| |
| |||||||
Log-Analyse und Auswertung: FakeAlert!grb eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.05.2011, 13:18
| #16 |
 |  FakeAlert!grb eingefangen Hier das OSAM logfile: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:13:55 on 26.05.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "catchme" (catchme) - ? - C:\Users\ALEXUN~1\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\Windows\System32\Drivers\LBeepKE.sys "Logitech SetPoint HID Mouse Filter Driver" (LHidKe) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LHidKE.Sys "Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech, Inc." - C:\Windows\System32\Drivers\L8042Kbd.sys "Logitech SetPoint Mouse Filter Driver" (LMouKE) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouKE.Sys "McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys "McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {32F66A26-7614-11D4-BD11-00104BD3F987} "MathPlayer Mime Filter Class" - "Design Science, Inc." - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll {32F66A26-7614-11D4-BD11-00104BD3F987} "MathPlayer Mime Filter Class" - "Design Science, Inc." - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll {32F66A26-7614-11D4-BD11-00104BD3F987} "MathPlayer Mime Filter Class" - "Design Science, Inc." - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll {32F66A26-7614-11D4-BD11-00104BD3F987} "MathPlayer Mime Filter Class" - "Design Science, Inc." - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll {32F66A26-7614-11D4-BD11-00104BD3F987} "MathPlayer Mime Filter Class" - "Design Science, Inc." - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6e0c4909-2d5f-49a4-9e4e-41f09409f5f9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {6E0C4909-2D5F-49A4-9E4E-41F09409F5F9} "BackWeb Proactive Portal Pluggable Protocol" - "BackWeb Technologies Inc. " - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\kbcplext.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10q.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Logitech Desktop Messenger.lnk" - "Logitech" - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Shortcut exists | File exists) "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Program Files\WinZip\WZQKPICK.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "LDM" - "Logitech" - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenuEx" - "CANON INC." - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon "IJNetworkScanUtility" - "CANON INC." - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe "InstantOn" - ? - "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe "TVBroadcast" - "ODSoft multimedia" - C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe "TVEService" - "CyberLink Corp." - "C:\Program Files\Home Cinema\TV Enhance\TVEService.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor MG6100 series" - "CANON INC." - C:\Windows\system32\CNMLMAG.DLL "Canon BJ Language Monitor MP510" - "CANON INC." - C:\Windows\system32\CNMLM85.DLL "Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe "McAfee Application Installer Cleanup (0250931306411202)" (0250931306411202mcinstcleanup) - "McAfee, Inc." - C:\Users\ALEXUN~1\AppData\Local\Temp\025093~1.EXE "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe "TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe "Windows Live Family Safety" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Hier das MBRCheck logfile: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: MEDIONPC System Product Name: MS-7318 Logical Drives Mask: 0x000003fc Kernel Drivers (total 149): 0x8261C000 \SystemRoot\system32\ntkrnlpa.exe 0x829D6000 \SystemRoot\system32\hal.dll 0x80405000 \SystemRoot\system32\kdcom.dll 0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8047C000 \SystemRoot\system32\PSHED.dll 0x8048D000 \SystemRoot\system32\BOOTVID.dll 0x80495000 \SystemRoot\system32\CLFS.SYS 0x804D6000 \SystemRoot\system32\CI.dll 0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80692000 \SystemRoot\system32\drivers\acpi.sys 0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E9000 \SystemRoot\system32\drivers\pci.sys 0x80710000 \SystemRoot\System32\drivers\partmgr.sys 0x8071F000 \SystemRoot\system32\drivers\volmgr.sys 0x8072E000 \SystemRoot\System32\drivers\volmgrx.sys 0x80778000 \SystemRoot\system32\DRIVERS\videX32.sys 0x80780000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8078E000 \SystemRoot\System32\drivers\mountmgr.sys 0x8079E000 \SystemRoot\system32\drivers\atapi.sys 0x807A6000 \SystemRoot\system32\drivers\ataport.SYS 0x807C4000 \SystemRoot\system32\drivers\fltmgr.sys 0x805B6000 \SystemRoot\system32\drivers\fileinfo.sys 0x807F6000 \SystemRoot\system32\DRIVERS\xfilt.sys 0x8300E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8307F000 \SystemRoot\system32\drivers\ndis.sys 0x8318A000 \SystemRoot\system32\drivers\msrpc.sys 0x831B5000 \SystemRoot\system32\drivers\NETIO.SYS 0x8320B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8331B000 \SystemRoot\system32\drivers\volsnap.sys 0x83354000 \SystemRoot\system32\DRIVERS\uagp35.sys 0x83365000 \SystemRoot\System32\Drivers\spldr.sys 0x8336D000 \SystemRoot\System32\Drivers\mup.sys 0x8337C000 \SystemRoot\System32\drivers\ecache.sys 0x833A3000 \SystemRoot\system32\drivers\disk.sys 0x833B4000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x833D5000 \SystemRoot\system32\drivers\crcdisk.sys 0x83200000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x831F0000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x805C6000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8CE06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8D602000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D6A2000 \SystemRoot\System32\drivers\watchdog.sys 0x8D6AE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8D6C6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8D6CC000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8D6D7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8D715000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8D724000 \SystemRoot\system32\DRIVERS\fetnd5.sys 0x8D730000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8DA06000 \SystemRoot\system32\DRIVERS\Ph3xIB32.sys 0x8DB1B000 \SystemRoot\system32\DRIVERS\ks.sys 0x8DB45000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x8DB48000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8DB58000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8DB66000 \SystemRoot\system32\DRIVERS\serial.sys 0x8DB80000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8DB8A000 \SystemRoot\system32\DRIVERS\parport.sys 0x8DBA2000 \SystemRoot\System32\Drivers\x10hid.sys 0x8DBA4000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0x8DBB4000 \SystemRoot\System32\Drivers\HIDPARSE.SYS 0x8DBBB000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D7BD000 \SystemRoot\system32\DRIVERS\storport.sys 0x8DBEA000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D5E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8DBF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x805D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8DE07000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8DE16000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8DE2A000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8DE3F000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8DE4F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8DE5A000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8DE65000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8DE67000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8DE71000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8DE7E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8DEB3000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8DEBC000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8E007000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8E19A000 \SystemRoot\system32\drivers\portcls.sys 0x8E1C7000 \SystemRoot\system32\drivers\drmk.sys 0x8E1EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8E1F5000 \SystemRoot\System32\Drivers\Null.SYS 0x8E000000 \SystemRoot\System32\Drivers\Beep.SYS 0x8DEE0000 \SystemRoot\System32\drivers\vga.sys 0x8DEEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8DF0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8DF15000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8DF1D000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8DF28000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8DF36000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8E402000 \SystemRoot\System32\drivers\tcpip.sys 0x8E4EC000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8E507000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8E51D000 \SystemRoot\system32\DRIVERS\smb.sys 0x8E531000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8E563000 \SystemRoot\system32\drivers\afd.sys 0x8E5AB000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8E5C1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8E5CF000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DF3F000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8E5E2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8DF7B000 \SystemRoot\System32\Drivers\dfsc.sys 0x8DF92000 \SystemRoot\System32\Drivers\fastfat.SYS 0x8E5EC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8DFCF000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8E5EE000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8E5F7000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x8DFE6000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8DFEE000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x8F466000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F473000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8F47E000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x96080000 \SystemRoot\System32\win32k.sys 0x8F486000 \SystemRoot\System32\drivers\Dxapi.sys 0x8F490000 \SystemRoot\system32\DRIVERS\monitor.sys 0x962A0000 \SystemRoot\System32\TSDDD.dll 0x962C0000 \SystemRoot\System32\cdd.dll 0x8F49F000 \SystemRoot\system32\drivers\luafv.sys 0x8F4C2000 \SystemRoot\system32\drivers\spsys.sys 0x8F572000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8F582000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8F5AC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8F5B6000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9DC01000 \SystemRoot\system32\drivers\HTTP.sys 0x9DC6E000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9DC8B000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9DCA4000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9DCB9000 \SystemRoot\system32\drivers\mrxdav.sys 0x9DCDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9DCF9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9DD32000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9DD4A000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9DD72000 \SystemRoot\System32\DRIVERS\srv.sys 0x9DDC1000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x9DDC8000 \SystemRoot\System32\Drivers\LBeepKE.sys 0x9FC0C000 \SystemRoot\system32\drivers\peauth.sys 0x9FCEA000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9FCF4000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9FD27000 \SystemRoot\system32\drivers\MSPQM.sys 0x9FD29000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x9FDDB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x9FD3F000 \SystemRoot\system32\DRIVERS\netr73.sys 0x9FD95000 \SystemRoot\System32\Drivers\x10ufx2.sys 0x9FD9F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x9FDB4000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x777B0000 \Windows\System32\ntdll.dll Processes (total 84): 0 System Idle Process 4 System 488 C:\Windows\System32\smss.exe 576 csrss.exe 628 C:\Windows\System32\wininit.exe 640 csrss.exe 672 C:\Windows\System32\services.exe 684 C:\Windows\System32\lsass.exe 692 C:\Windows\System32\lsm.exe 828 C:\Windows\System32\winlogon.exe 908 C:\Windows\System32\svchost.exe 968 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\svchost.exe 1056 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\svchost.exe 1100 C:\Windows\System32\svchost.exe 1224 C:\Windows\System32\audiodg.exe 1292 C:\Windows\System32\svchost.exe 1316 C:\Windows\System32\SLsvc.exe 1364 C:\Windows\System32\svchost.exe 1512 C:\Windows\System32\svchost.exe 1808 C:\Windows\System32\spoolsv.exe 1832 C:\Windows\System32\svchost.exe 1908 C:\Windows\System32\taskeng.exe 2024 C:\Windows\System32\taskeng.exe 916 C:\Windows\System32\dwm.exe 1504 C:\Windows\explorer.exe 124 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 892 C:\Program Files\Bonjour\mDNSResponder.exe 1844 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2108 C:\Windows\System32\svchost.exe 2148 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2176 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2360 C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe 2412 C:\Windows\System32\svchost.exe 2440 C:\Users\ALEXUN~1\AppData\Local\temp\MozyUninstaller.exe 2488 C:\Users\Alex und Ramona\AppData\Local\temp\MOBCleanup.exe 2528 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2756 C:\Windows\System32\SearchIndexer.exe 2924 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 3212 C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe 3304 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3852 C:\Program Files\Home Cinema\TV Enhance\TVEService.exe 3876 C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe 3984 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4024 C:\Windows\RtHDVCpl.exe 4040 C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe 4056 C:\Program Files\QuickTime\QTTask.exe 4084 C:\Windows\System32\rundll32.exe 2212 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe 2256 C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE 1184 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 2520 C:\Program Files\CyberLink\Shared Files\brs.exe 2168 C:\Program Files\Windows Media Player\wmpnscfg.exe 1856 C:\Program Files\iTunes\iTunesHelper.exe 2584 C:\Program Files\Windows Sidebar\sidebar.exe 1196 C:\Windows\ehome\ehtray.exe 1896 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 2548 C:\Program Files\Logitech\SetPoint\SetPoint.exe 2128 C:\Program Files\WinZip\WZQKPICK.EXE 2656 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 3496 C:\Windows\System32\svchost.exe 2700 C:\Windows\System32\rundll32.exe 3588 C:\Windows\ehome\ehmsas.exe 3156 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe 3596 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 1272 C:\Program Files\Windows Sidebar\sidebar.exe 3276 C:\Program Files\iPod\bin\iPodService.exe 3124 C:\Windows\ehome\ehsched.exe 1644 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 3736 C:\Windows\System32\svchost.exe 2604 C:\Windows\ehome\ehrecvr.exe 4256 C:\Program Files\Windows Media Player\wmpnetwk.exe 4812 WUDFHost.exe 5976 C:\Windows\servicing\TrustedInstaller.exe 3952 C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe 676 taskeng.exe 416 C:\Program Files\Internet Explorer\iexplore.exe 4520 C:\Program Files\Internet Explorer\iexplore.exe 2620 C:\Program Files\Windows Live\Toolbar\wltuser.exe 5616 <unknown> 5652 <unknown> 5468 C:\Users\Alex und Ramona\Desktop\MBRCheck.exe 4652 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`5a20c000 (FAT32) \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAC PhysicalDrive1 Model Number: ST3640323AS, Rev: SD33 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: A88E127CF5BB4B9E582CCDE395ED5486CF492C7C 596 GB \\.\PhysicalDrive1 Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
|
26.05.2011, 13:38
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | FakeAlert!grb eingefangenZitat:
Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ |
|
26.05.2011, 20:42
| #18 |
| | FakeAlert!grb eingefangen Hallo Arne,
__________________hier das neue MBRCheck Logfile nach dem Fix: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: MEDIONPC System Product Name: MS-7318 Logical Drives Mask: 0x000003fc Kernel Drivers (total 161): 0x82652000 \SystemRoot\system32\ntkrnlpa.exe 0x8261F000 \SystemRoot\system32\hal.dll 0x8040F000 \SystemRoot\system32\kdcom.dll 0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80486000 \SystemRoot\system32\PSHED.dll 0x80497000 \SystemRoot\system32\BOOTVID.dll 0x8049F000 \SystemRoot\system32\CLFS.SYS 0x804E0000 \SystemRoot\system32\CI.dll 0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068B000 \SystemRoot\system32\drivers\acpi.sys 0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E2000 \SystemRoot\system32\drivers\pci.sys 0x80709000 \SystemRoot\System32\drivers\partmgr.sys 0x80718000 \SystemRoot\system32\drivers\volmgr.sys 0x80727000 \SystemRoot\System32\drivers\volmgrx.sys 0x80771000 \SystemRoot\system32\DRIVERS\videX32.sys 0x80779000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x80787000 \SystemRoot\System32\drivers\mountmgr.sys 0x80797000 \SystemRoot\system32\drivers\atapi.sys 0x8079F000 \SystemRoot\system32\drivers\ataport.SYS 0x807BD000 \SystemRoot\system32\drivers\fltmgr.sys 0x807EF000 \SystemRoot\system32\drivers\fileinfo.sys 0x8300F000 \SystemRoot\system32\drivers\mfehidk.sys 0x8307D000 \SystemRoot\system32\DRIVERS\xfilt.sys 0x83086000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8320A000 \SystemRoot\system32\drivers\ndis.sys 0x83315000 \SystemRoot\system32\drivers\msrpc.sys 0x83340000 \SystemRoot\system32\drivers\NETIO.SYS 0x8840C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8851C000 \SystemRoot\system32\drivers\volsnap.sys 0x88555000 \SystemRoot\system32\DRIVERS\uagp35.sys 0x88566000 \SystemRoot\System32\Drivers\spldr.sys 0x8856E000 \SystemRoot\System32\Drivers\mup.sys 0x8857D000 \SystemRoot\System32\drivers\ecache.sys 0x885A4000 \SystemRoot\system32\drivers\disk.sys 0x885B5000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x885D6000 \SystemRoot\system32\drivers\crcdisk.sys 0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8337B000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x83384000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8BA0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x830F7000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8C1E8000 \SystemRoot\System32\drivers\watchdog.sys 0x83393000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8C1F4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8BA00000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x833AB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x833E9000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x83197000 \SystemRoot\system32\DRIVERS\fetnd5.sys 0x8C40A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8C497000 \SystemRoot\system32\DRIVERS\Ph3xIB32.sys 0x8C5AC000 \SystemRoot\system32\DRIVERS\ks.sys 0x8C5D6000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x8C5D9000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8C5E9000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x831A3000 \SystemRoot\system32\DRIVERS\serial.sys 0x8C400000 \SystemRoot\system32\DRIVERS\serenum.sys 0x831BD000 \SystemRoot\system32\DRIVERS\parport.sys 0x831D5000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8C5F7000 \SystemRoot\System32\Drivers\L8042Kbd.sys 0x831E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8C5FB000 \SystemRoot\System32\Drivers\x10hid.sys 0x805C0000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0x833F8000 \SystemRoot\System32\Drivers\HIDPARSE.SYS 0x805D0000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8C80A000 \SystemRoot\system32\DRIVERS\storport.sys 0x8C84B000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8C856000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8C86D000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8C878000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8C89B000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8C8AA000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8C8BE000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8C8D3000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8C8E3000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8C8EE000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8C8F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8C8FA000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8C907000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8C93C000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8C945000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8CC02000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8CD95000 \SystemRoot\system32\drivers\portcls.sys 0x8CDC2000 \SystemRoot\system32\drivers\drmk.sys 0x8CDE7000 \SystemRoot\system32\DRIVERS\MOBK.sys 0x8C956000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8C95F000 \SystemRoot\System32\Drivers\Null.SYS 0x8C966000 \SystemRoot\System32\Drivers\Beep.SYS 0x8C96D000 \SystemRoot\System32\drivers\vga.sys 0x8C979000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8C99A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8C9A2000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8C9AA000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C9B5000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8C9C3000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8D00D000 \SystemRoot\System32\drivers\tcpip.sys 0x8D0F7000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8D112000 \SystemRoot\system32\drivers\mfewfpk.sys 0x8D139000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8D14F000 \SystemRoot\system32\DRIVERS\smb.sys 0x8D163000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8D195000 \SystemRoot\system32\drivers\afd.sys 0x8D1DD000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8C9CC000 \SystemRoot\system32\DRIVERS\mfenlfk.sys 0x8C9DB000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8C9E9000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8D205000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8D241000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8D24B000 \SystemRoot\System32\Drivers\dfsc.sys 0x8D262000 \SystemRoot\system32\drivers\mfeavfk.sys 0x8D28C000 \SystemRoot\system32\drivers\mfefirek.sys 0x8D2DD000 \SystemRoot\System32\Drivers\fastfat.SYS 0x8D305000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x8D31A000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8D31C000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8D333000 \SystemRoot\system32\DRIVERS\netr73.sys 0x8D389000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8D392000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x8D399000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8D3A1000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x8D3A9000 \SystemRoot\System32\Drivers\x10ufx2.sys 0x8D3B3000 \SystemRoot\system32\DRIVERS\udfs.sys 0x8D3EE000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8D1F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8D000000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x96290000 \SystemRoot\System32\win32k.sys 0x8C800000 \SystemRoot\System32\drivers\Dxapi.sys 0x885DF000 \SystemRoot\system32\DRIVERS\monitor.sys 0x964B0000 \SystemRoot\System32\TSDDD.dll 0x964D0000 \SystemRoot\System32\cdd.dll 0x9A007000 \SystemRoot\system32\drivers\luafv.sys 0x9A02A000 \SystemRoot\system32\drivers\spsys.sys 0x9A0DA000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9A0EA000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9A114000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9A11E000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9A131000 \SystemRoot\system32\drivers\HTTP.sys 0x9A19E000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9A1BB000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9A1D4000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9D605000 \SystemRoot\system32\drivers\mrxdav.sys 0x9D626000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9D645000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9D67E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D696000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D6BE000 \SystemRoot\System32\DRIVERS\srv.sys 0x9D70D000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x9D714000 \SystemRoot\System32\Drivers\LBeepKE.sys 0x9D715000 \SystemRoot\system32\drivers\peauth.sys 0x9D7F3000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9A1E9000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA7608000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA761D000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA7659000 \SystemRoot\system32\drivers\MSPQM.sys 0xA765B000 \SystemRoot\system32\drivers\mfeapfk.sys 0xA7677000 \SystemRoot\system32\drivers\mfebopk.sys 0xA7684000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA769A000 \SystemRoot\system32\drivers\cfwids.sys 0x77500000 \Windows\System32\ntdll.dll Processes (total 86): 0 System Idle Process 4 System 500 C:\Windows\System32\smss.exe 580 csrss.exe 632 C:\Windows\System32\wininit.exe 644 csrss.exe 676 C:\Windows\System32\services.exe 688 C:\Windows\System32\lsass.exe 696 C:\Windows\System32\lsm.exe 808 C:\Windows\System32\winlogon.exe 884 C:\Windows\System32\svchost.exe 944 C:\Windows\System32\svchost.exe 1044 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\svchost.exe 1172 C:\Windows\System32\audiodg.exe 1192 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\SLsvc.exe 1260 C:\Windows\System32\svchost.exe 1424 C:\Windows\System32\svchost.exe 1760 C:\Windows\System32\spoolsv.exe 1788 C:\Windows\System32\svchost.exe 1912 C:\Windows\System32\taskeng.exe 244 C:\Windows\System32\taskeng.exe 356 C:\Windows\System32\dwm.exe 784 C:\Windows\explorer.exe 624 C:\Program Files\Home Cinema\TV Enhance\TVEService.exe 1920 C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe 1924 C:\Program Files\Common Files\Java\Java Update\jusched.exe 588 C:\Windows\RtHDVCpl.exe 1384 C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe 1540 C:\Program Files\QuickTime\QTTask.exe 2064 C:\Windows\System32\rundll32.exe 2164 C:\Windows\System32\rundll32.exe 2184 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe 2192 C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE 2200 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 2208 C:\Program Files\CyberLink\Shared Files\brs.exe 2320 C:\Program Files\iTunes\iTunesHelper.exe 2332 C:\Program Files\McAfee.com\Agent\mcagent.exe 2340 C:\Program Files\Windows Sidebar\sidebar.exe 2360 C:\Windows\ehome\ehtray.exe 2368 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 2376 C:\Program Files\Windows Media Player\wmpnscfg.exe 2404 C:\Program Files\Logitech\SetPoint\SetPoint.exe 2420 C:\Program Files\WinZip\WZQKPICK.EXE 2432 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 2548 C:\Windows\ehome\ehmsas.exe 2572 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 2688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2724 C:\Program Files\Bonjour\mDNSResponder.exe 2764 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2828 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 2920 C:\Windows\System32\mfevtps.exe 2968 C:\Windows\System32\svchost.exe 2980 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2992 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 3040 C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe 3104 C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe 3124 C:\Windows\System32\svchost.exe 3204 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe 3688 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 3704 C:\Windows\System32\SearchIndexer.exe 3748 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 3784 C:\Windows\System32\rundll32.exe 3828 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe 3928 WUDFHost.exe 3972 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe 4020 C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe 1628 C:\Program Files\Windows Media Player\wmpnetwk.exe 2352 C:\Windows\System32\mobsync.exe 2932 WmiPrvSE.exe 3356 C:\Windows\ehome\ehsched.exe 540 C:\Windows\System32\svchost.exe 2108 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 876 C:\Windows\System32\svchost.exe 4140 C:\Program Files\iPod\bin\iPodService.exe 4820 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 5316 C:\Windows\ehome\ehrecvr.exe 5688 C:\Program Files\McAfee Online Backup\MOBKbackup.exe 5436 C:\Program Files\McAfee Online Backup\MOBKbackup.exe 5636 C:\Windows\System32\VSSVC.exe 4268 C:\Windows\servicing\TrustedInstaller.exe 6060 <unknown> 2964 C:\Users\Alex und Ramona\Desktop\MBRCheck.exe 3800 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000043`5a20c000 (FAT32) \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AAC PhysicalDrive1 Model Number: ST3640323AS, Rev: SD33 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 596 GB \\.\PhysicalDrive1 Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
|
26.05.2011, 20:53
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!grb eingefangen Sieht besser aus. Laufwerk E: ist eine Datenplatte? Externe Platte? Betriebssystem nur auf C:, nichts auf dieser Platte?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.05.2011, 21:02
| #20 |
| | FakeAlert!grb eingefangen Hallo Arne, Ja, E ist eine externe Festplatte mit Musikdateien etc. Betriebssystem nur auf C. GMER läuft gerade. Poste das Logfile sobald der Scan abgeschlossen ist. Gruss Alex |
|
26.05.2011, 23:19
| #21 |
| | FakeAlert!grb eingefangen Nachdem GMER häufig abgestürzt ist, habe ich den Scan auf 2 Teile aufgeteilt. Als erstes alles gescant ohne "files" und beim 2. Scan nur die "files" auf C,D,E. Beim letzteren kam am Ende des Scans folgende Meldung: "GMER hasn´t found any system modification" Hier das Logfile vom 1. Teil ohne "files": GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-26 21:51:17
Windows 6.0.6002 Service Pack 2
