D0FDE \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 009D0FEF \par .text C:\\Windows\\system32\\svchost.exe[1316] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 009D0F1A \par .text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 009F0F7F \par .text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!system 77C6804B 5 Bytes JMP 009F0014 \par .text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 009F0FB5 \par .text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_open 77C6D106 5 Bytes JMP 009F0FEF \par .text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 009F0F9A \par .text C:\\Windows\\system32\\svchost.exe[1316] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 009F0FC6 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 009E0073 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 009E0051 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 009E0000 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 009E0062 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 009E0FB6 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 009E0FE5 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 009E0011 \par .text C:\\Windows\\system32\\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 009E0036 \par .text C:\\Windows\\system32\\svchost.exe[1316] WS2_32.dll!socket 769936D1 5 Bytes JMP 009C0000 \par .text C:\\Windows\\System32\\svchost.exe[1344] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00F50FE5 \par .text C:\\Windows\\System32\\svchost.exe[1344] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00F5000A \par .text C:\\Windows\\System32\\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00F50FD4 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00F40097 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00F40F47 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00F40F1B \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00F400B2 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00F40F7A \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00F40FEF \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00F40FD4 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00F40F58 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00F40F8B \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00F40FB9 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00F40FA8 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00F40036 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00F40F69 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00F40F0A \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00F4001B \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00F40000 \par .text C:\\Windows\\System32\\svchost.exe[1344] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00F40F36 \par .text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00FD004B \par .text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!system 77C6804B 5 Bytes JMP 00FD003A \par .text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00FD0029 \par .text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00FD0000 \par .text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00FD0FCA \par .text C:\\Windows\\System32\\svchost.exe[1344] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00FD0FEF \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00F80F7C \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00F80FA8 \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00F80FE5 \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00F80F97 \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00F80F61 \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00F80FCA \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00F80000 \par .text C:\\Windows\\System32\\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00F80FB9 \par .text C:\\Windows\\System32\\svchost.exe[1344] WS2_32.dll!socket 769936D1 5 Bytes JMP 00F60FEF \par .text C:\\Windows\\system32\\svchost.exe[1360] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00E00000 \par .text C:\\Windows\\system32\\svchost.exe[1360] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00E00FDE \par .text C:\\Windows\\system32\\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00E00FEF \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00DE00AE \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00DE0F68 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00DE00EB \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00DE00D0 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00DE0F94 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00DE0FE5 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00DE0040 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00DE0093 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00DE0FA5 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00DE0062 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00DE0FB6 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00DE0051 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00DE0F83 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00DE0106 \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00DE001B \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00DE000A \par .text C:\\Windows\\system32\\svchost.exe[1360] kernel32.dll!WinExec |
|
31.08.2010, 21:39
| #11 |
| | PC läuft sehr langsam, svchost.exe lastet das System extrem aus hier gehts weiter: 76A55CF7 5 Bytes JMP 00DE00BF \par .text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 01690069 \par .text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!system 77C6804B 5 Bytes JMP 01690FD4 \par .text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 01690FEF \par .text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_open 77C6D106 5 Bytes JMP 0169000C \par .text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 01690044 \par .text C:\\Windows\\system32\\svchost.exe[1360] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 01690029 \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00DF0FC0 \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00DF0FD1 \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00DF0000 \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00DF0062 \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00DF0F9B \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00DF0022 \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00DF0011 \par .text C:\\Windows\\system32\\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00DF003D \par .text C:\\Windows\\system32\\svchost.exe[1360] WS2_32.dll!socket 769936D1 5 Bytes JMP 014E0FE5 \par .text C:\\Windows\\system32\\svchost.exe[1488] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00160FE5 \par .text C:\\Windows\\system32\\svchost.exe[1488] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00160FB9 \par .text C:\\Windows\\system32\\svchost.exe[1488] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00160FD4 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 001400B6 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00140F70 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00140F33 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00140F4E \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00140076 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00140FDE \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00140FCD \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0014009B \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00140065 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00140FB2 