| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hinWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.10.2010, 21:15
| #1 |
| |  Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin Sorry, aber ich habe verucht den Anleitungen zu folgen. Doch ohne Erfolg. Es lässt sich otl nicht öffnen. mbam-setup.com geht auch nicht. Ich denke ich habe was falsch gemacht suche aber schon zwei Stunden nach meinem Fehler. Könnt Ihr mir helfen? Danke und Gruss Marcel P.S: Habe nun im Abgesicherten Modus endlich malware ans laufen bekommen! Mahce nun einen Scan. Puuh Sorry! :-( Geändert von celzwei (23.10.2010 um 21:24 Uhr) |
|
23.10.2010, 21:42
| #2 |
| /// Malwareteam   | Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Poste mir dann das Log von Malwarebytes. |
|
25.10.2010, 15:22
| #3 |
| | Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin Hier die Protokolle:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4929 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18975 23.10.2010 23:25:16 mbam-log-2010-10-23 (23-25-16).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 151508 Laufzeit: 8 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\601174 (Rogue.SecurityTool) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Marcel Juchem\AppData\Local\601174.exe (Rogue.SecurityTool) -> No action taken. C:\Users\Marcel Juchem\AppData\Local\Temp\Low\OTL.exe (Trojan.Dropper.PGen) -> No action taken. C:\Users\Marcel Juchem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken. C:\Users\Marcel Juchem\AppData\Local\Temp\114.jpg (Trojan.Clicker) -> No action taken. das zweite: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4929 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18975 23.10.2010 23:25:24 mbam-log-2010-10-23 (23-25-24).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 151508 Laufzeit: 8 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\601174 (Rogue.SecurityTool) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Marcel Juchem\AppData\Local\601174.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\Marcel Juchem\AppData\Local\Temp\Low\OTL.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. C:\Users\Marcel Juchem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Users\Marcel Juchem\AppData\Local\Temp\114.jpg (Trojan.Clicker) -> Quarantined and deleted successfully. und der grosse Scan: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4929 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 24.10.2010 01:40:51 mbam-log-2010-10-24 (01-40-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|J:\|) Durchsuchte Objekte: 341667 Laufzeit: 2 Stunde(n), 10 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. C:\Users\Marcel Juchem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7OW0X9O6\OTL[1].exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. Danke im voraus!! Gruss Marcel P.S.: Es funktioniert augenscheinlich erst einmal alles und deutlich schneller! ;-) |
|
25.10.2010, 20:20
| #4 |
| /// Malwareteam | Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Schritt 2 Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. |
|
26.10.2010, 18:02
| #5 |
| | Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin Schritt1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.10.2010 18:43:24 - Run 1 OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Marcel Juchem\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 108,15 Gb Free Space | 49,98% Space Free | Partition Type: NTFS Drive I: | 11,72 Gb Total Space | 5,23 Gb Free Space | 44,62% Space Free | Partition Type: NTFS Drive J: | 107,22 Gb Total Space | 34,58 Gb Free Space | 32,25% Space Free | Partition Type: NTFS Computer Name: CEL-PC | User Name: Marcel Juchem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.10.23 21:43:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Juchem\Desktop\OTL.exe PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.08.24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2010.08.24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe PRC - [2010.08.24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mfevtps.exe PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.06.24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2009.10.30 17:06:47 | 002,276,744 | ---- | M] (mquadr.at software engineering und consulting GmbH) -- C:\Programme\Web.de\LiveUpdate\m2LUTray.exe PRC - [2009.09.24 15:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.06 18:51:28 | 003,885,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.05.12 09:36:46 | 000,036,949 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Programme\TP-LINK\QSS\jswtrayutil.exe PRC - [2008.04.18 18:39:18 | 000,161,160 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.02.29 15:44:50 | 000,016,384 | ---- | M] () -- C:\Programme\TP-LINK\QSS\HwBtnSvc.exe PRC - [2008.02.29 15:26:00 | 000,028,672 | ---- | M] () -- C:\Programme\TP-LINK\QSS\HwBtnDetector.exe PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 09:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.16 00:54:54 | 000,037,376 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2007.11.16 15:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe PRC - [2007.11.12 10:07:36 | 007,061,504 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Speedport W 101 Stick WLAN Manager\Speedport W 101 Stick.exe PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.09.25 14:59:52 | 000,532,776 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2007.09.25 14:57:30 | 001,336,616 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\LxWebAccess\LxWebAccess.exe PRC - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ========== Modules (SafeList) ========== MOD - [2010.10.23 21:43:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Juchem\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.07.14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\sahook.dll ========== Win32 Services (SafeList) ========== SRV - [2010.08.24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010.08.24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010.08.24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.02.06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008.04.16 16:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\TP-LINK\QSS\jswpsapi.exe -- (jswpsapi) SRV - [2008.02.29 15:44:50 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Programme\TP-LINK\QSS\HwBtnSvc.exe -- (JSWHwBtn) SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.02.08 16:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.08.24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010.08.24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2010.08.24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2010.08.24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010.08.24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010.08.24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2010.08.24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2010.08.24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.11.27 15:50:51 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.11.27 15:50:51 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.02.06 18:08:52 | 000,055,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2008.09.22 04:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V) DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2008.07.24 09:17:00 | 000,437,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arusb_lh.sys -- (arusb_lh) DRV - [2008.07.10 21:22:28 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ezplay.sys -- (ezplay) DRV - [2008.02.22 17:16:08 | 000,024,360 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2008.01.19 09:41:25 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.06 09:40:58 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WlanGZG.sys -- (ZY202_VS) DRV - [2007.11.06 09:40:58 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ZDCndis5.sys -- (ZDCNDIS5) DRV - [2007.11.03 01:53:24 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2007.11.03 01:53:24 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.11.02 15:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) DRV - [2007.11.02 15:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) DRV - [2007.11.02 15:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 15:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) DRV - [2007.11.02 15:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 15:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM) DRV - [2007.11.02 15:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.10.02 16:30:06 | 001,967,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.06.01 17:46:00 | 007,479,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt) DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus) DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.02.20 20:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche" FF - prefs.js..browser.search.order.1: "WEB.DE Suche" FF - prefs.js..browser.search.order.2: "amazon.de" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de" FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.6.2 FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=searchplugin&su=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.10.23 08:59:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.22 09:28:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.22 09:28:28 | 000,000,000 | ---D | M] [2010.01.23 12:59:21 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\mozilla\Extensions [2010.10.26 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\mozilla\Firefox\Profiles\f0jhogh6.default\extensions [2010.09.07 21:43:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcel Juchem\AppData\Roaming\mozilla\Firefox\Profiles\f0jhogh6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.23 12:59:03 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Marcel Juchem\AppData\Roaming\mozilla\Firefox\Profiles\f0jhogh6.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.23 12:59:29 | 000,005,591 | ---- | M] () -- C:\Users\Marcel Juchem\AppData\Roaming\Mozilla\FireFox\Profiles\f0jhogh6.default\searchplugins\1und1-suche.xml [2010.01.23 12:59:29 | 000,001,371 | ---- | M] () -- C:\Users\Marcel Juchem\AppData\Roaming\Mozilla\FireFox\Profiles\f0jhogh6.default\searchplugins\amazonde.xml [2010.01.23 12:59:29 | 000,010,605 | ---- | M] () -- C:\Users\Marcel Juchem\AppData\Roaming\Mozilla\FireFox\Profiles\f0jhogh6.default\searchplugins\gmx-suche.xml [2010.09.24 19:45:02 | 000,001,420 | ---- | M] () -- C:\Users\Marcel Juchem\AppData\Roaming\Mozilla\FireFox\Profiles\f0jhogh6.default\searchplugins\preisvergleich.xml [2010.01.23 12:59:29 | 000,005,588 | ---- | M] () -- C:\Users\Marcel Juchem\AppData\Roaming\Mozilla\FireFox\Profiles\f0jhogh6.default\searchplugins\webde-suche.xml [2010.10.25 14:37:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.23 12:58:54 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.23 12:58:54 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2010.04.29 20:38:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.26 20:45:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.25 14:37:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.13 09:21:46 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.13 09:21:46 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.13 09:21:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.13 09:21:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.13 09:21:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20100918114254.dll (McAfee, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [jswtrayutil] C:\Program Files\TP-LINK\QSS\jswtrayutil.exe (TP-LINK TECHNOLOGIES CO., LTD.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WEB.DE Update] C:\Programme\Web.de\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Marcel Juchem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player Version 1.x) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Marcel Juchem\Pictures\Bilder 04.04.10\P1010794.JPG O24 - Desktop BackupWallPaper: C:\Users\Marcel Juchem\Pictures\Bilder 04.04.10\P1010794.JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.10.23 23:37:44 | 000,000,000 | ---D | C] -- C:\Users\Marcel Juchem\Marcel Juchem [2010.10.23 22:34:34 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010.10.23 22:22:58 | 000,000,000 | ---D | C] -- C:\Users\Marcel Juchem\AppData\Roaming\Malwarebytes [2010.10.23 22:22:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.23 22:22:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.23 22:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.23 22:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.23 21:44:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marcel Juchem\Desktop\mbam-setup.com [2010.10.23 21:43:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel Juchem\Desktop\OTL.exe [2010.10.18 22:36:08 | 000,000,000 | ---D | C] -- C:\Users\Marcel Juchem\Application Data [2010.10.09 14:47:38 | 000,000,000 | ---D | C] -- C:\Users\Marcel Juchem\Simply Rent [2010.10.01 09:59:33 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.01 09:59:29 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.10.01 09:52:33 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.10.01 09:50:29 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2009.11.10 09:09:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7D2B.dll [2008.07.10 21:22:28 | 000,094,208 | ---- | C] (VSO Software) -- C:\Users\Marcel Juchem\AppData\Roaming\ezplay.sys [2008.07.10 21:21:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marcel Juchem\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2010.10.26 18:45:57 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{89EBFC42-78D6-4748-9516-0F69AFC7C569}.job [2010.10.26 18:14:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.26 18:14:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.26 18:13:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.26 18:13:51 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2010.10.25 17:35:44 | 000,023,761 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Buchhaltung Simply Rent.xlsx [2010.10.25 15:15:25 | 000,016,948 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Kassenbuch 08.09.10.xlsx [2010.10.25 15:15:07 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.25 15:15:07 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.25 15:15:07 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.25 15:15:07 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.25 15:12:04 | 000,029,815 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Brüssel Vermietungen.xlsx [2010.10.23 22:22:55 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.23 21:44:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marcel Juchem\Desktop\mbam-setup.com [2010.10.23 21:43:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel Juchem\Desktop\OTL.exe [2010.10.23 21:34:20 | 239,570,637 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.23 18:22:38 | 000,014,134 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Umsatzanalyse.xlsx [2010.10.23 09:19:20 | 000,269,312 | ---- | M] () -- C:\Users\Marcel Juchem\Desktop\glf-tool.xls [2010.10.23 09:08:58 | 000,009,589 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Aufwendungen Autos.xlsx [2010.10.19 12:02:55 | 000,013,573 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Sami prices 18.10.10.xlsx [2010.10.19 12:00:18 | 000,023,012 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Embassy prices Sami.xlsx [2010.10.19 11:27:15 | 000,039,328 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Embassy prices 25.08.10.xlsx [2010.10.17 11:28:27 | 000,012,075 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Aufstellung Nebenkosten Hans und Gerda.xlsx [2010.10.17 11:26:11 | 000,013,666 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Nebenkostenabrechnug 2010.xlsx [2010.10.12 23:03:00 | 000,379,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.10 13:35:26 | 000,010,770 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Kundeninformationen.xlsx [2010.10.09 12:04:28 | 001,109,606 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\neudenken cc unirent.pdf [2010.10.09 11:43:21 | 000,049,094 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Auflistung Fremdanmietung 01.08.10.xlsx [2010.10.08 19:56:06 | 000,013,719 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Meshal Prices 08.10.10.xlsx [2010.10.06 21:08:01 | 000,011,699 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Klakulation Fahrzeuge United 2.xlsx [2010.10.05 18:00:35 | 000,059,904 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Simply rent Rechnungsbogen S-Klasse Al Naqbi.doc [2010.09.29 18:19:05 | 000,023,679 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\10031 Oasis consulting 25.09.