Running: gy4hg8kw.exe; Driver: C:\Users\ALEXUN~1\AppData\Local\Temp\agdcqpod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8304ED48]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8304ED72]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8304ED5E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8304ED34]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 8267D982 5 Bytes JMP 8304ED38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 828430D3 5 Bytes JMP 8304ED76 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 8286282A 7 Bytes JMP 8304ED4C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82862AED 5 Bytes JMP 8304ED62 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BA0E340, 0x39B137, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[540] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 00C70000
.text C:\Windows\system32\svchost.exe[540] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00C7001B
.text C:\Windows\system32\svchost.exe[540] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 00C70FE5
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 008C00D3
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 008C0F83
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 008C00FF
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 008C00E4
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 008C0078
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 008C0FCA
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 008C00A4
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 008C0F94
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 008C0051
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 008C0FAF
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 008C0036
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 008C0089
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 008C0F43
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[540] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 008C0F68
.text C:\Windows\system32\svchost.exe[540] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 008B0FA8
.text C:\Windows\system32\svchost.exe[540] msvcrt.dll!system 75E9804B 5 Bytes JMP 008B0FC3
.text C:\Windows\system32\svchost.exe[540] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 008B0FDE
.text C:\Windows\system32\svchost.exe[540] msvcrt.dll!_open 75E9D106 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[540] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 008B0033
.text C:\Windows\system32\svchost.exe[540] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 008B000C
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00C6001B
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00C60F94
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00C60FEF
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00C60F83
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00C60F5E
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00C60FCA
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00C60000
.text C:\Windows\system32\svchost.exe[540] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00C60FAF
.text C:\Windows\system32\svchost.exe[540] WS2_32.dll!socket 776836D1 5 Bytes JMP 00C80000
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 002E0000
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 002E0FD4
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 002E0FE5
.text C:\Windows\system32\services.exe[676] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 002D00D3
.text C:\Windows\system32\services.exe[676] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 002D00C2
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 002D0110
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 002D00FF
.text C:\Windows\system32\services.exe[676] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 002D0FA1
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 002D0FD4
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 002D0FC3
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 002D00B1
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 002D006F
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 002D0FB2
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 002D005E
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 002D0039
.text C:\Windows\system32\services.exe[676] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 002D00A0
.text C:\Windows\system32\services.exe[676] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 002D0121
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 002D0FE5
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 002D0000
.text C:\Windows\system32\services.exe[676] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 002D00E4
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00800F79
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00800F9E
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00800FEF
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00800025
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00800040
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00800000
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00800FD4
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00800FAF
.text C:\Windows\system32\services.exe[676] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 007F0FB9
.text C:\Windows\system32\services.exe[676] msvcrt.dll!system 75E9804B 5 Bytes JMP 007F0044
.text C:\Windows\system32\services.exe[676] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 007F0033
.text C:\Windows\system32\services.exe[676] msvcrt.dll!_open 75E9D106 5 Bytes JMP 007F0000
.text C:\Windows\system32\services.exe[676] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 007F0FDE
.text C:\Windows\system32\services.exe[676] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 007F0FEF
.text C:\Windows\system32\services.exe[676] WS2_32.dll!socket 776836D1 5 Bytes JMP 00850000
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 00A00000
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00A00FE5
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 00A00011
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00360F52
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 0036008E
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00360F2D
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 003600CE
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00360F81
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 0036001B
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00360FCA
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 0036007D
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 00360F92
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 00360051
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 00360FAF
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 00360036
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 0036006C
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 003600DF
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 00360FE5
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 00360000
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 003600B3
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00A20F8D
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00A20FA8
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00A20FEF
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00A2002F
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00A20F7C
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00A20FB9
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00A20FD4
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00A2000A
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 00A1005A
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!system 75E9804B 5 Bytes JMP 00A10049
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 00A1002E
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_open 75E9D106 5 Bytes JMP 00A10000
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 00A10FCF
.text C:\Windows\system32\lsass.exe[688] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 00A10011
.text C:\Windows\system32\lsass.exe[688] WS2_32.dll!socket 776836D1 5 Bytes JMP 00A30FEF
.text C:\Windows\Explorer.EXE[784] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 06E8000A
.text C:\Windows\Explorer.EXE[784] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 06E80036
.text C:\Windows\Explorer.EXE[784] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 06E80025
.text C:\Windows\Explorer.EXE[784] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 06E50087
.text C:\Windows\Explorer.EXE[784] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 06E50076
.text C:\Windows\Explorer.EXE[784] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 06E500CE
.text C:\Windows\Explorer.EXE[784] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 06E500B3
.text C:\Windows\Explorer.EXE[784] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 06E50F70
.text C:\Windows\Explorer.EXE[784] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 06E5000A
.text C:\Windows\Explorer.EXE[784] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 06E50025
.text C:\Windows\Explorer.EXE[784] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 06E50F4B
.text C:\Windows\Explorer.EXE[784] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 06E50F8D
.text C:\Windows\Explorer.EXE[784] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 06E50FAF
.text C:\Windows\Explorer.EXE[784] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 06E50F9E
.text C:\Windows\Explorer.EXE[784] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 06E50040
.text C:\Windows\Explorer.EXE[784] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 06E5005B
.text C:\Windows\Explorer.EXE[784] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 06E50F1C
.text C:\Windows\Explorer.EXE[784] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 06E50FD4
.text C:\Windows\Explorer.EXE[784] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 06E50FEF
.text C:\Windows\Explorer.EXE[784] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 06E50098
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 06E70065
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 06E70039
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 06E7000A
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 06E7004A
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 06E70076