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00140054 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00140039 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00140F81 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 001400E5 \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0014000A \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00140FEF \par .text C:\\Windows\\system32\\svchost.exe[1488] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00140F5F \par .text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00180FA6 \par .text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!system 77C6804B 5 Bytes JMP 00180FB7 \par .text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00180016 \par .text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00180FEF \par .text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00180027 \par .text C:\\Windows\\system32\\svchost.exe[1488] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00180FD2 \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00150FD4 \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 0015005B \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00150000 \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00150080 \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00150FC3 \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00150FEF \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 0015001B \par .text C:\\Windows\\system32\\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 0015004A \par .text C:\\Windows\\system32\\svchost.exe[1488] WS2_32.dll!socket 769936D1 5 Bytes JMP 00170000 \par .text C:\\Windows\\system32\\svchost.exe[1540] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 008B0FEF \par .text C:\\Windows\\system32\\svchost.exe[1540] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 008B0FC3 \par .text C:\\Windows\\system32\\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 008B0FDE \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00890F46 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 0089008C \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 008900D3 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 008900AE \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00890F75 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00890FDE \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00890FC3 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0089007B \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00890F86 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00890FA1 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00890043 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00890FB2 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 0089006A \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 008900EE \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00890014 \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00890FEF \par .text C:\\Windows\\system32\\svchost.exe[1540] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 0089009D \par .text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 009A0F7C \par .text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!system 77C6804B 5 Bytes JMP 009A0F97 \par .text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 009A0000 \par .text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_open 77C6D106 5 Bytes JMP 009A0FEF \par .text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 009A0011 \par .text C:\\Windows\\system32\\svchost.exe[1540] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 009A0FC6 \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77A139AB 1 Byte [E9]\par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 008A0FAF \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 008A0FC0 \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 008A0000 \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 008A0051 \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 008A006C \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 008A001B \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 008A0FE5 \par .text C:\\Windows\\system32\\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 008A002C \par .text C:\\Windows\\system32\\svchost.exe[1540] WS2_32.dll!socket 769936D1 5 Bytes JMP 008C0FEF \par .text C:\\Windows\\system32\\svchost.exe[1732] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00F50000 \par .text C:\\Windows\\system32\\svchost.exe[1732] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00F50FDB \par .text C:\\Windows\\system32\\svchost.exe[1732] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00F50011 \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00DD0F68 \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00DD00AE \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00DD0F3C \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00DD00DD \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00DD0082 \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00DD0022 \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00DD0FDB \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00DD009D \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00DD0F9E \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00DD0FB9 \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00DD005B \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00DD0FCA \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00DD0F8D \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00DD0F2B \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00DD0011 \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00DD0000 \par .text C:\\Windows\\system32\\svchost.exe[1732] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00DD0F57 \par .text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00F7004E \par .text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!system 77C6804B 5 Bytes JMP 00F70FC3 \par .text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00F70018 \par .text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00F70FEF \par .text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00F70033 \par .text C:\\Windows\\system32\\svchost.exe[1732] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00F70FDE \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00F40FC0 \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00F40047 \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 00F40FEF \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00F40062 \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00F40FAF \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00F40025 \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00F4000A \par .text C:\\Windows\\system32\\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00F40036 \par .text C:\\Windows\\system32\\svchost.exe[1732] WS2_32.dll!socket 769936D1 5 Bytes JMP 00F60FEF \par .text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenA 76ACD690 5 Bytes JMP 00F30000 \par .text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenW 76ACDB09 5 Bytes JMP 00F30FE5 \par .text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenUrlA 76ACF3A4 5 Bytes JMP 00F30FD4 \par .text C:\\Windows\\system32\\svchost.exe[1732] WININET.dll!InternetOpenUrlW 76B16DDF 5 Bytes JMP 00F3001B \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 03A9000A \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 03A90FE5 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 03A9001B \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 03A6007B \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 03A60060 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 03A600B1 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 03A60F10 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 03A60F57 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 03A60011 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 03A60FC0 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 03A60F35 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 03A60F68 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 03A60F94 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 03A60F79 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 03A60FA5 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 03A60F46 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 03A60EFF \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 03A60FE5 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 03A60000 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 03A6008C \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 03A8003D \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!system 77C6804B 5 Bytes JMP 03A80022 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 03A80FBC \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_open 77C6D106 5 Bytes JMP 03A80000 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 03A80011 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 03A80FE3 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 03A70036 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 03A7001B \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 03A70FEF \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 03A70F94 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 03A70051 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 03A7000A \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 03A70FCA \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 03A70FB9 \par .text C:\\Program Files\\Microsoft SQL Server\\MSSQL10.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe[1968] WS2_32.dll!socket 769936D1 5 Bytes JMP 03A50FE5 \par .text C:\\Windows\\System32\\svchost.exe[2156] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00190000 \par .text C:\\Windows\\System32\\svchost.exe[2156] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00190FD4 \par .text C:\\Windows\\System32\\svchost.exe[2156] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00190FE5 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 001600AB \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00160F65 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 001600E1 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 00160F4A \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00160F9B \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00160036 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00160047 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 0016009A \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00160075 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00160058 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00160FB6 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00160FDB \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00160F80 \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00160F2F \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0016001B \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 0016000A \par .text C:\\Windows\\System32\\svchost.exe[2156] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 001600C6 \par .text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wsystem 77C67F2F 1 Byte [E9]\par .text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00180033 \par .text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!system 77C6804B 5 Bytes JMP 00180FA8 \par .text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 00180FCD \par .text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00180FEF \par .text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00180022 \par .text C:\\Windows\\System32\\svchost.exe[2156] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00180FDE \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00170F83 \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00170F9E \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 0017000A \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00170025 \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00170F68 \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00170FDE \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00170FEF \par .text C:\\Windows\\System32\\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00170FB9 \par .text C:\\Windows\\System32\\svchost.exe[2156] WS2_32.dll!socket 769936D1 5 Bytes JMP 00090000 \par .text C:\\Windows\\System32\\svchost.exe[2228] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 001F000A \par .text C:\\Windows\\System32\\svchost.exe[2228] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 001F0FD4 \par .text C:\\Windows\\System32\\svchost.exe[2228] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 001F0FEF \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 000B0EFA \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 000B0F15 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 000B0091 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 000B0076 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 000B0040 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 000B0FC3 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 000B0FA8 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 000B0F30 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 000B0F72 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 000B001E \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 000B002F \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 000B0F97 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 000B0F4B \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 000B00A2 \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 000B0FDE \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 000B0FEF \par .text C:\\Windows\\System32\\svchost.exe[2228] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 000B005B \par .text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 000D0FAD \par .text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!system 77C6804B 5 Bytes JMP 000D0FC8 \par .text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 000D001D \par .text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_open 77C6D106 5 Bytes JMP 000D000C \par .text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 000D0038 \par .text C:\\Windows\\System32\\svchost.exe[2228] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 000D0FEF \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 000C006C \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 000C0040 \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 000C0000 \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 000C005B \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 000C0FA5 \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 000C001B \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 000C0FE5 \par .text C:\\Windows\\System32\\svchost.exe[2228] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 000C0FD4 \par .text C:\\Windows\\System32\\svchost.exe[2228] WS2_32.dll!socket 769936D1 5 Bytes JMP 000A0FEF \par .text C:\\Windows\\system32\\svchost.exe[2368] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00700000 \par .text