-25.10.10.pdf [2010.09.29 14:27:45 | 000,023,990 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\10020 Invoice Golf Amar Allachi 25.08. - 25.09.10.pdf [2010.09.28 11:21:46 | 000,059,392 | ---- | M] () -- C:\Users\Marcel Juchem\Documents\Simply rent Rechnungsbogen.doc [2010.09.27 23:55:09 | 000,095,232 | ---- | M] () -- C:\Users\Marcel Juchem\Desktop\Abtretung.xls ========== Files Created - No Company Name ========== [2010.10.23 23:26:22 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys [2010.10.23 22:22:55 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.23 18:22:38 | 000,014,134 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Umsatzanalyse.xlsx [2010.10.19 12:02:55 | 000,013,573 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Sami prices 18.10.10.xlsx [2010.10.17 11:15:48 | 000,013,666 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Nebenkostenabrechnug 2010.xlsx [2010.10.10 13:19:22 | 000,010,770 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Kundeninformationen.xlsx [2010.10.09 12:04:28 | 001,109,606 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\neudenken cc unirent.pdf [2010.10.08 19:55:24 | 000,013,719 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Meshal Prices 08.10.10.xlsx [2010.10.02 19:16:14 | 000,009,589 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Aufwendungen Autos.xlsx [2010.10.01 14:24:18 | 000,011,699 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Klakulation Fahrzeuge United 2.xlsx [2010.09.29 18:19:04 | 000,023,679 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\10031 Oasis consulting 25.09.-25.10.10.pdf [2010.09.29 16:33:12 | 000,023,761 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\Buchhaltung Simply Rent.xlsx [2010.09.29 14:27:44 | 000,023,990 | ---- | C] () -- C:\Users\Marcel Juchem\Documents\10020 Invoice Golf Amar Allachi 25.08. - 25.09.10.pdf [2010.09.27 23:55:09 | 000,095,232 | ---- | C] () -- C:\Users\Marcel Juchem\Desktop\Abtretung.xls [2010.05.16 15:11:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.06.06 19:44:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2008.12.28 00:19:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.07.20 13:07:44 | 000,109,508 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\NMM-MetaData.db [2008.07.10 21:22:42 | 000,000,034 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\ezplay.log [2008.07.10 21:22:28 | 000,007,861 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\ezplay.cat [2008.07.10 21:22:28 | 000,001,103 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\ezplay.inf [2008.07.10 21:22:28 | 000,000,125 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\ezplay.ini [2008.07.10 21:22:28 | 000,000,034 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\pcouffin.log [2008.07.10 21:21:36 | 000,087,608 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\inst.exe [2008.07.10 21:21:36 | 000,007,887 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\pcouffin.cat [2008.07.10 21:21:36 | 000,001,144 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\pcouffin.inf [2008.04.27 23:45:09 | 000,000,009 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Roaming\mdb.bin [2008.04.13 19:49:49 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2008.04.13 11:08:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.02.03 13:50:22 | 000,001,686 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.01.20 17:28:51 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2008.01.20 17:28:51 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2008.01.20 17:28:51 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2008.01.19 13:16:34 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.01.19 13:07:48 | 000,067,584 | ---- | C] () -- C:\Users\Marcel Juchem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.14 02:15:03 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2006.12.10 16:52:04 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006.11.04 04:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.29 16:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006.09.24 22:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006.09.24 22:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2005.11.09 13:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 13:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 13:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2001.10.10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.03.07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll ========== LOP Check ========== [2010.06.19 09:46:27 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Amazon [2009.11.08 10:19:35 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Canon [2008.05.12 19:14:22 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Haufe [2009.02.23 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Image Zone Express [2008.01.20 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Lexware [2008.07.20 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Nokia [2008.07.20 13:05:46 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\NSeries [2010.02.07 12:25:45 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Panasonic [2008.07.20 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\PC Suite [2009.02.23 18:00:08 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Printer Info Cache [2009.04.13 13:25:24 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\uTorrent [2008.07.11 06:56:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel Juchem\AppData\Roaming\Vso [2010.10.26 18:11:22 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.26 18:45:57 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{89EBFC42-78D6-4748-9516-0F69AFC7C569}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007.07.13 11:14:43 | 000,000,018 | ---- | M] () -- C:\appinst.cmd [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007.12.14 11:01:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.10.26 18:13:51 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2007.12.13 19:46:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007.11.04 16:30:17 | 131,184,639 | ---- | M] () -- C:\MANAGER08.mdf [2007.10.31 08:19:49 | 000,038,106 | ---- | M] () -- C:\MANAGER08.mds [2007.12.13 19:46:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.10.26 18:13:50 | 3533,447,168 | -HS- | M] () -- C:\pagefile.sys [2007.12.13 18:42:07 | 000,001,245 | ---- | M] () -- C:\Prodlog.txt [2006.11.09 16:05:25 | 000,000,042 | ---- | M] () -- C:\sort-d.txt [2008.04.27 23:42:30 | 000,000,282 | ---- | M] () -- C:\TO_InstallLog.txt [2008.12.28 00:22:47 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini [2006.11.14 09:42:33 | 000,000,015 | ---- | M] () -- C:\vtype.cmd < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.06.18 12:19:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.05.26 22:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9E.DLL [2008.05.26 22:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9E.DLL [2007.01.29 15:21:10 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2009.02.06 19:46:50 | 000,308,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > [2008.01.13 14:53:30 | 000,001,690 | -H-- | M] () -- C:\Users\Marcel Juchem\AppData\Roaming\Microsoft\LastFlashConfig.WFC < %PROGRAMFILES%\*.* > [2008.03.22 12:56:32 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.12.14 11:01:11 | 008,011,776 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.12.14 11:01:08 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.12.14 11:01:11 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.12.14 11:01:21 | 016,478,208 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.12.14 11:01:22 | 006,029,312 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-26 16:23:50 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.10.2010 18:43:24 - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Marcel Juchem\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 108,15 Gb Free Space | 49,98% Space Free | Partition Type: NTFS
Drive I: | 11,72 Gb Total Space | 5,23 Gb Free Space | 44,62% Space Free | Partition Type: NTFS
Drive J: | 107,22 Gb Total Space | 34,58 Gb Free Space | 32,25% Space Free | Partition Type: NTFS
Computer Name: CEL-PC | User Name: Marcel Juchem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098F432C-97AC-4EAC-ABE3-53D9E72D1D30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C4C0447-F8AA-40D6-A106-70C30584256C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FFC400A-4E24-4277-929E-67C3D17A61BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CC03407-EC8A-4A08-91FB-E9321468391F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44DBE365-9D53-442A-A946-17BADF4AD079}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AEABFD0-9293-4DEC-92F1-3CF0A7647B8D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5AE9E837-5693-429D-9E05-096B298BE197}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A1230C1-6163-4EA6-99B2-29CE33BE7637}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD523151-D26B-430C-9F36-C33D5ED82DD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4BD1C1C-09E5-4813-A4DA-C28C5CE0F892}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EAAEEBEA-77A4-4FE4-AE5A-57D6FB9EA8D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30047017-0616-4818-8070-5A2A2C67CC6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3FCC47EB-6684-4257-A848-C6BD79BFFD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BACBF0C-A106-49E0-9888-32C642D8ACA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59C3E4C8-5EEA-4313-9FB6-BCEEB4126EDA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5BDDBB3C-02A3-4B36-956E-2E6C71611551}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80559809-40F3-4B9C-9B91-626BA85A2584}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{84E05F76-2864-430B-AA91-BBBF56770D79}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8B61F53E-3AE7-4B6C-B478-2EA3EF2C0C23}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8D41F503-CCDD-4FE7-BD42-E2A99AE9FA18}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{8DC81599-EADA-4EBC-B4E2-E25B17630CA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{906C9FDF-F2A7-4498-A2FB-6DC9F4157AC9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{974B4191-8F7F-4045-8D6C-6D11CA98A55B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9F88053B-419F-4DBA-B84E-AFE7BD3C1B65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A00C723C-5336-43DE-98AC-004FE204B83F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C59ABB52-4C27-4575-9C97-4B440C593808}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDF8434B-0901-4798-B5E1-DE6916F61E25}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D44EBF82-06AA-40A0-AB73-3422FAA6ED98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DAE1610C-D2AF-4554-8AD9-0BEDA307AAA5}" = protocol=6 | dir=out | app=system |
"{EA96CDC7-1E5E-4CC4-B3CC-122736337D0A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC0964E5-0FD2-409F-BF5A-4F021BE347A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD62CA78-1A78-4846-A380-B18151B0A84F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{07FAD4B3-95BB-4256-BDCA-C664FA8FDDA7}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"TCP Query User{A51BC271-EEBD-4DE8-B3D1-82BC5C8DF974}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B555267B-98F6-4DF6-8EBD-FB080025EFEE}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{E1F28611-841F-49F1-B220-AF391A7496B1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{1F68990D-056E-43FF-9CE9-A83A1E963969}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{5F0EA49F-FEF2-4CD2-9F75-6F6F9DFF3702}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{A92D6F0E-2D9D-4E9A-A09C-3A6610E3B8CF}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |
"UDP Query User{FB351770-9AE4-4084-A4E4-812CA5EF5878}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6
"{03C5896D-8F49-471E-8F92-801A94570038}" = VideoCam Suite
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{1716D952-F601-4A07-8988-7FCFAEDE6FDC}" = TAXMAN Bibliothek 2008
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}" = Nokia Nseries Video Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3186AEAE-E104-424D-9152-1BF6A4404758}" = Nokia Software Updater
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A7E8601-F0C9-49A0-855A-EEDEEFE11F7E}" = Lexware buchhalter 2007
"{3B0F41B5-C87C-4B33-91F5-ED024EB683F9}" = QSS Installation Program
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C2622CB-0C96-4875-BAD6-E3DDF63EF5FE}" = Steuer Update 14.01
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F6D3D01-AAD3-482A-BFB7-81E0D3D09BC8}" = Steuer Update 14.01
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F91BB7B-34E9-4B52-B997-DD79C18EBB9C}" = Steuer Update 14.01
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{6094AB91-4CC8-498E-9DFF-134CC0B159DE}" = PC Connectivity Solution
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3A2A6C-59CD-4A6D-9516-0A34C393ED95}" = Nokia MTP driver
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96E94E18-54D6-42C1-8FC4-24DACEDC3395}" = Nokia NSeries System Utilities
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9AE57057-8E31-40EC-A8DD-A357E5291031}" = SecurDisc Viewer
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9BF57E8E-AE20-41C7-8BDC-88E5BDEA659F}" = QSS Installation Program
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A8C856AD-63CD-4613-AA29-E6C85607EA06}" = Nokia Software Launcher
