| |
| |||||||
Log-Analyse und Auswertung: Trojaner SpyEyeMm-A Befall behoben?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.12.2010, 12:56
| #1 |
| |  Trojaner SpyEyeMm-A Befall behoben? Mein Rechner war offensichtlich von verschiedenen Trojanern etc befallen. Habe eine ganze Weile mit div. Tools verzweifelt versucht, dagegen vorzugehen, bevor ich auf diese Seite gestoßen bin. Habe jetzt alle Scans durchgeführt und die logs gepostet. Hoffe es kann mir jemand sagen, was ich noch tun muss? Möchte auch meine externe Festplatte wieder nutzen, die aber noch verseucht sein kann. Was muss ich beachten? Als Virenscanner läuft derzeit Sophos. Danke für jede Hilfe! Malwarebytes' Anti-Malware 1.50 Malwarebytes Datenbank Version: 5214 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01.12.2010 23:08:58 mbam-log-2010-12-01 (23-08-58).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 168652 Laufzeit: 3 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jdsfjsdijf.exe (Spyware.Passwords.XGen) -> Value: jdsfjsdijf.exe -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jdsfjsdijf.exe (Spyware.Passwords.XGen) -> Value: jdsfjsdijf.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\jdsfjsdijf.exe\jdsfjsdijf.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:27 on 01/12/2010 (Leontes) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-02 08:27:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9320325AS rev.0002SDM1
Running: gmer.exe; Driver: C:\DOKUME~1\Leontes\LOKALE~1\Temp\ugtdapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xA803BFBE]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xA803C114]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xA803C17A]
---- Kernel code sections - GMER 1.0.15 ----
? joytwm.sys Das System kann die angegebene Datei nicht finden. !
init C:\WINXP\system32\drivers\monfilt.sys entry point in "init" section [0xA816F280]
.vmp2 C:\WINXP\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA766269D]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 03FF4BA0 C:\Programme\softonic-de3\tbsoft.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 03FF4D20 C:\Programme\softonic-de3\tbsoft.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DBF4 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136559F C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413654D1 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136553C C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 413653A2 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41365404 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41365602 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 03FF4320 C:\Programme\softonic-de3\tbsoft.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41365466 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 03FF4480 C:\Programme\softonic-de3\tbsoft.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ole32.dll!CoUninitialize 774D133C 5 Bytes JMP 6FA07DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ole32.dll!CoInitializeEx 774D1473 5 Bytes JMP 6FA07D90 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] WININET.dll!InternetReadFile 408C658B 5 Bytes JMP 6FA0AD80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] WININET.dll!InternetQueryDataAvailable 408CBFCB 5 Bytes JMP 6FA0AD60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] WININET.dll!InternetOpenA 408DD6E0 5 Bytes JMP 6FA0AD20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] WININET.dll!InternetOpenUrlA 408DF3F4 5 Bytes JMP 6FA0AD40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[208] ws2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 025B4BA0 C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 025B4D20 C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269B99 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D199 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DBF4 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D469C C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136559F C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 413654D1 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4136553C C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 413653A2 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41365404 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41365602 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 025B4320 C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41365466 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 025B4480 C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ole32.dll!CoCreateInstance 774CF1AC 5 Bytes JMP 4126DC50 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ole32.dll!CoUninitialize 774D133C 5 Bytes JMP 6FA07DE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ole32.dll!CoInitializeEx 774D1473 5 Bytes JMP 6FA07D90 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ole32.dll!OleLoadFromStream 774F981B 5 Bytes JMP 41365920 C:\WINXP\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] WININET.dll!InternetReadFile 408C658B 5 Bytes JMP 6FA0AD80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] WININET.dll!InternetQueryDataAvailable 408CBFCB 5 Bytes JMP 6FA0AD60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] WININET.dll!InternetOpenA 408DD6E0 5 Bytes JMP 6FA0AD20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] WININET.dll!InternetOpenUrlA 408DF3F4 5 Bytes JMP 6FA0AD40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[260] ws2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[316] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[368] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WININET.dll!InternetReadFile 408C658B 5 Bytes JMP 6FA0AD80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WININET.dll!InternetQueryDataAvailable 408CBFCB 5 Bytes JMP 6FA0AD60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WININET.dll!InternetOpenA 408DD6E0 5 Bytes JMP 6FA0AD20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WININET.dll!InternetOpenUrlA 408DF3F4 5 Bytes JMP 6FA0AD40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[632] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1212] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\lsass.exe[1476] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1640] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\system32\svchost.exe[1728] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 6FA0AB20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WININET.dll!InternetReadFile 408C658B 5 Bytes JMP 6FA0AD80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WININET.dll!InternetQueryDataAvailable 408CBFCB 5 Bytes JMP 6FA0AD60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WININET.dll!InternetOpenA 