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 06E70FDE
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 06E70FEF
.text C:\Windows\Explorer.EXE[784] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 06E70FC3
.text C:\Windows\Explorer.EXE[784] msvcrt.dll!_wsystem 75E97F2F 1 Byte [E9]
.text C:\Windows\Explorer.EXE[784] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 06E90033
.text C:\Windows\Explorer.EXE[784] msvcrt.dll!system 75E9804B 5 Bytes JMP 06E90FB2
.text C:\Windows\Explorer.EXE[784] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 06E90FDE
.text C:\Windows\Explorer.EXE[784] msvcrt.dll!_open 75E9D106 5 Bytes JMP 06E90000
.text C:\Windows\Explorer.EXE[784] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 06E90FC3
.text C:\Windows\Explorer.EXE[784] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 06E90FEF
.text C:\Windows\Explorer.EXE[784] WS2_32.dll!socket 776836D1 5 Bytes JMP 06EA0000
.text C:\Windows\Explorer.EXE[784] WININET.dll!InternetOpenA 770D4E2B 5 Bytes JMP 06E60FEF
.text C:\Windows\Explorer.EXE[784] WININET.dll!InternetOpenUrlA 770DBFCE 5 Bytes JMP 06E60FB9
.text C:\Windows\Explorer.EXE[784] WININET.dll!InternetOpenW 7710C03E 5 Bytes JMP 06E60FCA
.text C:\Windows\Explorer.EXE[784] WININET.dll!InternetOpenUrlW 7713D722 5 Bytes JMP 06E60F9E
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 007D0FE5
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 007D0FC3
.text C:\Windows\system32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 007D0FD4
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00330F48
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00330098
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 003300C4
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00330F2D
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00330F77
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00330FD4
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 00330087
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 0033005B
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 00330FAF
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 00330F9E
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 0033002C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 00330076
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 00330F12
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 003300A9
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 00320031
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!system 75E9804B 5 Bytes JMP 00320FA6
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 00320FD2
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_open 75E9D106 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 00320FC1
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 0032000C
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00340047
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00340FC0
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00340FA5
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00340062
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00340011
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00340FE5
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 0034002C
.text C:\Windows\system32\svchost.exe[876] WS2_32.dll!socket 776836D1 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 0073000A
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00730FE5
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 0073001B
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00720F8D
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 007200C9
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00720109
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00720F68
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 0072009D
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 0072000A
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0072002F
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 00720F9E
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 00720082
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 00720040
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 00720065
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 00720FB9
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 007200AE
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 00720F57
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 00720FDE
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 00720FEF
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 007200E4
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 00740FD4
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!system 75E9804B 5 Bytes JMP 00740055
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 00740029
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_open 75E9D106 5 Bytes JMP 00740FEF
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 0074003A
.text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 0074000C
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00750F9E
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00750025
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00750FEF
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00750040
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00750F8D
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00750014
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00750FD4
.text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00750FC3
.text C:\Windows\system32\svchost.exe[884] WS2_32.dll!socket 776836D1 5 Bytes JMP 00870000
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 001C0FE5
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 001C001B
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 001700A1
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00170086
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 001700CD
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 001700B2
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00170F76
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00170011
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00170022
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 0017006B
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 00170F87
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 00170FA2
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 00170044
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 00170033
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 00170F5B
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 00170F25
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 00170FDB
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 00170F36
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 001E0FAB
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!system 75E9804B 5 Bytes JMP 001E0036
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 001E0000
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_open 75E9D106 5 Bytes JMP 001E0FE3
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 001E0FC6
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 001F0FB6
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 001F004E
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 001F0FC7
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 001F0FA5
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 001F0022
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 001F0011
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 001F003D
.text C:\Windows\system32\svchost.exe[944] WS2_32.dll!socket 776836D1 5 Bytes JMP 00200000
.text C:\Windows\System32\svchost.exe[1044] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 0074000A
.text C:\Windows\System32\svchost.exe[1044] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00740FE5
.text C:\Windows\System32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 0074001B
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00160058
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00160047
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00160ECB
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00160EDC
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00160F41
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00160FD4
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0016001B
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 00160F1C
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 00160F5E
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 00160F94
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 00160F79
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 00160FA5
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 00160036
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 00160087
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 00160000
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 00160EF7
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 008E0FA6
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!system 75E9804B 5 Bytes JMP 008E0FB7
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 008E0FD9
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_open 75E9D106 5 Bytes JMP 008E000C
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 008E0FC8
.text C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 008E001D
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00180FC0
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00180051
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 0018000A
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00180062
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00180FAF
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00180FE5
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 0018001B
.text C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00180036
.text C:\Windows\System32\svchost.exe[1044] WS2_32.dll!socket 776836D1 5 Bytes JMP 008F000A
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 01660000
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 01660FE5