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B877EB7B-DE53-46F7-AF2A-AF5E3677B625}" = Lexware buchhalter 2007
"{B9730F5B-AAE9-4D89-ADEC-424F8E5B9325}" = Steuer Update 14.01
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEDFB0D0-CA1E-4CBA-9664-B25A74019D0C}" = Lexware Info Service
"{C13F11D1-00BA-44DF-B626-35E1C03F85E5}" = D1300
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = Speedport W 101 Stick WLAN Manager
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CBC544C4-EBFC-4471-8FE3-BF3DDCEE3840}" = Lexware buchhalter 2007
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2500C71-5D43-4BA0-B044-9BA9A3A11CAD}" = Lexware buchhalter 2007
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8CFA6A1-2FBE-4062-B40D-9E15E2443EC4}" = TL-WN821N Wireless Utility
"{E94603CA-2996-4154-8EE2-A5FCD4BFB500}" = Nokia Lifeblog 2.5
"{EAFD70B2-FF28-45CD-B4F2-F99E82FD39A3}" = Steuer Update 14.01
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC4D5610-F99A-41C8-BA00-9801F81A46CD}" = Lexware buchhalter 2007
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F331FBDC-7DCF-4598-9E7C-E11865677AB4}" = TAXMAN 2008
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EE8763-EAA8-4BC1-8594-8501F5F00414}" = Nokia NSeries One Touch Access
"{F55CA27A-8C3C-4E7D-891B-D29FD3259A94}" = TAXMAN 2008
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier
"{F89E5AD8-AE47-49B5-B9F9-C498791E6255}" = Nokia NSeries Music Manager
"{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}" = Nokia NSeries Multimedia Player
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSC" = McAfee Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"Telekom Fotoservice" = Telekom Fotoservice
"Update Service" = Update Service
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WEB.DE Update" = WEB.DE Update
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
26.10.2010, 19:43
| #6 |
| | Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-26 20:26:38
Windows 6.0.6002 Service Pack 2
Running: jiqtvthw.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\ufldqpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x830B9068]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x830B9092]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x830B907E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x830B9054]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 826659D2 5 Bytes JMP 830B9058 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8282ADA3 5 Bytes JMP 830B9096 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8284A4FA 7 Bytes JMP 830B906C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8284A7BD 5 Bytes JMP 830B9082 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC09340, 0x33F6F7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[236] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 04550000
.text C:\Windows\Explorer.EXE[236] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 04550036
.text C:\Windows\Explorer.EXE[236] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 04550025
.text C:\Windows\Explorer.EXE[236] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 044F0F26
.text C:\Windows\Explorer.EXE[236] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 044F0F37
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 044F0EFA
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 044F0F0B
.text C:\Windows\Explorer.EXE[236] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 044F0F63
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 044F001B
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 044F002C
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 044F0F48
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 044F0F80
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 044F003D
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 044F0F9B
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 044F0FC0
.text C:\Windows\Explorer.EXE[236] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 044F0062
.text C:\Windows\Explorer.EXE[236] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 044F00A2
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 044F000A
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 044F0FE5
.text C:\Windows\Explorer.EXE[236] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 044F0091
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 045E0039
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 045E0FB2
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 045E0FEF
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 045E0F97
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 045E0054
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 045E0FC3
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 045E0FDE
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 3 Bytes JMP 045E001E
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyExW + 4 75D27BA5 1 Byte [8E]
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 0457006E
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!system 75AD804B 5 Bytes JMP 04570049
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0457001D
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_open 75ADD106 5 Bytes JMP 04570FEF
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 0457002E
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 0457000C
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenA 7659D690 5 Bytes JMP 045F0000
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenW 7659DB09 5 Bytes JMP 045F0011
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenUrlA 7659F3A4 5 Bytes JMP 045F0FD1
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenUrlW 765E6D5F 5 Bytes JMP 045F0FC0
.text C:\Windows\Explorer.EXE[236] WS2_32.dll!socket 75C836D1 5 Bytes JMP 045D0000
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00800000
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00800036
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 0080001B
.text C:\Windows\system32\services.exe[772] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 009D0F4B
.text C:\Windows\system32\services.exe[772] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 009D0F66
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 009D0F29
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 009D0F3A
.text C:\Windows\system32\services.exe[772] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 009D0FA3
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 009D0025
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 009D0036
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 009D0F77
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 009D007D
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 009D0FCA
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 009D006C
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 009D0051
.text C:\Windows\system32\services.exe[772] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 009D0F88
.text C:\Windows\system32\services.exe[772] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 009D00D1
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 009D000A
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\services.exe[772] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 009D00AC
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 009C006F
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 009C0FD4
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 009C000A
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 009C0FC3
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 009C0FB2
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 009C001B
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 009C004A
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00850F90
.text C:\Windows\system32\services.exe[772] msvcrt.dll!system 75AD804B 5 Bytes JMP 00850FA1
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00850000
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00850FEF
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00850011
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00850FD2
.text C:\Windows\system32\services.exe[772] WS2_32.dll!socket 75C836D1 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00870F37
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 0087007D
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 008700A9
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00870098
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00870F88
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00870036
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00870051
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00870F52
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00870F99
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00870062
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00870FB6
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00870FDB
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00870F63
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00870EED
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 0087001B
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00870000
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00870F26
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00700FA8
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00700025
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00700FEF
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 0070004A
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 0070005B
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 0070000A
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00700FD4
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00700FB9
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 000C0055
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!system 75AD804B 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 000C0029
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_open 75ADD106 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 000C003A
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 000C000C
.text C:\Windows\system32\lsass.exe[784] WS2_32.dll!socket 75C836D1 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00100000
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00100FDB
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00100011
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00840F7C
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 008400C2
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00840F3F
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00840F50
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 0084009D
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00840025
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00840036
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00840F8D
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00840FB9
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00840051
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00840076
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00840FA8
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 008400E7
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 0084000A
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00840F6B
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00110FAB
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!system 75AD804B 5 Bytes JMP 00110036
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0011001B
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00110FC6
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00110FD7
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00830F8A
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00830036
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00830FE5
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00830FA5
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00830051
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 0083001B
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00830FCA
.text C:\Windows\system32\svchost.exe[980] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00710000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00710036
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00710011
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00990076
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00990F30
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 009900B3
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 009900A2
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00990F81
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00990011
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00990036
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00990F4B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 0099005B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00990FAF
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00990F9E
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00990FC0
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00990F5C
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00990F01
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00990087
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 008A0FB0
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!system 75AD804B 5 Bytes JMP 008A0FC1
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 008A001D
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_open 75ADD106 5 Bytes JMP 008A000C
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 008A0FD2
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 008A0FE3
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00980FA5
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00980047
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00980000
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00980FB6
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00980062
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00980FDB
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00980011
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 0098002C
.text C:\Windows\system32\svchost.exe[1044] WS2_32.dll!socket 75C836D1 5 Bytes JMP 008F000A
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008A0FCA
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008A0000
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 02000F2F
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 02000F54
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 02000F03
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 02000F14
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 0200007F
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 02000000
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 02000011
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 02000F6F
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 02000F9B
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 0200003D
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 02000058
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 0200002C
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 02000F8A
