Hallo,
folgendes Problem hat sich heute ergeben:
Während ich meinen PC mit Windows XP auf einem Benutzerkonto mit eingeschränkten Rechten benutzte, zeigte Mcafee an, daß "torrent.exe" auf das Internet zugreifen möchte, was ich blockierte. Außerdem beendete ich "torrent.exe" über den Taskmanager. Sonstige Symptome zeigten sich bisher nicht. Die Datei "torrent.exe" befindet sich unter C:\Dokumente und Einstellungen\alle\Anwendungsdaten und ist 100 kb groß. Wenn ich Windows als Administrator starte, entwickelt "torrent.exe" keine mit dem Taskmanager erkennbaren Aktivitäten, das eingeschränkte Benutzerkonto habe ich seither nicht mehr genutzt. Die angehängten Logfiles habe ich als Administrator erstellt. Falls das von Bedeutung sein sollte: Mein Rechner ist einschließlich Systempartition mit Truecrypt verschlüsselt.
dds:
.DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.0.0
Run by Administrator at 16:21:48 on 2012-03-06
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1015.571 [GMT 1:00]
.
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Java\jre7\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\McAfee.com\Agent\mcagent.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TrueCrypt\TrueCrypt.exe
C:\Programme\McAfee\VirusScan\mcods.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\programme\gemeinsame dateien\mcafee\systemcore\ScriptSn.20111224162652.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\programme\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [TrueCrypt] "c:\programme\truecrypt\TrueCrypt.exe" /q preferences /a logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [mcui_exe] "c:\programme\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Smapp] c:\programme\analog devices\soundmax\SMTray.exe
mRun: [DrvLsnr] c:\programme\analog devices\soundmax\DrvLsnr.exe
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\srnjfj~1.lnk - c:\installation\SRNJFJVWE.EXE
IE: Alles mit FDM herunterladen - file://c:\programme\free download manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\free download manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\free download manager\dllink.htm
IE: Free YouTube Download - c:\dokumente und einstellungen\administrator\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\administrator\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\programme\free download manager\dlfvideo.htm
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\programme\icq7.7\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3AE9FA74-F124-4DC9-A388-78D3AE8F8168} : NameServer = 89.233.43.71,89.104.194.142
TCP: Interfaces\{3AE9FA74-F124-4DC9-A388-78D3AE8F8168} : DhcpNameServer = 192.168.178.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\administrator\anwendungsdaten\mozilla\firefox\profiles\55yu2zzk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.ftp - erfurt.perfect-privacy.com
FF - prefs.js: network.proxy.ftp_port - 1
FF - prefs.js: network.proxy.http - erfurt.perfect-privacy.com
FF - prefs.js: network.proxy.http_port - 1
FF - prefs.js: network.proxy.socks - erfurt.perfect-privacy.com
FF - prefs.js: network.proxy.socks_port - 1
FF - prefs.js: network.proxy.ssl - erfurt.perfect-privacy.com
FF - prefs.js: network.proxy.ssl_port - 1
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\programme\mcafee\siteadvisor\NPMcFFPlg32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 464176]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-7-12 89792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\gemeinsame dateien\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\programme\gemeinsame dateien\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\programme\gemeinsame dateien\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McProxy;McAfee Proxy Service;c:\programme\gemeinsame dateien\mcafee\mcsvchost\McSvHost.exe [2011-7-12 214904]
R2 McShield;McAfee McShield;c:\programme\gemeinsame dateien\mcafee\systemcore\mcshield.exe [2011-7-12 166288]
R2 mfefire;McAfee Firewall Core Service;c:\programme\gemeinsame dateien\mcafee\systemcore\mfefire.exe [2011-7-12 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-12 150856]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-7-12 57600]
R3 cxbu0wdm;SmartBoard XX44;c:\windows\system32\drivers\cxbu0wdm.sys [2010-1-25 115712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-12 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-12 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-7-12 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-7-12 83856]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\programme\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-7-12 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-12 87656]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;\??\c:\programme\msi\live update 5\msibios32_100507.sys --> c:\programme\msi\live update 5\msibios32_100507.sys [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\c:\programme\msi\live update 5\ntiolib.sys --> c:\programme\msi\live update 5\NTIOLib.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
S3 WXGST;WXGST;c:\dokume~1\admini~1\lokale~1\temp\wxgst.exe --> c:\dokume~1\admini~1\lokale~1\temp\WXGST.exe [?]