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 0166001B
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 01190096
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 01190F50
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 01190F10
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 01190F2B
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 01190F86
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 01190025
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 01190FCA
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 0119007B
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 01190F97
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 0119004A
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 01190FA8
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 01190FB9
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 01190F6B
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 011900C2
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 01190FE5
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 0119000A
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 011900A7
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 01670FA6
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!system 75E9804B 5 Bytes JMP 01670031
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 01670FC1
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_open 75E9D106 5 Bytes JMP 01670FEF
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 0167000C
.text C:\Windows\System32\svchost.exe[1072] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 01670FD2
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 01610040
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 01610025
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 01610FEF
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 01610F9E
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 01610F8D
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 01610FD4
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 0161000A
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 01610FAF
.text C:\Windows\System32\svchost.exe[1072] WS2_32.dll!socket 776836D1 5 Bytes JMP 01700FEF
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 014C000A
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 014C0FDE
.text C:\Windows\system32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 014C0FEF
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 01430F44
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 01430F55
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 014300CA
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 01430F29
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 01430065
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 01430FCD
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0143001E
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 01430080
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 01430054
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 01430043
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 01430F97
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 01430FB2
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 01430F70
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 014300DB
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 01430FDE
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 01430FEF
.text C:\Windows\system32\svchost.exe[1088] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 014300A5
.text C:\Windows\system32\svchost.exe[1088] msvcrt.dll!_wsystem 75E97F2F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1088] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 01D50033
.text C:\Windows\system32\svchost.exe[1088] msvcrt.dll!system 75E9804B 5 Bytes JMP 01D50018
.text C:\Windows\system32\svchost.exe[1088] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 01D50FC3
.text C:\Windows\system32\svchost.exe[1088] msvcrt.dll!_open 75E9D106 5 Bytes JMP 01D50FEF
.text C:\Windows\system32\svchost.exe[1088] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 01D50FA8
.text C:\Windows\system32\svchost.exe[1088] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 01D50FDE
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 01450FA5
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 01450FC0
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 01450FEF
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 0145003D
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 01450F8A
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 01450011
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 01450000
.text C:\Windows\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 0145002C
.text C:\Windows\system32\svchost.exe[1088] WS2_32.dll!socket 776836D1 5 Bytes JMP 01D60000
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 00240FE5
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00240000
.text C:\Windows\system32\svchost.exe[1192] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 00240FD4
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 001E0F29
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 001E0F44
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 001E009B
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 001E0080
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 001E0F81
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 001E0014
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 001E0025
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 001E0F55
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 001E0F92
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 001E0040
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 001E005B
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 001E0F66
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 001E00AC
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[1192] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 001E0F0E
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 00290FC3
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!system 75E9804B 5 Bytes JMP 00290FD4
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 00290029
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_open 75E9D106 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 0029003A
.text C:\Windows\system32\svchost.exe[1192] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 00290018
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00230F68
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00230F9E
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00230F8D
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00230F57
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00230FD4
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00230FEF
.text C:\Windows\system32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00230FB9
.text C:\Windows\system32\svchost.exe[1192] WS2_32.dll!socket 776836D1 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 01520FE5
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 0152001B
.text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 01520000
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 01400F6B
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 01400F86
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 01400F49
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 014000D6
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 01400FA1
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 01400FDE
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 0140002F
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 014000A7
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 0140007B
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 01400FBC
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 0140005E
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 01400FCD
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 01400096
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 014000FB
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 0140000A
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 01400FEF
.text C:\Windows\system32\svchost.exe[1260] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 01400F5A
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 0153003D
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!system 75E9804B 5 Bytes JMP 01530FB2
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 01530022
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_open 75E9D106 5 Bytes JMP 01530000
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 01530FCD
.text C:\Windows\system32\svchost.exe[1260] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 01530011
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 01490FBC
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 0149004A
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 01490000
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 01490FCD
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 01490FAB
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 0149002F
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 01490FEF
.text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 01490FDE
.text C:\Windows\system32\svchost.exe[1260] WS2_32.dll!socket 776836D1 5 Bytes JMP 01590FEF
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenA 770D4E2B 5 Bytes JMP 01540000
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenUrlA 770DBFCE 5 Bytes JMP 01540FCA
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenW 7710C03E 5 Bytes JMP 01540FDB
.text C:\Windows\system32\svchost.exe[1260] WININET.dll!InternetOpenUrlW 7713D722 5 Bytes JMP 0154001B
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 02A20FEF
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 02A2001B
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 02A20000
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 02A000A4
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 02A00F54
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 02A000D7