408DD6E0 5 Bytes JMP 6FA0AD20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\System32\svchost.exe[1780] WININET.dll!InternetOpenUrlA 408DF3F4 5 Bytes JMP 6FA0AD40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 7 Bytes JMP 6FA05100 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] ntdll.dll!LdrLoadDll 7C925CD3 5 Bytes JMP 6FA0AD00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 6FA0AA80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 6FA0AC60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 6FA0AC40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 6FA0ABC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 6FA0ABA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 6FA0AB80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6FA0ACE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 6FA0AAA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6FA0B8F0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 6FA0ABE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!ExitThread 7C80C0F8 7 Bytes JMP 6FA0AB00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!GlobalAlloc 7C80FDCD 7 Bytes JMP 6FA0AB60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 6FA0ACA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 6FA0AAE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 6FA0AAC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!ResumeThread 7C8328F7 5 Bytes JMP 6FA0AC00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!GetThreadContext 7C83970D 5 Bytes JMP 6FA0AB40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!WriteFileEx 7C85DCB9 5 Bytes JMP 6FA0ACC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!WinExec 7C862AED 5 Bytes JMP 6FA0AC80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] kernel32.dll!SetThreadContext 7C8641E9 5 Bytes JMP 6FA0AC20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WININET.dll!InternetReadFile 408C658B 5 Bytes JMP 6FA0AD80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WININET.dll!InternetQueryDataAvailable 408CBFCB 5 Bytes JMP 6FA0AD60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WININET.dll!InternetOpenA 408DD6E0 5 Bytes JMP 6FA0AD20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WININET.dll!InternetOpenUrlA 408DF3F4 5 Bytes JMP 6FA0AD40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 6FA0AE20 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!bind 71A14480 5 Bytes JMP 6FA0AE00 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!connect 71A14A07 5 Bytes JMP 6FA0AE40 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!send 71A14C27 5 Bytes JMP 6FA0AEC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!recv 71A1676F 5 Bytes JMP 6FA0AEA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!WSAStartup 71A16A55 7 Bytes JMP 6FA0ADC0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!WSASocketA 71A18B6A 5 Bytes JMP 6FA0ADA0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!listen 71A18CD3 5 Bytes JMP 6FA0AE80 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!getpeername 71A20B68 5 Bytes JMP 6FA0AE60 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINXP\Explorer.EXE[2908] WS2_32.dll!accept 71A21040 5 Bytes JMP 6FA0ADE0 c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\VClone \Device\Scsi\VClone1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- Files - GMER 1.0.15 ----
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP310\A0276295.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP310\A0277295.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP310\A0278295.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP310\A0280430.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP310\A0280458.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP311\A0280952.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP312\A0281245.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP312\A0281524.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP313\A0282279.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP314\A0282569.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP315\A0283788.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP315\A0283799.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP315\A0284805.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP315\A0284826.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP315\A0285304.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP315\A0285574.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP316\A0286127.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP316\A0286433.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP317\A0286729.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP317\A0287006.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP317\A0287282.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP317\A0288180.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP317\A0289144.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP317\A0289158.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP319\A0289740.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP319\A0290740.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP319\A0290753.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP319\A0290777.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{6D444F7E-27F3-4788-AEA5-066386876941}\RP319\A0291831.exe:BAK 22528 bytes executable
---- EOF - GMER 1.0.15 ----
|
|
04.12.2010, 13:01
| #2 |
| | Trojaner SpyEyeMm-A Befall behoben? OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 02.12.2010 08:30:24 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\All Users\Desktop\MFtools Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 12,68 Gb Free Space | 32,47% Space Free | Partition Type: NTFS Drive D: | 156,25 Gb Total Space | 103,52 Gb Free Space | 66,25% Space Free | Partition Type: NTFS Drive E: | 102,78 Gb Total Space | 76,89 Gb Free Space | 74,81% Space Free | Partition Type: NTFS Computer Name: LEO | User Name: Leontes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.01 23:26:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools\OTL.exe PRC - [2010.12.01 23:10:34 | 000,017,408 | ---- | M] () -- C:\WINXP\system32\rpcnetp.exe PRC - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.06.02 21:03:57 | 000,172,032 | ---- | M] (Sophos Plc) -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe PRC - [2009.11.16 12:37:34 | 000,080,936 | ---- | M] (Sophos Plc) -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2009.11.14 22:20:15 | 003,054,136 | ---- | M] (ASUS) -- C:\WINXP\AsScrPro.exe PRC - [2009.10.02 22:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.07.10 13:18:25 