C:\\Windows\\system32\\svchost.exe[2368] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 00700FE5 \par .text C:\\Windows\\system32\\svchost.exe[2368] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 0070001B \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 006D0F26 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 006D0F37 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 006D0087 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 006D0EF0 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 006D0F52 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 006D0FCA \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 006D0011 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 006D0058 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 006D0F6F \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 006D0F80 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 006D0022 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 006D0FA5 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 006D0047 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 006D0ED5 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 006D0FDB \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 006D0000 \par .text C:\\Windows\\system32\\svchost.exe[2368] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 006D0F15 \par .text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 006F003D \par .text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!system 77C6804B 5 Bytes JMP 006F0FB2 \par .text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 006F0011 \par .text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_open 77C6D106 5 Bytes JMP 006F0FE3 \par .text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 006F0022 \par .text C:\\Windows\\system32\\svchost.exe[2368] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 006F0000 \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 006E0073 \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 006E0FD1 \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 006E000A \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 006E0062 \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 006E0084 \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 006E002C \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 006E001B \par .text C:\\Windows\\system32\\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 006E0047 \par .text C:\\Windows\\system32\\svchost.exe[2368] WS2_32.dll!socket 769936D1 5 Bytes JMP 00240000 \par .text C:\\Windows\\system32\\svchost.exe[2496] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 009F0FEF \par .text C:\\Windows\\system32\\svchost.exe[2496] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 009F0FCD \par .text C:\\Windows\\system32\\svchost.exe[2496] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 009F0FDE \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 00980080 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00980F3A \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 009800C0 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 009800A5 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 0098005B \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 00980FE5 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 00980FC0 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00980F55 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 0098004A \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00980F9E \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 00980F8D \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00980FAF \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00980F66 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00980F04 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 0098001B \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00980000 \par .text C:\\Windows\\system32\\svchost.exe[2496] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00980F29 \par .text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 009E0049 \par .text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!system 77C6804B 5 Bytes JMP 009E0038 \par .text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 009E001D \par .text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_open 77C6D106 5 Bytes JMP 009E0000 \par .text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 009E0FC8 \par .text C:\\Windows\\system32\\svchost.exe[2496] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 009E0FEF \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 009D0F7C \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 009D0FA8 \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 009D0000 \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 009D0F8D \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 009D0F61 \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 009D0FCA \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 009D0FDB \par .text C:\\Windows\\system32\\svchost.exe[2496] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 009D0FB9 \par .text C:\\Windows\\system32\\svchost.exe[2496] WS2_32.dll!socket 769936D1 5 Bytes JMP 00930FEF \par .text C:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe[2612] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 71639AE2 C:\\Program Files\\Common Files\\McAfee\\McProxy\\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)\par .text C:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe[2612] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 71639A20 C:\\Program Files\\Common Files\\McAfee\\McProxy\\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)\par .text C:\\Windows\\system32\\wuauclt.exe[3524] ntdll.dll!NtCreateFile 77D243D4 5 Bytes JMP 00040FE5 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ntdll.dll!NtCreateProcess 77D24494 5 Bytes JMP 0004000A \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ntdll.dll!NtProtectVirtualMemory 77D24D34 5 Bytes JMP 00040FD4 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!GetStartupInfoW 769C1929 5 Bytes JMP 0001008E \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!GetStartupInfoA 769C19C9 5 Bytes JMP 00010F48 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateProcessW 769C1BF3 5 Bytes JMP 00010F08 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateProcessA 769C1C28 5 Bytes JMP 0001009F \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!VirtualProtect 769C1DC3 5 Bytes JMP 00010058 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateNamedPipeA 769C2EF5 5 Bytes JMP 0001001B \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateNamedPipeW 769C5C0C 5 Bytes JMP 0001002C \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreatePipe 769E8E6E 5 Bytes JMP 00010F63 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryExW 769E9109 5 Bytes JMP 00010F74 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryW 769E9362 5 Bytes JMP 00010F9B \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryExA 769E94B4 5 Bytes JMP 0001003D \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!LoadLibraryA 769E94DC 5 Bytes JMP 00010FB6 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!VirtualProtectEx 769EDBDA 5 Bytes JMP 00010073 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!GetProcAddress 76A0903B 5 Bytes JMP 00010EF7 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateFileW 76A0AECB 5 Bytes JMP 00010000 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!CreateFileA 76A0CE5F 5 Bytes JMP 00010FEF \par .text C:\\Windows\\system32\\wuauclt.exe[3524] kernel32.dll!WinExec 76A55CF7 5 Bytes JMP 00010F2D \par .text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_wsystem 77C67F2F 5 Bytes JMP 00070049 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!system 77C6804B 5 Bytes JMP 00070038 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_creat 77C6BBE1 5 Bytes JMP 0007000C \par .text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_open 77C6D106 5 Bytes JMP 00070FE3 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_wcreat 77C6D326 5 Bytes JMP 00070027 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] msvcrt.dll!