Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.01.2012, 15:51   #1
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hallo liebe Helfer,

ich habe mir gestern abend den Bundespolizei-Trojaner eingefangen, der 100€ haben will, damit er wieder weggeht.

Habe dann die Schritte dieser Seite "hxxp://www.redirect301.de/bundespolizei-trojaner-entfernen.html" befolgt.
Bei "Schritt 8" musste ich passen, denn der "Wert" war schon "explorer.exe".
Habe dann noch nach "jashla.exe" gesucht, aber nix gefunden.

Dann habe ich versucht, den Rechner normal zu starten, d.h. ohne abgesicherten Modus, es erschien jedoch wieder der Bundespolizei-Bildschirm.

Dann habe ich den Rechner im abgesicherten Modus gestartet, einen Quickscan mit Malwarebytes gemacht und die zwei infizierten Objekte entfernt. Hier die Logdatei dazu:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.06.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19170
Antonia :: BÄR [Administrator]

13.01.2012 00:22:29
mbam-log-2012-01-13 (00-22-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 180194
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Exploit.Drop.2) -> Daten: C:\Users\Antonia\AppData\Local\Temp\0.371507107841596.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Antonia\AppData\Local\Temp\0.371507107841596.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Danach ließ sich der Rechner wieder normal starten.
Heute habe ich nach Aktualisierung von Malwarebytes einen Vollscan durchgeführt, das infizierte Objekt entfernt und den Rechner neu gestartet. Logdatei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.13.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Antonia :: BÄR [Administrator]

13.01.2012 13:01:25
mbam-log-2012-01-13 (13-01-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 315049
Laufzeit: 2 Stunde(n), 25 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Antonia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\11c0c46e-7c81afe1 (Trojan.Zbot.CBCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         


Ich kann mir denken, dass es das noch nicht war und wäre euch sehr dankbar für eure Hilfe bzw Anweisungen, was nun zu tun ist.

Vielen Dank schonmal im Vorraus,

Antonia

Alt 13.01.2012, 19:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 14.01.2012, 00:03   #3
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hey,

hier die Logdatei:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b33150f058a4ee4386a9f6748aedb574
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-13 10:54:27
# local_time=2012-01-13 11:54:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 23255 164017641 0 0
# compatibility_mode=8192 67108863 100 0 3820 3820 0 0
# scanned=257865
# found=2
# cleaned=0
# scan_time=10353
C:\Users\Antonia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\78bf8d65-7820bedf	Java/Exploit.CVE-2011-3544.W trojan (unable to clean)	00000000000000000000000000000000	I
G:\Windows.old\Users\Antonia\AppData\Local\Temp\plugtmp-15\plugin-readme.pdf	PDF/Exploit.Gen trojan (unable to clean)	00000000000000000000000000000000	I
         

Danke und Gruß,
Antonia
__________________

Alt 14.01.2012, 00:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2012, 00:49   #5
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hier die Logdatei:


Code:
ATTFilter
OTL logfile created on: 14.01.2012 00:28:47 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Antonia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,31% Memory free
4,21 Gb Paging File | 3,11 Gb Available in Paging File | 73,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 51,71 Gb Free Space | 37,90% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,67 Gb Free Space | 56,67% Space Free | Partition Type: NTFS
Drive G: | 465,65 Gb Total Space | 198,78 Gb Free Space | 42,69% Space Free | Partition Type: FAT32
 
Computer Name: BÄR | User Name: Antonia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Antonia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe (IDT, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.09 16:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.08 13:52:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B0C7B7A6-EEEB-4069-98A8-B662FEF287D9}: C:\Users\Antonia\AppData\Local\{B0C7B7A6-EEEB-4069-98A8-B662FEF287D9}
 