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Programme\Sophos\AutoUpdate\ALMon.exe PRC - [2009.05.26 23:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe PRC - [2009.03.30 12:04:16 | 000,418,816 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Programme\Elantech\ETDCtrl.exe PRC - [2009.03.20 20:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\HControl.exe PRC - [2009.03.04 10:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009.02.06 16:13:16 | 001,593,344 | ---- | M] () -- C:\Programme\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\WDC.exe PRC - [2008.08.21 13:04:28 | 000,098,304 | ---- | M] (Sophos Plc) -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2008.08.18 11:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2008.08.18 10:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008.08.13 16:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe PRC - [2007.10.25 16:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\IGDCTRL.EXE PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2006.11.13 13:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\wcescomm.exe PRC - [2006.11.13 13:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\rapimgr.exe ========== Modules (SafeList) ========== MOD - [2010.12.01 23:26:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools\OTL.exe MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINXP\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2010.07.13 17:17:29 | 000,083,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll MOD - [2010.04.06 03:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\WMVCore.dll MOD - [2009.10.13 19:06:47 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINXP\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll MOD - [2009.09.29 12:14:13 | 000,195,072 | ---- | M] (Sophos Plc) -- c:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll MOD - [2009.08.03 21:26:31 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\portabledeviceapi.dll MOD - [2009.07.12 00:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINXP\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MOD - [2009.07.11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINXP\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll MOD - [2009.03.30 11:48:14 | 000,245,760 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Programme\Elantech\ETDApix.dll MOD - [2009.02.27 15:41:25 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2009.02.27 11:16:46 | 000,378,200 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.dll MOD - [2008.04.14 13:00:00 | 001,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\msgina.dll MOD - [2008.04.14 13:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\odbc32.dll MOD - [2008.04.14 13:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\netui1.dll MOD - [2008.04.14 13:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\rsaenh.dll MOD - [2008.04.14 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\odbcint.dll MOD - [2008.04.14 13:00:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\netui0.dll MOD - [2008.04.14 13:00:00 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\sti.dll MOD - [2008.04.14 13:00:00 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\shgina.dll MOD - [2008.04.14 13:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\winsta.dll MOD - [2008.04.14 13:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\ntlanman.dll MOD - [2008.04.14 13:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\davclnt.dll MOD - [2008.04.14 13:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\cfgmgr32.dll MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\drprov.dll MOD - [2008.04.14 13:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\netrap.dll MOD - [2007.10.25 09:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\wmasf.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv) SRV - [2010.12.01 23:11:12 | 000,017,408 | ---- | M] () [Unknown | Running] -- C:\WINXP\System32\rpcnetp.dll -- (rpcnetp) SRV - [2010.06.02 21:03:57 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- c:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2009.11.23 15:09:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.11.16 12:37:34 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- c:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.07.16 10:20:06 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.01.13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.21 13:04:28 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- c:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2007.10.25 16:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINXP\System32\Drivers\Pcouffin.sys -- (Pcouffin) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINXP\System32\DRIVERS\mcdbus.sys -- (mcdbus) DRV - File not found [Kernel | On_Demand | Stopped] -- F:\I386\AsProcOb.sys -- (ASUSProcObsrv) DRV - [2010.07.13 17:17:31 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINXP\System32\drivers\adfs.sys -- (adfs) DRV - [2010.06.02 21:03:21 | 000,111,232 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINXP\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl) DRV - [2010.06.02 21:03:03 | 000,038,912 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINXP\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter) DRV - [2010.03.25 21:15:54 | 001,988,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.01.01 18:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.11.12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINXP\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.09 04:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINXP\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009.07.16 10:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\tap0901.sys -- (tap0901) DRV - [2009.05.23 00:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\VClone.sys -- (VClone) DRV - [2009.04.01 14:12:48 | 000,233,128 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009.03.30 15:32:20 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ETD.sys -- (ETD) DRV - [2009.03.20 07:21:28 | 001,057,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.02.13 18:00:02 | 001,503,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\athw.sys -- (AR5416) DRV - [2009.01.13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.12.16 07:12:48 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008.11.03 08:03:28 | 000,013,880 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.08.28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\dne2000.sys -- (DNE) DRV - [2008.08.11 03:14:12 | 001,752,704 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.05.23 08:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINXP\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV - [2008.04.14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.04.07 07:00:46 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CRFILTER.sys -- (CRFILTER) DRV - [2008.02.14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\monfilt.sys -- (monfilt) DRV - [2007.11.14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\vsdatant.sys -- (vsdatant) DRV - [2007.08.03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.08.01 14:51:42 | 000,041,656 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ipswuio.sys -- (ipswuio) DRV - [2007.04.24 10:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) DRV - [2007.04.24 10:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 10:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 10:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 10:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.12.17 16:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2004.11.29 19:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINXP\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2004.11.25 17:41:08 | 000,046,080 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINXP\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004.10.28 11:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINXP\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.05.27 18:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\ASUS\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5) DRV - [2002.09.16 16:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINXP\System32\drivers\PQNTDRV.sys -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 8C 37 14 D3 90 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.30 22:46:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.30 22:39:36 | 000,000,000 | ---D | M] [2010.12.01 00:46:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leontes\Anwendungsdaten\Mozilla\Extensions [2010.12.01 22:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Leontes\Anwendungsdaten\Mozilla\Firefox\Profiles\yoybwq7v.default\extensions [2010.12.01 00:57:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Leontes\Anwendungsdaten\Mozilla\Firefox\Profiles\yoybwq7v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.19 20:28:08 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Anwendungsdaten\Mozilla\Firefox\Profiles\yoybwq7v.default\searchplugins\conduit.xml [2010.11.30 22:39:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.23 15:04:21 | 000,001,390 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - c:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINXP\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [MsgTranAgt] C:\Programme\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoUpdate Monitor.lnk = C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINXP\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258390626218 (WUWebControl Class) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - c:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINXP\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.11.14 21:14:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: aux - C:\WINXP\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\WINXP\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINXP\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINXP\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3acm - C:\WINXP\System32\ac3acm.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINXP\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\WINXP\System32\lameACM.acm (www) Drivers32: msacm.msadpcm - C:\WINXP\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINXP\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINXP\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINXP\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINXP\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINXP\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINXP\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\WINXP\System32\ff_vfw.dll () Drivers32: VIDC.I420 - C:\WINXP\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINXP\System32\Ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - C:\WINXP\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINXP\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINXP\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINXP\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINXP\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\WINXP\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.XVID - C:\WINXP\System32\xvidvfw.dll () Drivers32: VIDC.YUY2 - C:\WINXP\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YV12 - C:\WINXP\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\WINXP\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\WINXP\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINXP\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINXP\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) ========== Files/Folders - Created Within 30 Days ========== [2010.12.01 23:01:07 | 000,000,000 | ---D | C] -- C:\WINXP\ERDNT [2010.12.01 23:00:02 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.12.01 22:50:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leontes\Anwendungsdaten\PriceGong [2010.12.01 22:48:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools [2010.12.01 20:13:26 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.12.01 20:13:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.12.01 20:13:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\softonic-de3 [2010.12.01 20:13:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\ConduitEngine [2010.12.01 20:13:20 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine [2010.12.01 20:13:15 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3 [2010.12.01 20:12:09 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Leontes\Desktop\windows-kb890830-v3.10.exe [2010.12.01 19:58:52 | 000,000,000 | -H-D | C] -- C:\WINXP\PIF [2010.12.01 08:46:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leontes\Eigene Dateien\Simply Super Software [2010.12.01 08:45:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ztvcabinet.dll [2010.12.01 08:44:59 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2010.12.01 08:44:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leontes\Anwendungsdaten\Simply Super Software [2010.12.01 08:44:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2010.12.01 01:25:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys [2010.12.01 01:25:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys [2010.12.01 01:25:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.30 