.
=============== Created Last 30 ================
.
2012-02-29 22:17:05 -------- d-----w- c:\windows\system32\Logs
2012-02-14 23:54:36 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 23:54:36 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-09 14:58:27 -------- d-----w- c:\dokumente und einstellungen\administrator\lokale einstellungen\anwendungsdaten\Sun
2012-02-06 20:03:51 128000 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-06 19:54:37 -------- d-----w- c:\programme\JonDo
.
==================== Find3M ====================
.
2012-02-06 20:02:15 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 17:20:28 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:53:33 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:53:33 672768 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53:33 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:52:06 371200 ----a-w- c:\windows\system32\html.iec
2011-12-19 06:34:29 22032 ----a-w- c:\windows\DCEBoot.exe
2011-12-18 13:50:43 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-12-18 13:50:42 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-12-18 13:50:40 34048 ----a-w- c:\windows\system32\eEmpty.exe
.
============= FINISH: 16:22:38,11 ===============
--- --- ---
attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/09/2010 09:46:38
System Uptime: 06/03/2012 00:30:29 (16 hours ago)
.
Motherboard: Hewlett-Packard | | 085Ch
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2793/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 2,146 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
Device ID: ACPI\PNP0303\4&369939D9&0
Manufacturer: (Standardtastaturen)
Name: Standardtastatur (101/102 Tasten) oder Microsoft Natural Keyboard (PS/2)
PNP Device ID: ACPI\PNP0303\4&369939D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP214: 31/01/2012 02:15:50 - Systemprüfpunkt
RP215: 01/02/2012 03:00:44 - Software Distribution Service 3.0
RP216: 02/02/2012 14:58:26 - Systemprüfpunkt
RP217: 03/02/2012 14:34:22 - Created by Wise Registry Cleaner
RP218: 06/02/2012 04:00:50 - Systemprüfpunkt
RP219: 06/02/2012 21:02:03 - Java(TM) 7 wird installiert
RP220: 07/02/2012 22:20:01 - Systemprüfpunkt
RP221: 09/02/2012 00:30:46 - Systemprüfpunkt
RP222: 10/02/2012 00:48:56 - Systemprüfpunkt
RP223: 11/02/2012 04:56:53 - Systemprüfpunkt
RP224: 12/02/2012 18:36:54 - Systemprüfpunkt
RP225: 13/02/2012 21:19:08 - Systemprüfpunkt
RP226: 14/02/2012 21:47:47 - Systemprüfpunkt
RP227: 15/02/2012 02:17:26 - Software Distribution Service 3.0
RP228: 16/02/2012 02:30:19 - Systemprüfpunkt
RP229: 17/02/2012 17:48:36 - Systemprüfpunkt
RP230: 19/02/2012 01:37:02 - Systemprüfpunkt
RP231: 20/02/2012 07:41:37 - Systemprüfpunkt
RP232: 21/02/2012 10:46:10 - Systemprüfpunkt
RP233: 22/02/2012 10:53:37 - Systemprüfpunkt
RP234: 23/02/2012 11:21:48 - Systemprüfpunkt
RP235: 24/02/2012 14:03:23 - Systemprüfpunkt
RP236: 25/02/2012 14:16:11 - Systemprüfpunkt
RP237: 26/02/2012 15:21:07 - Systemprüfpunkt
RP238: 27/02/2012 16:15:35 - Systemprüfpunkt
RP239: 28/02/2012 20:10:46 - Systemprüfpunkt
RP240: 01/03/2012 02:37:35 - Systemprüfpunkt
RP241: 02/03/2012 02:47:25 - Systemprüfpunkt
RP242: 03/03/2012 05:24:50 - Systemprüfpunkt
RP243: 04/03/2012 07:00:26 - Systemprüfpunkt
RP244: 05/03/2012 08:40:03 - Systemprüfpunkt
RP245: 06/03/2012 09:38:07 - Systemprüfpunkt
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.2) - Deutsch
AutostartAdministrator 2.0
Broadcom Management Programs
Broadcom NetXtreme Ethernet Controller
CCleaner
CDisplayEx 1.8
Doc Scrubber v1.1
E3MC - Windows Shutdown Timer v5.7 Full
Eraser 6.0.8.2273
EVEREST Home Edition v2.20
FormatFactory 2.70
Fotobounce 3.6.0
Free Download Manager 3.0
Free Studio version 5.2.1
FreeOCR 3.0
GIMP 2.6.11
GNU Privacy Guard
Hotfix für Windows XP (KB2633952)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
ICQ7.7
Intel(R) Extreme Graphics 2 Driver
IrfanView (remove only)
ISO Recorder
Java Auto Updater
Java(TM) 7
JDownloader 0.9
JonDo
McAfee Internet Security
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (German) 2007
Microsoft Software Update for Web Folders (German) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 6.0.2 (x86 de)
Mozilla Thunderbird (6.0.2)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Premium
OpenVPN 2.1.1
Opera 11.61
PDFCreator
RegRun 1.51
Secure Eraser v4.0
Security Task Manager 1.8d
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sicherheitsupdate für Windows XP (KB2544893-v2)
Sicherheitsupdate für Windows XP (KB2584146)
Sicherheitsupdate für Windows XP (KB2585542)
Sicherheitsupdate für Windows XP (KB2598479)
Sicherheitsupdate für Windows XP (KB2603381)
Sicherheitsupdate für Windows XP (KB2618444)
Sicherheitsupdate für Windows XP (KB2618451)
Sicherheitsupdate für Windows XP (KB2619339)
Sicherheitsupdate für Windows XP (KB2620712)
Sicherheitsupdate für Windows XP (KB2624667)
Sicherheitsupdate für Windows XP (KB2631813)
Sicherheitsupdate für Windows XP (KB2633171)
Sicherheitsupdate für Windows XP (KB2639417)
Sicherheitsupdate für Windows XP (KB2646524)
Sicherheitsupdate für Windows XP (KB2647516)
Sicherheitsupdate für Windows XP (KB2660465)
Sicherheitsupdate für Windows XP (KB2661637)
Sicherheitsupdate für Windows XP (KB923789)
SoundMAX
TrueCrypt
Update für Windows XP (KB2641690)
Update für Windows XP (KB961503)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Vidshow
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-Bit)
Wise Disk Cleaner 6.15
Wise PC Engineer 6.3.8
Wise Registry Cleaner 6.14
.
==== End Of File ===========================
gmer:
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-06 16:34:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: i6tznwre.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kxldrpow.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF75B74C0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF75B74D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF75B7500]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF75B7556]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF75B74AC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF75B7484]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF75B7498]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF75B74EA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF75B752C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF75B7516]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF75B7580]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF75B756C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF75B7540]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 009A0025