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 020000AB
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 02000FCA
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 02000FE5
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 02000090
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 008B0F8D
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!system 75AD804B 5 Bytes JMP 008B0018
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 008B0FC3
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_open 75ADD106 5 Bytes JMP 008B0FEF
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 008B0FA8
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 008B0FDE
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 008D0058
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 008D003D
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 008D000A
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 008D0FB6
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 008D0073
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 008D0FDB
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 008D001B
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 008D002C
.text C:\Windows\System32\svchost.exe[1088] WS2_32.dll!socket 75C836D1 5 Bytes JMP 008C0000
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenA 7659D690 5 Bytes JMP 02010000
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenW 7659DB09 5 Bytes JMP 02010011
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenUrlA 7659F3A4 5 Bytes JMP 02010FDB
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenUrlW 765E6D5F 5 Bytes JMP 02010022
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008F0025
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00CF00A5
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00CF0F5F
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00CF0F26
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00CF00C7
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00CF0080
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00CF002F
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00CF004A
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00CF0F7A
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00CF0FB2
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00CF0FC3
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00CF0065
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00CF0FD4
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00CF0F95
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00CF0F0B
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00CF0FEF
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00CF000A
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00CF00B6
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00890FAD
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!system 75AD804B 5 Bytes JMP 00890038
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0089001D
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_open 75ADD106 5 Bytes JMP 0089000C
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00890FBE
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00890FE3
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00C90F9E
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00C90FAF
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00C9000A
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00C90036
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00C90F8D
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00C9001B
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00C90FEF
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00C90FCA
.text C:\Windows\System32\svchost.exe[1200] WS2_32.dll!socket 75C836D1 5 Bytes JMP 008E0FEF
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008F001B
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00D600DA
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00D600BF
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00D60F5E
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00D60F6F
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00D60093
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00D6002F
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00D60040
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00D600A4
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00D60FB9
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00D6005B
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00D6006C
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00D60FD4
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00D60F94
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00D60110
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00D6000A
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00D60FEF
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00D600EB
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00910F8B
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!system 75AD804B 5 Bytes JMP 00910FA6
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0091000C
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00910FEF
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00910FB7
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00910FDE
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00D50039
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00D50FA8
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00D50FEF
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00D50F97
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00D50F7C
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00D50014
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00D50FDE
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00D50FB9
.text C:\Windows\System32\svchost.exe[1244] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00D4000A
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00DE0011
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00DE0FDB
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 011B004C
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 011B0F06
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 011B0ED0
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 011B0EE1
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 011B0F46
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 011B0000
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 011B0FB9
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 011B003B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 011B0F57
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 011B0F83
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 011B0F72
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 011B0F9E
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 011B0F2B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 011B0EB5
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 011B0FD4
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 011B0FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 011B005D
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 0104004E
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!system 75AD804B 5 Bytes JMP 0104003D
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 01040FDE
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_open 75ADD106 5 Bytes JMP 01040FEF
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 01040FCD
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 0104000C
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 01060073
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 01060047
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 01060000
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 01060058
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 01060084
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 0106001B
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 01060FE5
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 0106002C
.text C:\Windows\system32\svchost.exe[1296] WS2_32.dll!socket 75C836D1 5 Bytes JMP 01050FE5
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00140014
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00140FDE
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00180098
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00180087
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 001800DF
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 001800CE
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00180F77
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00180FCA
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00180FB9
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00180F5C
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00180F9E
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00180040
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 0018005B
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00180025
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 001800FA
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00180FE5
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 001800A9
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00150FB2
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!system 75AD804B 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00150FD4
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00150000
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00150029
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00170051
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00170FCA
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00170087
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00170036
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[1388] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00160FE5
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00120FD4
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 010A00D3
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 010A0F83
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 010A00EE
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 010A0F57
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 010A0093
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 010A0025
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 010A0FD4
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 010A00AE
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 010A0082
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 010A0065
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 010A0FB9
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 010A004A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 010A0FA8
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 010A00FF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 010A000A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 010A0FEF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 010A0F72
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00DF005D
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!system 75AD804B 5 Bytes JMP 00DF004C
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00DF0FD2
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00DF0027
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 01010F83
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 01010FAF
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 01010FEF
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 01010F94
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 01010F72
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 01010FD4
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 01010000
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 01010025
.text C:\Windows\system32\svchost.exe[1452] WS2_32.dll!socket 75C836D1 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenA 7659D690 5 Bytes JMP 01570FEF
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenW 7659DB09 5 Bytes JMP 0157000A
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenUrlA 7659F3A4 5 Bytes JMP 01570FD4
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenUrlW 765E6D5F 5 Bytes JMP 01570025
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00D20FDB
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00D2001B
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00D10F7C
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00D100B8
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00D1010C
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00D10F6B
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00D10071
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00D10FCA
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00D10025
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00D100A7
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00D10F97
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00D10FB9
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00D10FA8
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00D10036
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00D10082
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00D10F5A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00D1000A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00D100E7
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00D50FCA
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!system 75AD804B 5 Bytes JMP 00D50055
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00D5003A
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00D5000C
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00D50FE5
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00D50029
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00DF005B
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00DF0FB9
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00DF0040
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00DF006C
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00DF001B
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1596] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00C20000
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00C2002C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00C20011
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00AF00C2
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00AF0F72
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00AF00EE
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00AF0F61
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00AF006E
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00AF0FB9
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00AF000A
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00AF0F83
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00AF0051
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00AF002C
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00AF0F94
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00AF001B
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00AF0093
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00AF00FF
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00AF0FD4
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00AF0FE5