23:23:48 | 000,000,000 | ---D | C] -- C:\WINXP\Gary Grigsby's World at War A World Divided [2010.11.30 22:39:35 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2010.11.15 19:01:33 | 000,000,000 | -H-D | C] -- C:\WINXP\System32\GroupPolicy [2010.11.07 20:25:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Leontes\Eigene Dateien\CEAW [2010.11.07 20:21:28 | 000,000,000 | ---D | C] -- C:\WINXP\Military History Commander - Europe at War GOLD [2010.10.18 16:13:15 | 000,004,096 | ---- | C] ( ) -- C:\WINXP\System32\IGFXDEVLib.dll [2009.11.14 21:53:15 | 000,013,880 | R--- | C] ( ) -- C:\WINXP\System32\drivers\kbfiltr.sys [1 C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.01 23:27:40 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\defogger_reenable [2010.12.01 23:26:14 | 000,288,107 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Gmer.zip [2010.12.01 23:26:14 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\defogger.exe [2010.12.01 23:21:08 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2010.12.01 23:11:12 | 000,017,408 | ---- | M] () -- C:\WINXP\System32\rpcnetp.dll [2010.12.01 23:10:51 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2010.12.01 23:10:39 | 2110,873,600 | -HS- | M] () -- C:\hiberfil.sys [2010.12.01 23:10:34 | 000,017,408 | ---- | M] () -- C:\WINXP\System32\rpcnetp.exe [2010.12.01 23:00:05 | 000,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\NTREGOPT.lnk [2010.12.01 23:00:05 | 000,000,578 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\ERUNT.lnk [2010.12.01 22:58:31 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\WINXP\System32\agremove.exe [2010.12.01 21:22:21 | 000,450,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Stupa-GO.pdf [2010.12.01 20:49:11 | 000,289,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Organisationssatzung_OrgS_2007_12_20.pdf [2010.12.01 20:12:43 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Leontes\Desktop\windows-kb890830-v3.10.exe [2010.12.01 08:45:02 | 000,000,792 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2010.12.01 01:25:30 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.30 23:30:15 | 000,000,737 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\World at War a World Divided (Game Menu).lnk [2010.11.30 23:21:53 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2010.11.30 22:39:38 | 000,001,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.11.30 22:36:22 | 000,470,514 | ---- | M] () -- C:\WINXP\System32\perfh007.dat [2010.11.30 22:36:22 | 000,450,720 | ---- | M] () -- C:\WINXP\System32\perfh009.dat [2010.11.30 22:36:22 | 000,089,164 | ---- | M] () -- C:\WINXP\System32\perfc007.dat [2010.11.30 22:36:22 | 000,074,554 | ---- | M] () -- C:\WINXP\System32\perfc009.dat [2010.11.30 13:46:43 | 000,165,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.30 13:25:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys [2010.11.25 22:31:19 | 000,011,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Eigene Dateien\Amazon Festplatte.xlsx [2010.11.15 19:05:54 | 000,008,254 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2010.11.10 22:53:25 | 000,000,779 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization IV Colonization.lnk [2010.11.10 22:48:30 | 000,000,865 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization 4 - Beyond the Sword.lnk [2010.11.10 22:48:27 | 000,000,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization 4 - Warlords.lnk [2010.11.10 22:48:25 | 000,000,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization 4.lnk [2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\gmer.exe [2010.11.07 20:24:58 | 000,000,939 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Commander - Europe at War Gold spielen.lnk [2010.11.03 23:29:38 | 000,013,141 | ---- | M] () -- C:\Dokumente und Einstellungen\Leontes\Eigene Dateien\3526.xlsx [2010.11.02 15:00:50 | 000,000,295 | ---- | M] () -- C:\WINXP\EReg072.dat [1 C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.01 23:29:58 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\gmer.exe [2010.12.01 23:27:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\defogger_reenable [2010.12.01 23:26:14 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\defogger.exe [2010.12.01 23:26:13 | 000,288,107 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Gmer.zip [2010.12.01 23:11:11 | 000,017,408 | ---- | C] () -- C:\WINXP\System32\rpcnetp.dll [2010.12.01 23:10:34 | 000,017,408 | ---- | C] () -- C:\WINXP\System32\rpcnetp.exe [2010.12.01 23:00:05 | 000,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\NTREGOPT.lnk [2010.12.01 23:00:05 | 000,000,578 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\ERUNT.lnk [2010.12.01 21:22:19 | 000,450,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Stupa-GO.pdf [2010.12.01 20:49:07 | 000,289,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Organisationssatzung_OrgS_2007_12_20.pdf [2010.12.01 08:45:02 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Trojan Remover.lnk [2010.12.01 08:45:00 | 000,162,304 | ---- | C] () -- C:\WINXP\System32\ztvunrar36.dll [2010.12.01 08:45:00 | 000,153,088 | ---- | C] () -- C:\WINXP\System32\UNRAR3.dll [2010.12.01 08:45:00 | 000,077,312 | ---- | C] () -- C:\WINXP\System32\ztvunace26.dll [2010.12.01 08:45:00 | 000,075,264 | ---- | C] () -- C:\WINXP\System32\unacev2.dll [2010.12.01 01:25:30 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.30 23:30:15 | 000,000,737 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\World at War a World Divided (Game Menu).lnk [2010.11.30 22:39:38 | 000,001,572 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.11.25 22:31:19 | 000,011,521 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Eigene Dateien\Amazon Festplatte.xlsx [2010.11.21 23:00:48 | 2110,873,600 | -HS- | C] () -- C:\hiberfil.sys [2010.11.15 19:03:13 | 000,008,254 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2010.11.10 22:53:25 | 000,000,779 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization IV Colonization.lnk [2010.11.10 22:48:30 | 000,000,865 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization 4 - Beyond the Sword.lnk [2010.11.10 22:48:27 | 000,000,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization 4 - Warlords.lnk [2010.11.10 22:48:25 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Sid Meier's Civilization 4.lnk [2010.11.07 20:24:58 | 000,000,939 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Desktop\Commander - Europe at War Gold spielen.lnk [2010.11.03 23:29:38 | 000,013,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Eigene Dateien\3526.xlsx [2010.11.02 15:00:50 | 000,000,295 | ---- | C] () -- C:\WINXP\EReg072.dat [2010.09.13 