.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A2006E
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A20F83
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A20F94
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A20051
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A2002F
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A20F52
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A2009A
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A20F30
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A200BF
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A200DA
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A20040
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A20089
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A20F41
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 009D005B
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 009D001B
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 009D0F94
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 009D0FAF
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [C0, 88]
.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 009D0036
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 009C0FAD
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!system 77BF93C7 5 Bytes JMP 009C0038
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 009C001D
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_open 77BFF566 5 Bytes JMP 009C000C
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 009C0FC8
.text C:\WINDOWS\system32\svchost.exe[416] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[416] WS2_32.dll!socket 71A14211 5 Bytes JMP 009B0000
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A6006E
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A6005D
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A60F83
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A60F94
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A60FB6
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A600A1
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60090
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F3E
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A600D7
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A600F2
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A60FA5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A6007F
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A6002C
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A6001B
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A600BC
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00A5005B
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00A50F9E
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00A50040
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00A50FB9
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00940FA6
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00940031
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00940FD2
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00940FEF
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00940FC1
.text C:\WINDOWS\system32\svchost.exe[1028] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0094000C
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenW 7718AF61 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenA 771957AE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenUrlA 77195A7A 5 Bytes JMP 00930025
.text C:\WINDOWS\system32\svchost.exe[1028] WININET.dll!InternetOpenUrlW 771A5BB2 5 Bytes JMP 00930036
.text C:\WINDOWS\system32\svchost.exe[1028] WS2_32.dll!socket 71A14211 5 Bytes JMP 00920FEF
.text C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00090000
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00090022
.text C:\WINDOWS\Explorer.EXE[1228] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00090011
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F48
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F6D
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0047
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B0F94
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F12
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F2D
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0EF0
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F01
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B009A
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0036
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0000
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0058
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0011
.text C:\WINDOWS\Explorer.EXE[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B007F
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 002A0F97
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 002A001B
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 002A0FE5
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 002A0054
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 002A0000
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 002A0FA8
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [4D, 88]
.text C:\WINDOWS\Explorer.EXE[1228] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 002B0FA8
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!system 77BF93C7 5 Bytes JMP 002B0033
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 002B0FCD
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_open 77BFF566 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 002B0022
.text C:\WINDOWS\Explorer.EXE[1228] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenW 7718AF61 5 Bytes JMP 002D000A
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenA 771957AE 5 Bytes JMP 002D0FEF
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenUrlA 77195A7A 5 Bytes JMP 002D0031
.text C:\WINDOWS\Explorer.EXE[1228] WININET.dll!InternetOpenUrlW 771A5BB2 5 Bytes JMP 002D0FDE
.text C:\WINDOWS\Explorer.EXE[1228] WS2_32.dll!socket 71A14211 5 Bytes JMP 01990FE5
.text C:\WINDOWS\system32\services.exe[1420] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1420] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00040FCD
.text C:\WINDOWS\system32\services.exe[1420] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30064
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30F6F