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00AF00D3
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00B00064
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!system 75AD804B 5 Bytes JMP 00B00053
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00B0001D
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00B00000
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00B00042
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00B00FE3
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00CA0F98
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00CA0033
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00CA0044
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00CA0F87
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00CA0022
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00CA0011
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00CA0FD1
.text C:\Windows\system32\svchost.exe[1904] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00C50FEF
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00D2001B
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00D20FE5
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00D10F4D
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00D10093
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00D100B8
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00D10F21
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00D10F94
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00D10FE5
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00D10036
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00D10F68
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00D1006E
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00D10FAF
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00D10051
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00D10FC0
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00D10F83
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00D10F06
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00D1001B
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00D10000
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00D10F32
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00DC005A
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!system 75AD804B 5 Bytes JMP 00DC0049
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00DC002E
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00DC000C
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00DC0FD9
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00DC001D
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00DD0040
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00DD0F9E
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00DD0025
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00DD0051
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00DD000A
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00DD0FDE
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00DD0FB9
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2300] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 6B9A9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2300] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 6B9A9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 001A0FEF
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 001A0FD4
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 001A000A
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 0019009B
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 0019008A
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 001900DB
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 001900C0
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00190F84
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00190014
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00190FC3
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00190079
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 0019005E
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00190FB2
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00190FA1
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00190039
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00190F69
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00190F29
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00190FD4
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00190FE5
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00190F3A
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 002C0F8B
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!system 75AD804B 5 Bytes JMP 002C0FA6
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 002C0FD2
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_open 75ADD106 5 Bytes JMP 002C0FEF
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 002C0FC1
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 002C0000
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 002E0FA1
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 002E0FC3
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 002E0000
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 002E0FB2
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 002E005E
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 002E0FE5
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 002E001B
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 002E0FD4
.text C:\Windows\System32\svchost.exe[2556] WS2_32.dll!socket 75C836D1 5 Bytes JMP 002D0FE5
.text C:\Windows\System32\svchost.exe[3052] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 000B0000
.text C:\Windows\System32\svchost.exe[3052] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 000B001B
.text C:\Windows\System32\svchost.exe[3052] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 000B0FE5
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 000A0F57
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 000A0F68
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 000A0F10
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 000A0F2B
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 000A0F97
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 000A0FDE
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 000A002F
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 000A009D
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 000A0FA8
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 000A0054
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 000A0065
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 000A0FC3
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 000A008C
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 000A0EFF
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 000A0014
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 000A0F3C
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00100047
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!system 75AD804B 5 Bytes JMP 00100FB2
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00100FD4
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00100FC3
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 0010000C
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00120F80
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00120FA5
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00120000
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 0012002C
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00120047
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00120FDB
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00120011
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00120FC0
.text C:\Windows\System32\svchost.exe[3052] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 009C0000
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 009C0022
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 009C0011
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 009A009D
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 009A0F57
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 009A0F06
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 009A0F17
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 009A0056
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 009A0FB9
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 009A0078
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 009A0F7C
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 009A002F
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 009A0F8D
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 009A0FA8
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 009A0067
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 009A00AE
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 009A0FCA
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 009A0FE5
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 009A0F32
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 009D001D
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!system 75AD804B 5 Bytes JMP 009D0F9C
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 009D000C
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_open 75ADD106 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 009D0FAD
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 009D0FD2
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 009F0FA5
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 009F0036
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 009F0047
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 009F0F94
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 009F0025
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\svchost.exe[3064] WS2_32.dll!socket 75C836D1 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[3260] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[3260] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008E002F
.text C:\Windows\system32\svchost.exe[3260] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00860F54
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 0086009A
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00860F21
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00860F32
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00860067
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 0086001B
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00860089
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00860F8D
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00860FAF
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00860F9E
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00860036
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00860078
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00860F10
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00860FD4
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00860F43
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 008F0FB9
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!system 75AD804B 5 Bytes JMP 008F0044
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_open 75ADD106 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 008F0029
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00CA0036
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00CA0F9E
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00CA0FE5
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00CA0025
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00CA0F79
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00CA0FCA
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00CA0FAF
.text C:\Windows\system32\svchost.exe[3260] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00060FDB
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00050F52
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00050F6D
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00050F41
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 000500CE
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00050073
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00050F7E
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00050FA5
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00050062
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00050FC0
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 0005008E
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 000500F3
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 000500B3
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00070FAB
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!system 75AD804B 5 Bytes JMP 00070FBC
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00070FD7
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00070022
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00070011
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00080F8A
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00080FAF
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 0008002C
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00080F79
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 0008000A
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 0008001B
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
Hoffe es ist alles richtig! DANKE! Für alles schon jetzt!! Gruss Celzwei |
|
26.10.2010, 19:44
| #7 |
| | Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-26 20:26:38
Windows 6.0.6002 Service Pack 2
Running: jiqtvthw.exe; Driver: C:\Users\MARCEL~1\AppData\Local\Temp\ufldqpow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x830B9068]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x830B9092]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x830B907E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x830B9054]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 826659D2 5 Bytes JMP 830B9058 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 8282ADA3 5 Bytes JMP 830B9096 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8284A4FA 7 Bytes JMP 830B906C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8284A7BD 5 Bytes JMP 830B9082 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC09340, 0x33F6F7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[236] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 04550000
.text C:\Windows\Explorer.EXE[236] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 04550036
.text C:\Windows\Explorer.EXE[236] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 04550025
.text C:\Windows\Explorer.EXE[236] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 044F0F26
.text C:\Windows\Explorer.EXE[236] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 044F0F37
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 044F0EFA
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 044F0F0B
.text C:\Windows\Explorer.EXE[236] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 044F0F63
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 044F001B
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 044F002C
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 044F0F48
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 044F0F80