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 02A000C6
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 02A00F83
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 02A0001B
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 02A0002C
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 02A00089
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 02A00051
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 02A00FAF
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 02A00F94
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 02A00FC0
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 02A0006E
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 02A00F2F
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 02A00FEF
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 02A0000A
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 02A000B5
.text C:\Windows\system32\svchost.exe[1424] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 018B0FA5
.text C:\Windows\system32\svchost.exe[1424] msvcrt.dll!system 75E9804B 5 Bytes JMP 018B003A
.text C:\Windows\system32\svchost.exe[1424] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 018B0029
.text C:\Windows\system32\svchost.exe[1424] msvcrt.dll!_open 75E9D106 5 Bytes JMP 018B000C
.text C:\Windows\system32\svchost.exe[1424] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 018B0FCA
.text C:\Windows\system32\svchost.exe[1424] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 018B0FEF
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 02A1006F
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 02A1004A
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 02A10000
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 02A10FC3
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 02A10080
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 02A1002F
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 02A10FEF
.text C:\Windows\system32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 02A10FDE
.text C:\Windows\system32\svchost.exe[1424] WS2_32.dll!socket 776836D1 5 Bytes JMP 018C0FEF
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 00DC0000
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00DC0025
.text C:\Windows\system32\svchost.exe[1788] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 00DC0FEF
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 008B0FA8
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 008B00EE
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 008B0124
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 008B0F8D
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 008B0FB9
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 008B002F
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 008B00C9
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 008B0087
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 008B005B
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 008B0076
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 008B004A
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 008B00AE
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 76D5903B 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 008B013F
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 008B0109
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 008A0F9F
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!system 75E9804B 5 Bytes JMP 008A0FB0
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 008A0FC1
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_open 75E9D106 5 Bytes JMP 008A0FEF
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 008A0016
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 008A0FD2
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00DB0047
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00DB001B
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00DB002C
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00DB0062
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00DB0FCA
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00DB0FE5
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00DB0FAF
.text C:\Windows\system32\svchost.exe[1788] WS2_32.dll!socket 776836D1 5 Bytes JMP 00DD0000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2828] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 699C9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2828] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 699C99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2968] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[2968] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00770FDE
.text C:\Windows\system32\svchost.exe[2968] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 00770FEF
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00740F30
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 0074006C
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 007400A2
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00740087
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00740F5C
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00740FCA
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00740025
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 00740F41
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 00740040
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 00740F9E
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 00740F8D
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 00740FB9
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 0074005B
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 007400B3
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 0074000A
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 00740FEF
.text C:\Windows\system32\svchost.exe[2968] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 00740F15
.text C:\Windows\system32\svchost.exe[2968] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 00180036
.text C:\Windows\system32\svchost.exe[2968] msvcrt.dll!system 75E9804B 5 Bytes JMP 00180025
.text C:\Windows\system32\svchost.exe[2968] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[2968] msvcrt.dll!_open 75E9D106 5 Bytes JMP 00180FE3
.text C:\Windows\system32\svchost.exe[2968] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 00180FAB
.text C:\Windows\system32\svchost.exe[2968] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 00180FD2
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00760F94
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00760FB9
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00760FEF
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00760040
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00760F83
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 0076000A
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 00760FD4
.text C:\Windows\system32\svchost.exe[2968] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00760025
.text C:\Windows\system32\svchost.exe[2968] WS2_32.dll!socket 776836D1 5 Bytes JMP 008A0FEF
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateFile 77564224 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtCreateProcess 775642E4 5 Bytes JMP 00080FD4
.text C:\Windows\System32\svchost.exe[3124] ntdll.dll!NtProtectVirtualMemory 77564B84 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!GetStartupInfoW 76D11929 5 Bytes JMP 00060079
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!GetStartupInfoA 76D119C9 5 Bytes JMP 00060F33
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreateProcessW 76D11BF3 5 Bytes JMP 00060EEC
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreateProcessA 76D11C28 5 Bytes JMP 00060F07
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!VirtualProtect 76D11DC3 5 Bytes JMP 00060040
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreateNamedPipeA 76D12EF5 5 Bytes JMP 00060FB9
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreateNamedPipeW 76D15C0C 5 Bytes JMP 00060014
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreatePipe 76D38E6E 5 Bytes JMP 00060F44
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!LoadLibraryExW 76D39109 5 Bytes JMP 00060F66
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!LoadLibraryW 76D39362 5 Bytes JMP 0006002F
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!LoadLibraryExA 76D394B4 5 Bytes JMP 00060F83
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!LoadLibraryA 76D394DC 5 Bytes JMP 00060FA8
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!VirtualProtectEx 76D3DBDA 5 Bytes JMP 00060F55
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!GetProcAddress 76D5903B 5 Bytes JMP 00060EDB
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreateFileW 76D5AECB 5 Bytes JMP 00060FDE
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!CreateFileA 76D5CE5F 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3124] kernel32.dll!WinExec 76DA5CF7 5 Bytes JMP 00060F18
.text C:\Windows\System32\svchost.exe[3124] msvcrt.dll!_wsystem 75E97F2F 5 Bytes JMP 0005003D
.text C:\Windows\System32\svchost.exe[3124] msvcrt.dll!system 75E9804B 5 Bytes JMP 00050FB2
.text C:\Windows\System32\svchost.exe[3124] msvcrt.dll!_creat 75E9BBE1 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[3124] msvcrt.dll!_open 75E9D106 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3124] msvcrt.dll!_wcreat 75E9D326 5 Bytes JMP 00050FCD
.text C:\Windows\System32\svchost.exe[3124] msvcrt.dll!_wopen 75E9D501 5 Bytes JMP 0005000C
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyExA 771F39AB 5 Bytes JMP 00070040
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyA 771F3BA9 5 Bytes JMP 00070FAF
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyA 771F89C7 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyW 7720391E 5 Bytes JMP 00070F9E
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegCreateKeyExW 772041F1 5 Bytes JMP 00070051
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyExA 77207C42 5 Bytes JMP 00070FE5