19:53:22 | 000,000,022 | ---- | C] () -- C:\WINXP\WET.INI [2010.09.08 19:18:20 | 000,940,040 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.07.21 18:20:40 | 000,212,992 | ---- | C] () -- C:\WINXP\System32\WMIMPLEX.dll [2010.07.21 18:20:40 | 000,040,960 | ---- | C] () -- C:\WINXP\System32\maplec.dll [2010.07.21 18:20:40 | 000,020,480 | ---- | C] () -- C:\WINXP\System32\maplecompat.dll [2010.05.05 18:17:01 | 000,000,083 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.03.30 16:43:59 | 000,010,240 | ---- | C] () -- C:\WINXP\System32\vidx16.dll [2010.01.10 17:23:00 | 000,069,632 | R--- | C] () -- C:\WINXP\System32\xmltok.dll [2010.01.10 17:23:00 | 000,036,864 | R--- | C] () -- C:\WINXP\System32\xmlparse.dll [2009.12.27 09:03:20 | 000,002,833 | ---- | C] () -- C:\WINXP\DirPrintOK.ini [2009.11.23 18:22:26 | 000,178,176 | ---- | C] () -- C:\WINXP\System32\unrar.dll [2009.11.23 18:22:26 | 000,000,038 | ---- | C] () -- C:\WINXP\avisplitter.ini [2009.11.23 18:22:25 | 000,881,664 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll [2009.11.23 18:22:25 | 000,205,824 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll [2009.11.23 18:22:23 | 000,085,504 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll [2009.11.19 14:15:49 | 000,165,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.19 14:02:05 | 000,000,416 | ---- | C] () -- C:\WINXP\BRWMARK.INI [2009.11.17 14:29:18 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Leontes\Anwendungsdaten\$_hpcst$.hpc [2009.11.16 17:59:20 | 000,007,168 | ---- | C] () -- C:\WINXP\System32\drivers\StarOpen.sys [2009.11.16 12:29:15 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\diagdll.dll [2009.11.15 23:51:20 | 000,000,024 | ---- | C] () -- C:\WINXP\ATKPF.ini [2009.11.14 22:07:18 | 000,233,128 | R--- | C] () -- C:\WINXP\System32\drivers\SRS_PremiumSound_i386.sys [2009.11.14 22:01:36 | 000,028,672 | R--- | C] () -- C:\WINXP\System32\drivers\sncduvc.sys [2009.11.14 22:01:35 | 001,752,704 | R--- | C] () -- C:\WINXP\System32\drivers\snp2uvc.sys [2009.11.14 03:57:35 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI [2009.01.13 11:29:00 | 000,197,408 | ---- | C] () -- C:\WINXP\System32\vpnapi.dll [2009.01.13 11:28:44 | 000,193,312 | ---- | C] () -- C:\WINXP\System32\CSGina.dll [2008.04.07 07:00:46 | 000,005,120 | ---- | C] () -- C:\WINXP\System32\CRFILTER.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.11.14 21:14:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.11.30 13:25:12 | 000,000,207 | -HS- | M] () -- C:\boot.ini [2008.04.14 13:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2009.11.14 21:14:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010.05.24 12:53:43 | 000,000,997 | ---- | M] () -- C:\demux.log [2010.12.01 23:10:39 | 2110,873,600 | -HS- | M] () -- C:\hiberfil.sys [2009.11.14 21:14:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009.11.14 21:14:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008.04.14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008.04.14 13:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.12.01 23:10:38 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010.10.09 16:35:20 | 000,000,343 | ---- | M] () -- C:\rkill.log [2009.11.14 22:22:36 | 000,000,086 | ---- | M] () -- C:\setup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.04.18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINXP\Fonts\GlobalMonospace.CompositeFont [2006.06.29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINXP\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINXP\Fonts\GlobalSerif.CompositeFont [2006.06.29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINXP\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.11.14 21:13:33 | 000,000,067 | -HS- | M] () -- C:\WINXP\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\msonpppr.dll [2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINXP\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.11.14 04:55:23 | 000,094,208 | ---- | M] () -- C:\WINXP\system32\config\default.sav [2009.11.14 04:55:23 | 001,093,632 | ---- | M] () -- C:\WINXP\system32\config\software.sav [2009.11.14 04:55:23 | 000,462,848 | ---- | M] () -- C:\WINXP\system32\config\system.sav < %systemroot%\system32\user32.dll /md5 > [2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINXP\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2008.04.14 13:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINXP\system32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\explorer.exe [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\system32\dllcache\explorer.exe < MD5 for: WINLOGON.EXE > [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\dllcache\winlogon.exe [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 08:05:18 ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9026FFAC < End of report > |
|
04.12.2010, 13:02
| #3 |
| | Trojaner SpyEyeMm-A Befall behoben? OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 02.12.2010 08:30:24 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\All Users\Desktop\MFtools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 12,68 Gb Free Space | 32,47% Space Free | Partition Type: NTFS
Drive D: | 156,25 Gb Total Space | 103,52 Gb Free Space | 66,25% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 76,89 Gb Free Space | 74,81% Space Free | Partition Type: NTFS
Computer Name: LEO | User Name: Leontes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Verzeichnisinhalt_drucken] -- C:\WINXP\addins\prin.bat "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Spiele\Strategie\Supreme Ruler 2020 Gold\SupremeRuler2020GC.exe" = D:\Spiele\Strategie\Supreme Ruler 2020 Gold\SupremeRuler2020GC.exe:*:Enabled:Supreme Ruler 2020 Gold -- (BattleGoat Studios)
"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- File not found
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"D:\Spiele\Strategie\Elven Legacy\ElvenLegacy.exe" = D:\Spiele\Strategie\Elven Legacy\ElvenLegacy.exe:*:Enabled:Elven Legacy -- (1C:Ino-Co)
"F:\fsetup.exe" = F:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found
"C:\Programme\Alice Software\AliceSetup.exe" = C:\Programme\Alice Software\AliceSetup.exe:LocalSubNet:Enabled:AliceSetup.exe -- File not found
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- File not found
"D:\Spiele\Simulation\AT Evolution\at.exe" = D:\Spiele\Simulation\AT Evolution\at.exe:*:Enabled:Airline Tycoon Evolution -- (Spellbound Entertainment AG)
"C:\WINXP\system32\dplaysvr.exe" = C:\WINXP\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Spiele\Simulation\Siedler IV Gold\Exe\S4_Main.exe" = D:\Spiele\Simulation\Siedler IV Gold\Exe\S4_Main.exe:*:Enabled:S4_Main -- (Blue Byte Software, Inc.)