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30F8A
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30047
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C30FA5
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C30F32
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F43
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30EF2
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C30095
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C30ED7
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C3002C
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C30FE5
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C30F54
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30FCA
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C3001B
.text C:\WINDOWS\system32\services.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F21
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00070FBC
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 0007005E
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00070FCD
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00070FDE
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00070FA1
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00070043
.text C:\WINDOWS\system32\services.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00070032
.text C:\WINDOWS\system32\services.exe[1420] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00060038
.text C:\WINDOWS\system32\services.exe[1420] msvcrt.dll!system 77BF93C7 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[1420] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00060FC8
.text C:\WINDOWS\system32\services.exe[1420] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[1420] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00060FAD
.text C:\WINDOWS\system32\services.exe[1420] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 0006000C
.text C:\WINDOWS\system32\services.exe[1420] WS2_32.dll!socket 71A14211 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\lsass.exe[1432] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\lsass.exe[1432] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\lsass.exe[1432] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F68
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F83
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C2005D
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20040
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20014
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F2D
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C2007F
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F01
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C2009A
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20EDC
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20025
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C2006E
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FA8
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\lsass.exe[1432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F1C
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\lsass.exe[1432] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\lsass.exe[1432] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00BE0FA6
.text C:\WINDOWS\system32\lsass.exe[1432] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00BE0FB7
.text C:\WINDOWS\system32\lsass.exe[1432] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00BE0FD2
.text C:\WINDOWS\system32\lsass.exe[1432] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\lsass.exe[1432] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00BE0031
.text C:\WINDOWS\system32\lsass.exe[1432] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\lsass.exe[1432] WS2_32.dll!socket 71A14211 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00F9000A
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00F90FD4
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FD0F4D
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FD0F68
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FD0042
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FD0F79
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FD0FAF
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FD0F1A
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FD0F2B
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD0091
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD0EEE
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FD0EDD
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FD0F8A
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FD0FE5
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FD0F3C
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FD001B
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FD0F09
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00FC0062
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00FC0FCA
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00FC000A
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00FC0051
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00FC0FEF
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00FC0036
.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00FC0FAF
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00FB004E
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00FB0FC3
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00FB0FDE
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00FB000C
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00FB0033
.text C:\WINDOWS\system32\svchost.exe[1592] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00FB0FEF
.text C:\WINDOWS\system32\svchost.exe[1592] WS2_32.dll!socket 71A14211 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00C80022
.text C:\WINDOWS\system32\svchost.exe[1696] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC00A1
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0086
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0075
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0058
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0FB6
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC0F80
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0F91
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0F5B
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC00F4
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC0119
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC003D