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 044F003D
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 044F0F9B
.text C:\Windows\Explorer.EXE[236] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 044F0FC0
.text C:\Windows\Explorer.EXE[236] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 044F0062
.text C:\Windows\Explorer.EXE[236] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 044F00A2
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 044F000A
.text C:\Windows\Explorer.EXE[236] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 044F0FE5
.text C:\Windows\Explorer.EXE[236] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 044F0091
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 045E0039
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 045E0FB2
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 045E0FEF
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 045E0F97
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 045E0054
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 045E0FC3
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 045E0FDE
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 3 Bytes JMP 045E001E
.text C:\Windows\Explorer.EXE[236] ADVAPI32.dll!RegOpenKeyExW + 4 75D27BA5 1 Byte [8E]
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 0457006E
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!system 75AD804B 5 Bytes JMP 04570049
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0457001D
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_open 75ADD106 5 Bytes JMP 04570FEF
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 0457002E
.text C:\Windows\Explorer.EXE[236] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 0457000C
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenA 7659D690 5 Bytes JMP 045F0000
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenW 7659DB09 5 Bytes JMP 045F0011
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenUrlA 7659F3A4 5 Bytes JMP 045F0FD1
.text C:\Windows\Explorer.EXE[236] WININET.dll!InternetOpenUrlW 765E6D5F 5 Bytes JMP 045F0FC0
.text C:\Windows\Explorer.EXE[236] WS2_32.dll!socket 75C836D1 5 Bytes JMP 045D0000
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00800000
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00800036
.text C:\Windows\system32\services.exe[772] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 0080001B
.text C:\Windows\system32\services.exe[772] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 009D0F4B
.text C:\Windows\system32\services.exe[772] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 009D0F66
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 009D0F29
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 009D0F3A
.text C:\Windows\system32\services.exe[772] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 009D0FA3
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 009D0025
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 009D0036
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 009D0F77
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 009D007D
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 009D0FCA
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 009D006C
.text C:\Windows\system32\services.exe[772] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 009D0051
.text C:\Windows\system32\services.exe[772] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 009D0F88
.text C:\Windows\system32\services.exe[772] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 009D00D1
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 009D000A
.text C:\Windows\system32\services.exe[772] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\services.exe[772] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 009D00AC
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 009C006F
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 009C0FD4
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 009C000A
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 009C0FC3
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 009C0FB2
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 009C0FEF
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 009C001B
.text C:\Windows\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 009C004A
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00850F90
.text C:\Windows\system32\services.exe[772] msvcrt.dll!system 75AD804B 5 Bytes JMP 00850FA1
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00850000
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00850FEF
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00850011
.text C:\Windows\system32\services.exe[772] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00850FD2
.text C:\Windows\system32\services.exe[772] WS2_32.dll!socket 75C836D1 5 Bytes JMP 009B0FEF
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 000B0FEF
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 000B0FC3
.text C:\Windows\system32\lsass.exe[784] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 000B0FD4
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00870F37
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 0087007D
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 008700A9
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00870098
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00870F88
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00870036
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00870051
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00870F52
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00870F99
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00870062
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00870FB6
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00870FDB
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00870F63
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00870EED
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 0087001B
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00870000
.text C:\Windows\system32\lsass.exe[784] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00870F26
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00700FA8
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00700025
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00700FEF
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 0070004A
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 0070005B
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 0070000A
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00700FD4
.text C:\Windows\system32\lsass.exe[784] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00700FB9
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 000C0055
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!system 75AD804B 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 000C0029
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_open 75ADD106 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 000C003A
.text C:\Windows\system32\lsass.exe[784] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 000C000C
.text C:\Windows\system32\lsass.exe[784] WS2_32.dll!socket 75C836D1 5 Bytes JMP 000D0000
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00100000
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00100FDB
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00100011
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00840F7C
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 008400C2
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00840F3F
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00840F50
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 0084009D
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00840025
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00840036
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00840F8D
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00840FB9
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00840051
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00840076
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00840FA8
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 008400E7
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 0084000A
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00840F6B
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00110FAB
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!system 75AD804B 5 Bytes JMP 00110036
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0011001B
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00110FC6
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00110FD7
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00830F8A
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00830036
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00830FE5
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00830FA5
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00830051
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 0083001B
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 0083000A
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00830FCA
.text C:\Windows\system32\svchost.exe[980] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00790000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00710000
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00710036
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00710011
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00990076
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00990F30
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 009900B3
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 009900A2
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00990F81
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00990011
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00990036
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00990F4B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 0099005B
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00990FAF
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00990F9E
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00990FC0
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00990F5C
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00990F01
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00990000
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00990FEF
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00990087
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 008A0FB0
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!system 75AD804B 5 Bytes JMP 008A0FC1
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 008A001D
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_open 75ADD106 5 Bytes JMP 008A000C
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 008A0FD2
.text C:\Windows\system32\svchost.exe[1044] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 008A0FE3
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00980FA5
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00980047
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00980000
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00980FB6
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00980062
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00980FDB
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00980011
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 0098002C
.text C:\Windows\system32\svchost.exe[1044] WS2_32.dll!socket 75C836D1 5 Bytes JMP 008F000A
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008A0FCA
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008A0000
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 02000F2F
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 02000F54
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 02000F03
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 02000F14
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 0200007F
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 02000000
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 02000011
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 02000F6F
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 02000F9B
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 0200003D
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 02000058
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 0200002C
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 02000F8A
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 020000AB
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 02000FCA
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 02000FE5
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 02000090
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 008B0F8D
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!system 75AD804B 5 Bytes JMP 008B0018
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 008B0FC3
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_open 75ADD106 5 Bytes JMP 008B0FEF
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 008B0FA8
.text C:\Windows\System32\svchost.exe[1088] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 008B0FDE
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 008D0058
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 008D003D
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 008D000A
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 008D0FB6
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 008D0073
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 008D0FDB
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 008D001B
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 008D002C
.text C:\Windows\System32\svchost.exe[1088] WS2_32.dll!socket 75C836D1 5 Bytes JMP 008C0000
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenA 7659D690 5 Bytes JMP 02010000
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenW 7659DB09 5 Bytes JMP 02010011
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenUrlA 7659F3A4 5 Bytes JMP 02010FDB
.text C:\Windows\System32\svchost.exe[1088] wininet.dll!InternetOpenUrlW 765E6D5F 5 Bytes JMP 02010022
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008F0025
.text C:\Windows\System32\svchost.exe[1200] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00CF00A5
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00CF0F5F
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00CF0F26
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00CF00C7
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00CF0080
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00CF002F
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00CF004A
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00CF0F7A
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00CF0FB2
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00CF0FC3
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00CF0065
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00CF0FD4
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00CF0F95
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00CF0F0B
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00CF0FEF