"D:\Spiele\RPG\Diablo II\Diablo II.exe" = D:\Spiele\RPG\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- File not found
"C:\Programme\1&1\IGDCTRL.EXE" = C:\Programme\1&1\IGDCTRL.EXE:*:Enabled:FRITZ!Box starter - igdctrl.exe -- (AVM Berlin)
"C:\Programme\1&1\FBoxUpd.exe" = C:\Programme\1&1\FBoxUpd.exe:*:Enabled:FRITZ!Box starter - fboxupd.exe -- (AVM Berlin)
"C:\Programme\1&1\WebwaIgd.exe" = C:\Programme\1&1\WebwaIgd.exe:*:Enabled:FRITZ!Box starter - webwaigd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe -- File not found
"D:\Spiele\Strategie\StarCraft II\StarCraft II.exe" = D:\Spiele\Strategie\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\Spiele\Strategie\StarCraft II\Versions\Base15405\SC2.exe" = D:\Spiele\Strategie\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"D:\Spiele\Simulation\Patrizier4\Patrician4.exe" = D:\Spiele\Simulation\Patrizier4\Patrician4.exe:*:Disabled:Patrizier IV -- ()
"D:\Spiele\Strategie\Sins of a Solar Empire\Sins of a Solar Empire.exe" = D:\Spiele\Strategie\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"D:\Spiele\Strategie\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe" = D:\Spiele\Strategie\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:*:Enabled:Sins of a Solar Empire - Entrenchment -- (Ironclad Games)
"D:\Spiele\Strategie\Sins of a Solar Empire\Sins of a Solar Empire Diplomacy.exe" = D:\Spiele\Strategie\Sins of a Solar Empire\Sins of a Solar Empire Diplomacy.exe:*:Enabled:Sins of a Solar Empire - Diplomacy -- (Ironclad Games)
"D:\Spiele\Simulation\Civ4\Civilization4.exe" = D:\Spiele\Simulation\Civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games)
"D:\Spiele\Simulation\Civ4\Warlords\Civ4Warlords.exe" = D:\Spiele\Simulation\Civ4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"D:\Spiele\Simulation\Civ4\Beyond the Sword\Civ4BeyondSword.exe" = D:\Spiele\Simulation\Civ4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games)
"D:\Spiele\Simulation\Colonization\Colonization.exe" = D:\Spiele\Simulation\Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E43D5F-5296-4D53-B303-9D951AFE510F}" = Airline Tycoon Evolution
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier 4
"{27B1B784-67A7-452B-A8FF-467E8ADAA8E9}" = Torchlight German Patch
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40B8C652-42EE-479b-94FC-AEDE7F600D1A}_is1" = Elven Legacy: patch 1.0.9.2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BE5D0D1-468A-4438-8477-D8523EEFB3E6}" = Origin8
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8BCAC8C7-0F4F-4AC0-98C9-D766D8B64B30}" = FLEXnet Server for OriginLab
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.7
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}" = Superpower 2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}" = Heroes of Might and Magic V Collector Edition
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E5CB596C-44A2-498E-8F90-E054A17FD9E4}" = SForce Office Toolkit
"{E7683570-6FD5-4E58-A3B8-719C5B1AE295}" = Application Suite
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{EF581945-BBE9-11D5-A7FE-50275FC10000}" = Capitalism II
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F286EFDF-417F-482E-828C-9A05BF93FCB8}_is1" = Rise of Prussia
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"Activision_CTP2UninstallKey" = Call To Power 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Blitzkrieg Dual Core Patch" = Blitzkrieg Dual Core Patch
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Defcon_is1" = Defcon
"DivX Setup.divx.com" = DivX-Setup
"Elantech" = ETDWare PS/2-x86 7.0.5.2 WHQL
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"F22 Air Dominance Fighter" = F22 Air Dominance Fighter
"Gary Grigsby's World at War A World Divided1.0" = Gary Grigsby's World at War A World Divided
"GoeMobile - Cisco VPN Client" = GoeMobile - Cisco VPN Client 5.0.05.0290
"Impulse" = Impulse
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}" = Superpower 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"Merchant Prince II" = Merchant Prince II
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Military History Commander - Europe at War GOLD1.12" = Military History Commander - Europe at War GOLD
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.46a
"MPE" = MyPhoneExplorer
"OpenVPN" = OpenVPN 2.1_rc19
"Port Royale 2" = Port Royale 2
"PowerISO" = PowerISO
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Runic Games Torchlight" = Torchlight
"S2TNG" = Die Siedler II - Die nächste Generation
"S4Uninst" = Die Siedler IV
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft II" = StarCraft II
"Strategic Command 2 Blitzkrieg & Weapons and War~259533B8_is1" = Strategic Command 2 Blitzkrieg & Weapons and Warfare
"Supreme Ruler 2020 Gold_is1" = Supreme Ruler 2020 Gold 6.6.1
"Sweet Home 3D_is1" = Sweet Home 3D version 2.4
"Trojan Remover_is1" = Trojan Remover 6.8.2
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"VirtualCloneDrive" = VirtualCloneDrive
"WET - The Sexy Empire" = WET - The Sexy Empire
"WinUAE" = WinUAE 2.0.1
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"World War One Gold_is1" = World War One v1.0.8
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.11.2010 13:11:52 | Computer Name = LEO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application gfxui.exe, version 8.15.10.5248, stamp 4babbe78,
faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0,
fault address 0x00097dda.