[2010.05.30 14:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonia\AppData\Roaming\mozilla\Extensions
[2011.05.10 20:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonia\AppData\Roaming\mozilla\Firefox\Profiles\n1uqdehm.default\extensions
[2010.05.31 15:00:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Antonia\AppData\Roaming\mozilla\Firefox\Profiles\n1uqdehm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.11 16:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.12 12:02:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.01.09 16:40:35 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.22 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.05.10 22:00:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.08 14:53:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.08 14:53:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.08 14:53:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.08 14:53:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.08 14:53:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.08 14:53:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.02 21:48:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95042106-99C9-4F58-95D4-53AB7BA8DF2A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Antonia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Antonia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Programme\Dell\QuickSet\quickset.exe - (Dell Inc.)
MsConfig - StartUpFolder: C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Antonia\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe - ()
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= -  File not found
MsConfig - StartUpReg: DELL Webcam Manager - hkey= - key= - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: McAfeeUpdaterUI - hkey= - key= - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: ShStatEXE - hkey= - key= - C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - State: "startup" - 1
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.14 00:25:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Antonia\Desktop\OTL.exe
[2012.01.13 20:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.13 20:56:46 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Antonia\Desktop\esetsmartinstaller_enu.exe
[2012.01.08 10:30:12 | 000,000,000 | ---D | C] -- C:\Users\Antonia\Desktop\Ghana
[2012.01.06 00:34:15 | 000,000,000 | ---D | C] -- C:\Users\Antonia\Documents\Porddugall
[2011.12.16 16:43:22 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.12.16 14:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.16 14:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.16 14:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.05.10 21:57:56 | 016,537,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u25-windows-i586.exe
[2010.05.30 14:52:09 | 028,534,656 | ---- | C] (                                   ) -- C:\Program Files\AdbeRdr930_de_DE.exe
[2010.05.30 05:14:14 | 008,188,856 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.3.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.14 00:25:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Antonia\Desktop\OTL.exe
[2012.01.14 00:19:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.13 22:53:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 22:53:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 21:37:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.13 20:56:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Antonia\Desktop\esetsmartinstaller_enu.exe
[2012.01.13 15:34:13 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.13 15:33:32 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.13 00:23:37 | 000,006,648 | ---- | M] () -- C:\Users\Antonia\AppData\Local\d3d9caps.dat
[2012.01.06 18:50:53 | 000,248,887 | ---- | M] () -- C:\Users\Antonia\Documents\DSCN0435.jpg
[2012.01.06 00:29:30 | 000,060,928 | ---- | M] () -- C:\Users\Antonia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.06 00:19:53 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.06 00:19:53 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.06 00:19:53 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.06 00:19:53 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.04 13:36:50 | 000,432,177 | ---- | M] () -- C:\Users\Antonia\Documents\IMG_1548.JPG
[2012.01.03 10:43:44 | 000,441,825 | ---- | M] () -- C:\Users\Antonia\Documents\IMG_1541.JPG
[2011.12.16 15:30:07 | 000,255,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 14:28:15 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.13 00:29:48 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.06 18:50:51 | 000,248,887 | ---- | C] () -- C:\Users\Antonia\Documents\DSCN0435.jpg
[2012.01.06 16:05:40 | 000,441,825 | ---- | C] () -- C:\Users\Antonia\Documents\IMG_1541.JPG
[2012.01.06 16:05:21 | 000,432,177 | ---- | C] () -- C:\Users\Antonia\Documents\IMG_1548.JPG
[2011.12.16 14:28:15 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.05.02 21:39:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.02 21:39:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.02 21:39:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.02 21:39:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.02 21:39:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.29 13:49:53 | 000,000,475 | ---- | C] () -- C:\Users\Antonia\AppData\Roaming\Poladroid prefs.plist
[2010.06.28 13:10:50 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.06.28 13:10:50 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.06.28 13:10:49 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.06.28 13:10:49 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.06.28 13:10:49 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.06.28 13:10:49 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.06.28 13:10:49 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.06.28 13:10:49 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.06.28 13:10:49 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.06.28 13:10:49 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.06.28 13:10:49 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.06.28 13:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.06.28 13:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.06.28 13:10:49 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.06.28 13:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.06.28 13:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.06.28 13:10:49 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.06.28 13:10:49 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.06.28 13:10:49 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.06.28 13:08:57 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2010.06.04 14:25:29 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.02 18:48:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.02 18:48:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.02 18:47:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.05.30 15:10:44 | 082,143,228 | ---- | C] () -- C:\Program Files\McAfee_8.7i_20091202.exe
[2010.05.29 20:48:07 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010.05.29 20:48:06 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010.05.21 12:23:08 | 000,060,928 | ---- | C] () -- C:\Users\Antonia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.19 23:31:15 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.05.19 23:31:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.05.19 23:31:15 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.05.19 23:31:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.05.19 14:08:12 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.05.19 13:57:33 | 000,006,648 | ---- | C] () -- C:\Users\Antonia\AppData\Local\d3d9caps.dat
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 18:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 18:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 18:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,255,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.05.06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.05.12 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Dropbox
[2011.03.09 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\EPSON
[2011.05.10 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Foxit Software
[2012.01.13 15:32:42 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.02 21:47:52 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Adobe
[2011.05.31 16:07:28 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Apple Computer
[2010.09.07 03:02:33 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\CyberLink
[2011.05.12 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Dropbox
[2011.03.09 16:57:58 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\EPSON
[2011.05.10 22:08:07 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Foxit Software
[2010.05.19 13:57:44 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Identities
[2010.05.19 14:06:48 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\InstallShield
[2010.06.02 18:57:40 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Macromedia
[2011.04.27 16:19:11 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Media Center Programs
[2011.01.15 15:45:17 | 000,000,000 | --SD | M] -- C:\Users\Antonia\AppData\Roaming\Microsoft
[2010.05.30 14:47:37 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Mozilla
[2012.01.14 00:26:11 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\OpenOffice.org2
[2011.10.20 17:29:44 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\Skype
[2011.10.20 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\skypePM
[2011.05.09 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\SUPERAntiSpyware.com
[2011.02.11 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\vlc
[2010.07.09 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\Antonia\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.12.17 03:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\Antonia\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.12.17 03:24:34 | 000,153,176 | ---- | M] (Dropbox, Inc.) -- C:\Users\Antonia\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2007.12.08 13:34:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll

< End of report >
         

Gruß,
Antonia


Alt 14.01.2012, 14:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Bundespolizei-Trojaner eingefangen

Alt 14.01.2012, 15:30   #7
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hey,
hier die Logdatei:

Code:
ATTFilter
15:26:38.0335 0156	TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
15:26:38.0482 0156	============================================================
15:26:38.0482 0156	Current date / time: 2012/01/14 15:26:38.0482
15:26:38.0482 0156	SystemInfo:
15:26:38.0482 0156	
15:26:38.0482 0156	OS Version: 6.0.6002 ServicePack: 2.0
15:26:38.0482 0156	Product type: Workstation
15:26:38.0483 0156	ComputerName: BÄR
15:26:38.0483 0156	UserName: Antonia
15:26:38.0483 0156	Windows directory: C:\Windows
15:26:38.0483 0156	System windows directory: C:\Windows
15:26:38.0483 0156	Processor architecture: Intel x86
15:26:38.0483 0156	Number of processors: 2
15:26:38.0483 0156	Page size: 0x1000
15:26:38.0483 0156	Boot type: Normal boot
15:26:38.0483 0156	============================================================
15:26:40.0350 0156	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
15:26:40.0480 0156	Initialize success
15:27:04.0538 0868	============================================================
15:27:04.0538 0868	Scan started
15:27:04.0538 0868	Mode: Manual; SigCheck; TDLFS; 
15:27:04.0538 0868	============================================================
15:27:05.0305 0868	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:27:05.0571 0868	ACPI - ok
15:27:05.0678 0868	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:27:05.0721 0868	adp94xx - ok
15:27:05.0771 0868	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:27:05.0833 0868	adpahci - ok
15:27:05.0862 0868	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:27:05.0888 0868	adpu160m - ok
15:27:05.0941 0868	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:27:05.0970 0868	adpu320 - ok
15:27:06.0074 0868	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:27:06.0341 0868	AFD - ok
15:27:06.0389 0868	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:27:06.0414 0868	agp440 - ok
15:27:06.0485 0868	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:27:06.0514 0868	aic78xx - ok
15:27:06.0553 0868	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:27:06.0581 0868	aliide - ok
15:27:06.0614 0868	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:27:06.0639 0868	amdagp - ok
15:27:06.0663 0868	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:27:06.0692 0868	amdide - ok
15:27:06.0716 0868	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:27:06.0899 0868	AmdK7 - ok
15:27:06.0935 0868	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:27:07.0006 0868	AmdK8 - ok
15:27:07.0096 0868	ApfiltrService  (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:27:07.0274 0868	ApfiltrService - ok
15:27:07.0336 0868	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:27:07.0364 0868	arc - ok
15:27:07.0401 0868	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:27:07.0429 0868	arcsas - ok
15:27:07.0454 0868	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:07.0527 0868	AsyncMac - ok
15:27:07.0576 0868	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:27:07.0598 0868	atapi - ok
15:27:07.0659 0868	BCM42RLY - ok
15:27:07.0745 0868	BCM43XX         (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:27:07.0809 0868	BCM43XX - ok
15:27:07.0893 0868	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:27:07.0963 0868	Beep - ok
15:27:08.0045 0868	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:27:08.0110 0868	blbdrive - ok
15:27:08.0158 0868	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:27:08.0319 0868	bowser - ok
15:27:08.0364 0868	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:27:08.0491 0868	BrFiltLo - ok
15:27:08.0528 0868	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:27:08.0591 0868	BrFiltUp - ok
15:27:08.0637 0868	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:27:08.0842 0868	Brserid - ok
15:27:08.0879 0868	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:27:08.0982 0868	BrSerWdm - ok
15:27:09.0014 0868	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:27:09.0093 0868	BrUsbMdm - ok
15:27:09.0118 0868	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:27:09.0224 0868	BrUsbSer - ok