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00CF000A
.text C:\Windows\System32\svchost.exe[1200] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00CF00B6
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00890FAD
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!system 75AD804B 5 Bytes JMP 00890038
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0089001D
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_open 75ADD106 5 Bytes JMP 0089000C
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00890FBE
.text C:\Windows\System32\svchost.exe[1200] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00890FE3
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00C90F9E
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00C90FAF
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00C9000A
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00C90036
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00C90F8D
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00C9001B
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00C90FEF
.text C:\Windows\System32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00C90FCA
.text C:\Windows\System32\svchost.exe[1200] WS2_32.dll!socket 75C836D1 5 Bytes JMP 008E0FEF
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008F0FE5
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008F001B
.text C:\Windows\System32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008F0000
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00D600DA
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00D600BF
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00D60F5E
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00D60F6F
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00D60093
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00D6002F
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00D60040
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00D600A4
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00D60FB9
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00D6005B
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00D6006C
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00D60FD4
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00D60F94
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00D60110
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00D6000A
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00D60FEF
.text C:\Windows\System32\svchost.exe[1244] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00D600EB
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00910F8B
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!system 75AD804B 5 Bytes JMP 00910FA6
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 0091000C
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00910FEF
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00910FB7
.text C:\Windows\System32\svchost.exe[1244] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00910FDE
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00D50039
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00D50FA8
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00D50FEF
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00D50F97
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00D50F7C
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00D50014
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00D50FDE
.text C:\Windows\System32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00D50FB9
.text C:\Windows\System32\svchost.exe[1244] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00D4000A
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00DE0011
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00DE0FDB
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 011B004C
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 011B0F06
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 011B0ED0
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 011B0EE1
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 011B0F46
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 011B0000
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 011B0FB9
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 011B003B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 011B0F57
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 011B0F83
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 011B0F72
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 011B0F9E
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 011B0F2B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 011B0EB5
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 011B0FD4
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 011B0FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 011B005D
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 0104004E
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!system 75AD804B 5 Bytes JMP 0104003D
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 01040FDE
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_open 75ADD106 5 Bytes JMP 01040FEF
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 01040FCD
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 0104000C
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 01060073
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 01060047
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 01060000
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 01060058
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 01060084
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 0106001B
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 01060FE5
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 0106002C
.text C:\Windows\system32\svchost.exe[1296] WS2_32.dll!socket 75C836D1 5 Bytes JMP 01050FE5
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00140FEF
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00140014
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00140FDE
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00180098
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00180087
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 001800DF
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 001800CE
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00180F77
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00180FCA
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00180FB9
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00180F5C
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00180F9E
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00180040
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 0018005B
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00180025
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 001800FA
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00180FE5
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 001800A9
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00150FB2
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!system 75AD804B 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00150FD4
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00150000
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00150029
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 0017006C
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00170051
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00170FCA
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00170087
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00170036
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 0017001B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[1388] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00160FE5
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00120FD4
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00120000
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 010A00D3
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 010A0F83
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 010A00EE
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 010A0F57
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 010A0093
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 010A0025
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 010A0FD4
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 010A00AE
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 010A0082
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 010A0065
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 010A0FB9
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 010A004A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 010A0FA8
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 010A00FF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 010A000A
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 010A0FEF
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 010A0F72
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00DF005D
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!system 75AD804B 5 Bytes JMP 00DF004C
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00DF0FD2
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00DF0FEF
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00DF0027
.text C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 01010F83
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 01010FAF
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 01010FEF
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 01010F94
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 01010F72
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 01010FD4
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 01010000
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 01010025
.text C:\Windows\system32\svchost.exe[1452] WS2_32.dll!socket 75C836D1 5 Bytes JMP 01000000
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenA 7659D690 5 Bytes JMP 01570FEF
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenW 7659DB09 5 Bytes JMP 0157000A
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenUrlA 7659F3A4 5 Bytes JMP 01570FD4
.text C:\Windows\system32\svchost.exe[1452] WinInet.dll!InternetOpenUrlW 765E6D5F 5 Bytes JMP 01570025
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00D20FDB
.text C:\Windows\system32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00D2001B
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00D10F7C
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00D100B8
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00D1010C
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00D10F6B
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00D10071
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00D10FCA
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00D10025
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00D100A7
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00D10F97
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00D10FB9
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00D10FA8
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00D10036
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00D10082
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00D10F5A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00D1000A
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00D10FEF
.text C:\Windows\system32\svchost.exe[1596] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00D100E7
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00D50FCA
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!system 75AD804B 5 Bytes JMP 00D50055
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00D5003A
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00D5000C
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00D50FE5
.text C:\Windows\system32\svchost.exe[1596] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00D50029
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00DF005B
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00DF0FB9
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00DF0040
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00DF006C
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00DF0FE5
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00DF001B
.text C:\Windows\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00DF0FCA
.text C:\Windows\system32\svchost.exe[1596] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00C20000
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00C2002C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00C20011
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00AF00C2
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00AF0F72
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00AF00EE
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00AF0F61
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00AF006E
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00AF0FB9
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00AF000A
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00AF0F83
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00AF0051
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00AF002C
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00AF0F94
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00AF001B
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00AF0093
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00AF00FF
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00AF0FD4
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00AF0FE5
.text C:\Windows\system32\svchost.exe[1904] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00AF00D3
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00B00064
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!system 75AD804B 5 Bytes JMP 00B00053
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00B0001D
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00B00000
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00B00042
.text C:\Windows\system32\svchost.exe[1904] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00B00FE3
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00CA0F98
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00CA0033
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00CA0044
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00CA0F87
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00CA0022
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00CA0011
.text C:\Windows\system32\svchost.exe[1904] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00CA0FD1
.text C:\Windows\system32\svchost.exe[1904] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00C50FEF
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00D20000
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00D2001B
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00D20FE5
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00D10F4D
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00D10093
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00D100B8
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00D10F21