Error - 30.11.2010 17:19:24 | Computer Name = LEO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung thunderbird.exe, Version 1.8.20100.22820,
fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x517c93a5.
Error - 30.11.2010 18:18:43 | Computer Name = LEO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung IEXPLORE.EXE, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30.11.2010 19:33:31 | Computer Name = LEO | Source = Sophos Anti-Virus | ID = 4915208
Description = Der Versuch, die infizierte Datei 'G:\HATRED\Hatred.exe' zu löschen,
ist fehlgeschlagen. Der Anwender hat keine Rechte, die Maßnahme für die infizierte
Datei auszuführen.
Error - 30.11.2010 19:43:45 | Computer Name = LEO | Source = Sophos Anti-Virus | ID = 2424870
Description = Virus/Spyware 'Troj/ZbotMem-A' wurde aufgrund von Fehlern nicht entfernt.
Error - 01.12.2010 03:46:58 | Computer Name = LEO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rmvtrjan.exe, Version 6.8.2.2595, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x100141de.
Error - 01.12.2010 03:48:11 | Computer Name = LEO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rmvtrjan.exe, Version 6.8.2.2595, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x100141de.
Error - 01.12.2010 03:52:53 | Computer Name = LEO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rmvtrjan.exe, Version 6.8.2.2595, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x100141de.
Error - 01.12.2010 03:53:05 | Computer Name = LEO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung rmvtrjan.exe, Version 6.8.2.2595, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x100141de.
Error - 01.12.2010 17:49:07 | Computer Name = LEO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.17.3, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 01.12.2010 17:51:10 | Computer Name = LEO | Source = Service Control Manager | ID = 7034
Description = Dienst "Sophos Anti-Virus" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.12.2010 17:51:10 | Computer Name = LEO | Source = Service Control Manager | ID = 7034
Description = Dienst "Cisco Systems, Inc. VPN Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 01.12.2010 17:51:10 | Computer Name = LEO | Source = Service Control Manager | ID = 7034
Description = Dienst "AVM IGD CTRL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 01.12.2010 17:51:10 | Computer Name = LEO | Source = Service Control Manager | ID = 7034
Description = Dienst "NMSAccessU" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 01.12.2010 17:51:10 | Computer Name = LEO | Source = Service Control Manager | ID = 7034
Description = Dienst "Sophos Anti-Virus Statusreporter" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 01.12.2010 17:51:10 | Computer Name = LEO | Source = Service Control Manager | ID = 7034
Description = Dienst "Sophos AutoUpdate Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 01.12.2010 17:51:10 | Computer Name = LEO | Source = Service Control Manager | ID = 7034
Description = Dienst "spmgr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 01.12.2010 17:54:52 | Computer Name = LEO | Source = SAVOnAccessFilter | ID = 3997749
Description = Der On-Access-Treiber konnte sich nicht an \Device\ADVirtualDisk\Volume
anhängen, da die IO-Methode nicht unterstützt wird.
Error - 01.12.2010 18:11:20 | Computer Name = LEO | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 01.12.2010 18:11:20 | Computer Name = LEO | Source = SAVOnAccessFilter | ID = 3997749
Description = Der On-Access-Treiber konnte sich nicht an \Device\ADVirtualDisk\Volume
anhängen, da die IO-Methode nicht unterstützt wird.
< End of report >
|
|
| Themen zu Trojaner SpyEyeMm-A Befall behoben? |
| beachten, befall, conduit, durchgeführt, externe, externe festplatte, festplatte, hilfe!, hoffe, ieframe.dll, ntdll.dll, nutze, nutzen, platte, rechner, scanner, seite, spyeyemm-a, tools, troja, trojaner, trojanern, verschiedene, verschiedenen, verseucht, versucht, virenscan, virenscanner |
Linear-Darstellung