15:27:09.0289 0868	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:27:09.0377 0868	BTHMODEM - ok
15:27:09.0474 0868	catchme - ok
15:27:09.0504 0868	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:27:09.0583 0868	cdfs - ok
15:27:09.0637 0868	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:27:09.0722 0868	cdrom - ok
15:27:09.0764 0868	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:27:09.0882 0868	circlass - ok
15:27:09.0932 0868	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:27:09.0965 0868	CLFS - ok
15:27:10.0044 0868	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:27:10.0114 0868	CmBatt - ok
15:27:10.0145 0868	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:27:10.0171 0868	cmdide - ok
15:27:10.0212 0868	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:27:10.0235 0868	Compbatt - ok
15:27:10.0254 0868	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:27:10.0281 0868	crcdisk - ok
15:27:10.0326 0868	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:27:10.0390 0868	Crusoe - ok
15:27:10.0466 0868	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:27:10.0638 0868	DfsC - ok
15:27:10.0706 0868	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:27:10.0734 0868	disk - ok
15:27:10.0827 0868	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:27:10.0900 0868	drmkaud - ok
15:27:10.0974 0868	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:27:11.0015 0868	DXGKrnl - ok
15:27:11.0083 0868	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:27:11.0169 0868	E1G60 - ok
15:27:11.0252 0868	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:27:11.0286 0868	Ecache - ok
15:27:11.0351 0868	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:27:11.0390 0868	elxstor - ok
15:27:11.0432 0868	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:27:11.0493 0868	ErrDev - ok
15:27:11.0571 0868	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:27:11.0685 0868	exfat - ok
15:27:11.0730 0868	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:27:11.0804 0868	fastfat - ok
15:27:11.0897 0868	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:27:11.0965 0868	fdc - ok
15:27:12.0041 0868	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:27:12.0066 0868	FileInfo - ok
15:27:12.0093 0868	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:27:12.0159 0868	Filetrace - ok
15:27:12.0211 0868	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:12.0300 0868	flpydisk - ok
15:27:12.0383 0868	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:27:12.0414 0868	FltMgr - ok
15:27:12.0452 0868	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:27:12.0525 0868	Fs_Rec - ok
15:27:12.0560 0868	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:27:12.0589 0868	gagp30kx - ok
15:27:12.0646 0868	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:27:12.0721 0868	GEARAspiWDM - ok
15:27:12.0841 0868	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:27:12.0975 0868	HdAudAddService - ok
15:27:13.0028 0868	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:27:13.0146 0868	HDAudBus - ok
15:27:13.0197 0868	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:27:13.0300 0868	HidBth - ok
15:27:13.0340 0868	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:27:13.0464 0868	HidIr - ok
15:27:13.0525 0868	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:27:13.0612 0868	HidUsb - ok
15:27:13.0660 0868	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:27:13.0689 0868	HpCISSs - ok
15:27:13.0760 0868	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:27:13.0833 0868	HSFHWAZL - ok
15:27:13.0896 0868	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:27:14.0047 0868	HSF_DPV - ok
15:27:14.0102 0868	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:27:14.0240 0868	HTTP - ok
15:27:14.0315 0868	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:27:14.0345 0868	i2omp - ok
15:27:14.0393 0868	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:27:14.0470 0868	i8042prt - ok
15:27:14.0535 0868	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:27:14.0575 0868	iaStorV - ok
15:27:14.0700 0868	igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:27:15.0079 0868	igfx - ok