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC001B
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC00B2
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0FDB
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC002C
.text C:\WINDOWS\system32\svchost.exe[1696] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC00E3
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00CB0FCA
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00CB0047
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00CB001B
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00CB0000
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00CB0F94
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00CB0FE5
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00CB0FA5
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [EE, 88]
.text C:\WINDOWS\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00CB002C
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00CA0FB9
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00CA003A
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00CA0FCA
.text C:\WINDOWS\system32\svchost.exe[1696] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00CA001D
.text C:\WINDOWS\system32\svchost.exe[1696] WS2_32.dll!socket 71A14211 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\System32\svchost.exe[1888] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 018B0000
.text C:\WINDOWS\System32\svchost.exe[1888] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 018B0036
.text C:\WINDOWS\System32\svchost.exe[1888] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 018B0025
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02D30FEF
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02D30FA1
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02D3008C
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02D3007B
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02D30054
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02D30028
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02D30F5F
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02D300A7
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02D300F1
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02D300CC
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02D30F3D
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02D30039
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02D30FDE
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02D30F86
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02D30FB2
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02D30FCD
.text C:\WINDOWS\System32\svchost.exe[1888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02D30F4E
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 02BD0FCA
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 02BD0FB9
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 02BD001B
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 02BD000A
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 02BD0076
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 02BD0FEF
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 02BD0051
.text C:\WINDOWS\System32\svchost.exe[1888] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 02BD0036
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 02BC0FD1
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!system 77BF93C7 5 Bytes JMP 02BC005C
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 02BC003A
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_open 77BFF566 5 Bytes JMP 02BC0000
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 02BC004B
.text C:\WINDOWS\System32\svchost.exe[1888] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 02BC001D
.text C:\WINDOWS\System32\svchost.exe[1888] WS2_32.dll!socket 71A14211 5 Bytes JMP 018C0000
.text C:\WINDOWS\System32\svchost.exe[1888] WININET.dll!InternetOpenW 7718AF61 5 Bytes JMP 02AA0000
.text C:\WINDOWS\System32\svchost.exe[1888] WININET.dll!InternetOpenA 771957AE 5 Bytes JMP 02AA0FE5
.text C:\WINDOWS\System32\svchost.exe[1888] WININET.dll!InternetOpenUrlA 77195A7A 5 Bytes JMP 02AA0FCA
.text C:\WINDOWS\System32\svchost.exe[1888] WININET.dll!InternetOpenUrlW 771A5BB2 5 Bytes JMP 02AA0FAD
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 008D0FEF
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 008D0FC3
.text C:\WINDOWS\system32\svchost.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 008D0FD4
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00910F55
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0091004A
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0091002F
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00910F7C
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00910FA8
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00910F1D
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00910065
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00910EE0
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00910EF1
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00910EC5
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00910F8D
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00910F44
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00910FCA
.text C:\WINDOWS\system32\svchost.exe[1932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00910F02
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00900025
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00900F86
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00900FDE
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00900F97
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00900FA8
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1932] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 008F0FB0
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!system 77BF93C7 5 Bytes JMP 008F0FC1
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 008F0027
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_open 77BFF566 5 Bytes JMP 008F0000
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 008F0FD2
.text C:\WINDOWS\system32\svchost.exe[1932] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 008F0FE3
.text C:\WINDOWS\system32\svchost.exe[1932] WS2_32.dll!socket 71A14211 5 Bytes JMP 008E0FE5
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- EOF - GMER 1.0.15 ----
--- --- ---
Besten Dank im Voraus!
Gruß
Beaker 1987