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyW 7720E2B5 5 Bytes JMP 0007001B
.text C:\Windows\System32\svchost.exe[3124] ADVAPI32.dll!RegOpenKeyExW 77217BA1 5 Bytes JMP 00070FC0
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73F17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73F6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73F1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73F175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73F1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73F0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73F0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73F3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[784] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73F12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\mfevtps.exe[2920] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [001FA4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[2920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [001FA510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xFC 0x81 0x2B 0xBE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!\22!i!y!`!c!i!{!f!t!e!t!i!s!m! 19583823
---- EOF - GMER 1.0.15 ----
|
|
27.05.2011, 09:15
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!grb eingefangen Dann kann man den unbekannten MBR dieser Datenplatte ignorieren. Ist nur relevant, wenn es eine interne Platte ist, von der das Betriebssystem gebootet wird. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2011, 17:02
| #23 |
| | FakeAlert!grb eingefangen Hallo Arne: hier das Malewarebytes logfile, zu Rest komme ich erst morgen: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6726 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 31.05.2011 02:35:08 mbam-log-2011-05-31 (02-35-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 562842 Laufzeit: 4 Stunde(n), 26 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
31.05.2011, 22:23
| #24 |
| | FakeAlert!grb eingefangen Hier das logfile von Antispyware: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/31/2011 at 10:43 PM Application Version : 4.53.1000 Core Rules Database Version : 7167 Trace Rules Database Version: 4979 Scan type : Complete Scan Total Scan Time : 04:26:02 Memory items scanned : 903 Memory threats detected : 0 Registry items scanned : 11337 Registry threats detected : 0 File items scanned : 425168 File threats detected : 80 Adware.Tracking Cookie C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@click.orgycash[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@www.footfetishporno[2].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@ad.adserver01[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@ads.sun[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@doubleclick[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@traffictrack[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@xiti[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@tradedoubler[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@adultfriendfinder[2].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@www.barefootfuckers[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@marialovesporn[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@divx.112.2o7[1].txt C:\Users\Alex und Ramona\AppData\Roaming\Microsoft\Windows\Cookies\alex_und_ramona@2o7[2].txt ad-emea.doubleclick.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] adserv.quality-channel.de [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] adtech.panthercustomer.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] advprotraffic.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] aka-cdn-ns.adtech.de [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] akamai.smartadserver.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] banners.securedataimages.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] bc.youporn.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] broadcast.piximedia.fr [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] cdn-www.pornhub.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] cdn.eyewonder.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] cdn1.eyewonder.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] cdn2.invitemedia.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] cdn4.specificclick.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] cdn5.specificclick.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] content.yieldmanager.edgesuite.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] googleads.g.doubleclick.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] hardcoreporntube.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] ia.media-imdb.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] imagesrv.adition.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] m1.2mdn.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] m1.emea.2mdn.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] media.autobild.de [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] media.mtvnservices.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] media01.videoplayer.hu [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] media1.break.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] naiadsystems.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] onlybestsex.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] pornder.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] pornotube.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] richmedia.yimg.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] s0.2mdn.net [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] secure-ds.serving-sys.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] secure-us.imrworldwide.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] serving-sys.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] spe.atdmt.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] static.eporner.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] vidii.hardsextube.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.alphaporno.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.freshteen.biz [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.haporn.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.mofosex.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.myfuckinwife.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.pornhub.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.pornotube.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.porntelecast.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.porntown.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.sexkiste.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.sexroulette.tv [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.sextube.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.teenist.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] www.yporn.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] wwwstatic.megaporn.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] xxlporntube.com [ C:\Users\Alex und Ramona\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\T63D4F7S ] Trojan.Agent/Gen-Bancos C:\PROGRAM FILES\SCENEO\BONAVISTA\BDSUPDATE.DLL Trojan.Agent/Gen-Cryptor[Egun] C:\USERS\ALEX UND RAMONA\DOCUMENTS\RAMONA\SCHULE\PHYSIK\FACHBETREUERTAGUNG\HTML-RLFB\WELLMA6.EXE C:\USERS\ALEX UND RAMONA\DOCUMENTS\RAMONA\SCHULE\PHYSIK\FACHBETREUERTAGUNG\POWERPOINT\LP PH 10\WELLENMASCHINEN\WELLMA6.EXE C:\USERS\ALEX UND RAMONA\DOCUMENTS\RAMONA\SCHULE\PHYSIK\FACHBETREUERTAGUNG\SIMULATIONEN-PC\WELLENMASCHINEN\WELLMA6.EXE C:\USERS\ALEX UND RAMONA\DOCUMENTS\RAMONA\SCHULE\PHYSIK\RLFB-MATERIAL 9 UND 10\HTML-RLFB\WELLMA6.EXE C:\USERS\ALEX UND RAMONA\DOCUMENTS\RAMONA\SCHULE\PHYSIK\RLFB-MATERIAL 9 UND 10\POWERPOINT\LP PH 10\WELLENMASCHINEN\WELLMA6.EXE C:\USERS\ALEX UND RAMONA\DOCUMENTS\RAMONA\SCHULE\PHYSIK\RLFB-MATERIAL 9 UND 10\SIMULATIONEN-PC\WELLENMASCHINEN\WELLMA6.EXE E:\DOCUMENTS\RAMONA\SCHULE\PHYSIK\FACHBETREUERTAGUNG\HTML-RLFB\WELLMA6.EXE E:\DOCUMENTS\RAMONA\SCHULE\PHYSIK\FACHBETREUERTAGUNG\POWERPOINT\LP PH 10\WELLENMASCHINEN\WELLMA6.EXE E:\DOCUMENTS\RAMONA\SCHULE\PHYSIK\FACHBETREUERTAGUNG\SIMULATIONEN-PC\WELLENMASCHINEN\WELLMA6.EXE E:\DOCUMENTS\RAMONA\SCHULE\PHYSIK\RLFB-MATERIAL 9 UND 10\HTML-RLFB\WELLMA6.EXE E:\DOCUMENTS\RAMONA\SCHULE\PHYSIK\RLFB-MATERIAL 9 UND 10\POWERPOINT\LP PH 10\WELLENMASCHINEN\WELLMA6.EXE E:\DOCUMENTS\RAMONA\SCHULE\PHYSIK\RLFB-MATERIAL 9 UND 10\SIMULATIONEN-PC\WELLENMASCHINEN\WELLMA6.EXE |
|
01.06.2011, 08:59
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!grb eingefangen Die Cookies können weg. Der Rest von SUPERAntiSpyware sieht stark nach Fehlalarmen aus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2011, 18:19
| #26 |
| | FakeAlert!grb eingefangen Hier die Textdatei von ESAT: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK |
|
01.06.2011, 21:15
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!grb eingefangen Offensichtlich keine Funde? Ist das so? Log sieht etwas dürftig aus!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2011, 19:41
| #28 |
| | FakeAlert!grb eingefangen Habe die Anleitung befolgt, das war alles was im Anschluss in der Textdadei vorhanden war. |
|
03.06.2011, 19:43
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | FakeAlert!grb eingefangen Hm also keine Funde. Rechner wieder im Lot? SASW hatte nur Cookies und Fehlalarme.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.06.2011, 16:47
| #30 | |
| | FakeAlert!grb eingefangenZitat:
ich denke schon. Soll ich zur Sicherheit noch was testen oder kann ich davon ausgehen, dass er wieder virusfrei ist? Gruß, Alex |
|
| Themen zu FakeAlert!grb eingefangen |
| adobe, alternate, autorun, bho, bonjour, canon, computer, defender, error, excel.exe, fehlermeldung, festplatte, firefox, format, home, iexplore.exe, install.exe, maßnahme, mozilla, nvlddmkm.sys, object, oldtimer, phishing, plug-in, realtek, recycle.bin, registry, searchplugins, senden, siteadvisor, software, start menu, trojaner, usb, vista, vista recovery, windows |
Linear-Darstellung