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00D10F94
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00D10FE5
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00D10036
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00D10F68
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00D1006E
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00D10FAF
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00D10051
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00D10FC0
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00D10F83
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00D10F06
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00D1001B
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00D10000
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00D10F32
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00DC005A
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!system 75AD804B 5 Bytes JMP 00DC0049
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00DC002E
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00DC000C
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00DC0FD9
.text C:\Windows\system32\svchost.exe[2212] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00DC001D
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00DD0040
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00DD0F9E
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00DD0025
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00DD0051
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00DD000A
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00DD0FDE
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00DD0FB9
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2300] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 6B9A9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2300] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 6B9A9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 001A0FEF
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 001A0FD4
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 001A000A
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 0019009B
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 0019008A
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 001900DB
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 001900C0
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00190F84
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00190014
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00190FC3
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00190079
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 0019005E
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00190FB2
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00190FA1
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00190039
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00190F69
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00190F29
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00190FD4
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00190FE5
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00190F3A
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 002C0F8B
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!system 75AD804B 5 Bytes JMP 002C0FA6
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 002C0FD2
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_open 75ADD106 5 Bytes JMP 002C0FEF
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 002C0FC1
.text C:\Windows\System32\svchost.exe[2556] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 002C0000
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 002E0FA1
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 002E0FC3
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 002E0000
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 002E0FB2
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 002E005E
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 002E0FE5
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 002E001B
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 002E0FD4
.text C:\Windows\System32\svchost.exe[2556] WS2_32.dll!socket 75C836D1 5 Bytes JMP 002D0FE5
.text C:\Windows\System32\svchost.exe[3052] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 000B0000
.text C:\Windows\System32\svchost.exe[3052] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 000B001B
.text C:\Windows\System32\svchost.exe[3052] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 000B0FE5
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 000A0F57
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 000A0F68
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 000A0F10
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 000A0F2B
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 000A0F97
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 000A0FDE
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 000A002F
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 000A009D
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 000A0FA8
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 000A0054
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 000A0065
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 000A0FC3
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 000A008C
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 000A0EFF
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 000A0014
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 000A0FEF
.text C:\Windows\System32\svchost.exe[3052] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 000A0F3C
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00100047
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!system 75AD804B 5 Bytes JMP 00100FB2
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00100FD4
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00100FC3
.text C:\Windows\System32\svchost.exe[3052] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 0010000C
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00120F80
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00120FA5
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00120000
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 0012002C
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00120047
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00120FDB
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00120011
.text C:\Windows\System32\svchost.exe[3052] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00120FC0
.text C:\Windows\System32\svchost.exe[3052] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00110000
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 009C0000
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 009C0022
.text C:\Windows\system32\svchost.exe[3064] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 009C0011
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 009A009D
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 009A0F57
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 009A0F06
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 009A0F17
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 009A0056
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 009A0FB9
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 009A000A
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 009A0078
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 009A0F7C
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 009A002F
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 009A0F8D
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 009A0FA8
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 009A0067
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 009A00AE
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 009A0FCA
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 009A0FE5
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 009A0F32
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 009D001D
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!system 75AD804B 5 Bytes JMP 009D0F9C
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 009D000C
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_open 75ADD106 5 Bytes JMP 009D0FEF
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 009D0FAD
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 009D0FD2
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 009F0FA5
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 009F0036
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 009F0047
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 009F0F94
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 009F0025
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 009F0FE5
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\svchost.exe[3064] WS2_32.dll!socket 75C836D1 5 Bytes JMP 009E0FEF
.text C:\Windows\system32\svchost.exe[3260] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 008E0FEF
.text C:\Windows\system32\svchost.exe[3260] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 008E002F
.text C:\Windows\system32\svchost.exe[3260] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00860F54
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 0086009A
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00860F21
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 00860F32
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00860067
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 0086000A
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 0086001B
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00860089
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00860F8D
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00860FAF
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00860F9E
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00860036
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 00860078
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 00860F10
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 00860FD4
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00860FEF
.text C:\Windows\system32\svchost.exe[3260] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 00860F43
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 008F0FB9
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!system 75AD804B 5 Bytes JMP 008F0044
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 008F0FEF
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_open 75ADD106 5 Bytes JMP 008F0000
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 008F0FD4
.text C:\Windows\system32\svchost.exe[3260] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 008F0029
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00CA0036
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00CA0F9E
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00CA0FE5
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 00CA0025
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00CA0F79
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00CA0FCA
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 00CA0000
.text C:\Windows\system32\svchost.exe[3260] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 00CA0FAF
.text C:\Windows\system32\svchost.exe[3260] WS2_32.dll!socket 75C836D1 5 Bytes JMP 00900000
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtCreateFile 774343D4 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtCreateProcess 77434494 5 Bytes JMP 00060FDB
.text C:\Windows\System32\svchost.exe[3408] ntdll.dll!NtProtectVirtualMemory 77434D34 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoW 75E31929 5 Bytes JMP 00050F52
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetStartupInfoA 75E319C9 5 Bytes JMP 00050F6D
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessW 75E31BF3 5 Bytes JMP 00050F41
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateProcessA 75E31C28 5 Bytes JMP 000500CE
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!VirtualProtect 75E31DC3 5 Bytes JMP 00050073
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeA 75E32EF5 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateNamedPipeW 75E35C0C 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreatePipe 75E58E6E 5 Bytes JMP 00050F7E
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExW 75E59109 5 Bytes JMP 00050FA5
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryW 75E59362 5 Bytes JMP 00050062
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryExA 75E594B4 5 Bytes JMP 00050FC0
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!LoadLibraryA 75E594DC 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!VirtualProtectEx 75E5DBDA 5 Bytes JMP 0005008E
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!GetProcAddress 75E7903B 5 Bytes JMP 000500F3
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateFileW 75E7AECB 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!CreateFileA 75E7CE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3408] kernel32.dll!WinExec 75EC5CF7 5 Bytes JMP 000500B3
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wsystem 75AD7F2F 5 Bytes JMP 00070FAB
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!system 75AD804B 5 Bytes JMP 00070FBC
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_creat 75ADBBE1 5 Bytes JMP 00070FD7
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_open 75ADD106 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wcreat 75ADD326 5 Bytes JMP 00070022
.text C:\Windows\System32\svchost.exe[3408] msvcrt.dll!_wopen 75ADD501 5 Bytes JMP 00070011
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExA 75D039AB 5 Bytes JMP 00080F8A
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyA 75D03BA9 5 Bytes JMP 00080FAF
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyA 75D089C7 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyW 75D1391E 5 Bytes JMP 0008002C
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegCreateKeyExW 75D141F1 5 Bytes JMP 00080F79
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExA 75D17C42 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyW 75D1E2B5 5 Bytes JMP 0008000A
.text C:\Windows\System32\svchost.exe[3408] ADVAPI32.dll!RegOpenKeyExW 75D27BA1 5 Bytes JMP 0008001B
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
Hoffe es ist alles richtig! DANKE! Für alles schon jetzt!! Gruss Celzwei |
|
26.10.2010, 22:07
| #8 |
| /// Malwareteam | Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin Schritt 1 Programme deinstallieren Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren. Code:
ATTFilter pdfforge Toolbar v1.1.2
Application Updater
Schritt 2
Code:
ATTFilter :OTL
PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
:files
C:\Programme\Application Updater
:Commands
[purity]
[emptytemp]
Schritt 3 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
|
|
| Themen zu Programme beenden sich von alleine und ich kann machen was ich will ich bekomme keinen Scan hin |
| anleitungen, beenden, falsch, folge, gen, programme, scan, stunde, stunden, suche |
Textbox.
.
Button.
Linear-Darstellung