_wopen 77C6D501 5 Bytes JMP 00070FD2 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyExA 77A139AB 5 Bytes JMP 00080FDE \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyA 77A13BA9 5 Bytes JMP 00080065 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyA 77A189C7 5 Bytes JMP 0008000A \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyW 77A2391E 5 Bytes JMP 00080076 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegCreateKeyExW 77A241F1 5 Bytes JMP 00080FCD \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyExA 77A27C42 5 Bytes JMP 00080FEF \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyW 77A2E2B5 5 Bytes JMP 00080025 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] ADVAPI32.dll!RegOpenKeyExW 77A37BA1 5 Bytes JMP 00080040 \par .text C:\\Windows\\system32\\wuauclt.exe[3524] WS2_32.dll!socket 769936D1 5 Bytes JMP 00140FE5 \par \par ---- User IAT/EAT - GMER 1.0.15 ----\par \par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747B7817] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7480A86D] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747BBB22] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747AF695] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747B75E9] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747AE7CA] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747E8395] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747BDA60] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747AFFFA] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747AFF61] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747A71CF] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7483CAE2] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747DC8D8] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747AD968] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipFree] [747A6853] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipAlloc] [747A687E] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Windows\\Explorer.EXE[684] @ C:\\Windows\\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747B2AD1] C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)\par IAT C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe[1804] @ C:\\Windows\\system32\\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00D276E0] C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)\par IAT C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe[1804] @ C:\\Windows\\system32\\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00D27740] C:\\Program Files\\Common Files\\McAfee\\SystemCore\\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)\par \par ---- Devices - GMER 1.0.15 ----\par \par AttachedDevice \\FileSystem\\Ntfs \\Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)\par AttachedDevice \\Driver\\kbdclass \\Device\\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)\par AttachedDevice \\Driver\\tdx \\Device\\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)\par \par Device \\Driver\\BTHUSB \\Device\\00000071 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)\par Device \\Driver\\BTHUSB \\Device\\00000073 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)\par \par AttachedDevice \\Driver\\tdx \\Device\\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)\par \par ---- Registry - GMER 1.0.15 ----\par \par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ca0 \par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0cab \par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ccf \par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f \par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076109d093 0xBE 0x71 0x6F 0xA2 ...\par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0007610a45c5 0x63 0x0B 0x36 0x42 ...\par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0012471a5b4d 0x5A 0x05 0x5B 0xF1 ...\par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0001e3be7d5f 0x72 0x1B 0x9B 0x26 ...\par Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076108f7fb 0xA3 0xB6 0xBA 0xAD ...\par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ca0 (not active ControlSet) \par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0cab (not active ControlSet) \par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\0002783d0ccf (not active ControlSet) \par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f (not active ControlSet) \par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076109d093 0xBE 0x71 0x6F 0xA2 ...\par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0007610a45c5 0x63 0x0B 0x36 0x42 ...\par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0012471a5b4d 0x5A 0x05 0x5B 0xF1 ...\par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@0001e3be7d5f 0x72 0x1B 0x9B 0x26 ...\par Reg HKLM\\SYSTEM\\ControlSet003\\Services\\BTHPORT\\Parameters\\Keys\\00027875610f@00076108f7fb 0xA3 0xB6 0xBA 0xAD ...\par \par ---- EOF - GMER 1.0.15 ----\par } # Hier das Ergebnis des bootkit_remover: Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.1.0.0 OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6 002), 32-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`80100000 Boot sector MD5 is: 4b154a99a615e82aee4f69fabfe5ed3d Size Device Name MBR Status -------------------------------------------- 186 GB \\.\PhysicalDrive0 Unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot code manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; Press any key to quit... |
|
31.08.2010, 23:20
| #12 |
| | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Hallo cosinus, Die osam.exe wird von irgendeinem McAfee Shield, den ich nicht abschalten kann, während des Scans gelöscht. Selbst wen ich McAfee aus der autostart lösche, wird der Scan unterbrochen und die osam.exe ist gelöscht. Vielleicht hast Du ja dazu eine Idee. Danke und Grüße intrus |
|
01.09.2010, 11:52
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC läuft sehr langsam, svchost.exe lastet das System extrem aus McAfee bitte deaktivieren!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.09.2010, 10:18
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC läuft sehr langsam, svchost.exe lastet das System extrem aus Noch andere Virenscanner bzw. Virenscannerähnliche Tools drauf? Notfalls Alles was McAfee deinstallieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PC läuft sehr langsam, svchost.exe lastet das System extrem aus |
| 32 bit, agere systems, autorun, bonjour, components, corp./icp, defender, desktop, device driver, ebay, error, explorer, firefox, firefox.exe, format, google, home, home premium, install.exe, kb973917, langsam, location, logfile, microsoft office 2003, mozilla, nvidia, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl.exe, pc läuft, picasa, plug-in, problem, programdata, realtek, registry, rundll, saver, search.hijacker, searchplugins, searchscopes, security, security update, sehr langsam, server, shell32.dll, skype.exe, software, staropen, start menu, studio, svchost.exe, system, torrent.exe, vista, visual studio |
Linear-Darstellung