15:27:15.0138 0868	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:27:15.0168 0868	iirsp - ok
15:27:15.0258 0868	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:27:15.0289 0868	intelide - ok
15:27:15.0338 0868	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:27:15.0403 0868	intelppm - ok
15:27:15.0457 0868	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:15.0531 0868	IpFilterDriver - ok
15:27:15.0551 0868	IpInIp - ok
15:27:15.0589 0868	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:27:15.0656 0868	IPMIDRV - ok
15:27:15.0697 0868	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:27:15.0743 0868	IPNAT - ok
15:27:15.0789 0868	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:27:15.0872 0868	IRENUM - ok
15:27:15.0908 0868	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:27:15.0933 0868	isapnp - ok
15:27:15.0979 0868	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:27:16.0006 0868	iScsiPrt - ok
15:27:16.0036 0868	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:27:16.0066 0868	iteatapi - ok
15:27:16.0123 0868	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:27:16.0151 0868	iteraid - ok
15:27:16.0177 0868	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:27:16.0205 0868	kbdclass - ok
15:27:16.0239 0868	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
15:27:16.0290 0868	kbdhid - ok
15:27:16.0353 0868	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
15:27:16.0414 0868	KSecDD - ok
15:27:16.0454 0868	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:27:16.0536 0868	lltdio - ok
15:27:16.0597 0868	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:27:16.0628 0868	LSI_FC - ok
15:27:16.0663 0868	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:27:16.0692 0868	LSI_SAS - ok
15:27:16.0734 0868	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:27:16.0764 0868	LSI_SCSI - ok
15:27:16.0788 0868	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:27:16.0882 0868	luafv - ok
15:27:16.0999 0868	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:27:17.0022 0868	megasas - ok
15:27:17.0069 0868	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:27:17.0110 0868	MegaSR - ok
15:27:17.0176 0868	mfeapfk         (4d81c0e4ed846e9a70b881891a5598ab) C:\Windows\system32\drivers\mfeapfk.sys
15:27:17.0349 0868	mfeapfk - ok
15:27:17.0407 0868	mfeavfk         (ff75f47ec2a9ea3e780a9d08daba1276) C:\Windows\system32\drivers\mfeavfk.sys
15:27:17.0488 0868	mfeavfk - ok
15:27:17.0512 0868	mfebopk         (5a3b000fdccf826ffb74e76b0474c856) C:\Windows\system32\drivers\mfebopk.sys
15:27:17.0622 0868	mfebopk - ok
15:27:17.0676 0868	mfehidk         (8e6b4e55d3a33b92693f7081ec018c39) C:\Windows\system32\drivers\mfehidk.sys
15:27:17.0771 0868	mfehidk - ok
15:27:17.0834 0868	mferkdet        (fa097d72a439c3a387fe38a654df44c5) C:\Windows\system32\drivers\mferkdet.sys
15:27:17.0951 0868	mferkdet - ok
15:27:17.0988 0868	mfetdik         (a45d0c099a478de5cbd0d6e8466becd5) C:\Windows\system32\drivers\mfetdik.sys
15:27:18.0083 0868	mfetdik - ok
15:27:18.0134 0868	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:27:18.0193 0868	Modem - ok
15:27:18.0239 0868	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:27:18.0278 0868	monitor - ok
15:27:18.0303 0868	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:27:18.0327 0868	mouclass - ok
15:27:18.0351 0868	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:27:18.0419 0868	mouhid - ok
15:27:18.0436 0868	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:27:18.0462 0868	MountMgr - ok
15:27:18.0519 0868	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:27:18.0548 0868	mpio - ok
15:27:18.0584 0868	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:27:18.0656 0868	mpsdrv - ok
15:27:18.0697 0868	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:27:18.0723 0868	Mraid35x - ok
15:27:18.0767 0868	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:27:18.0875 0868	MRxDAV - ok
15:27:18.0935 0868	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:19.0192 0868	mrxsmb - ok
15:27:19.0236 0868	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:19.0461 0868	mrxsmb10 - ok
15:27:19.0505 0868	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:19.0679 0868	mrxsmb20 - ok
15:27:19.0729 0868	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:27:19.0756 0868	msahci - ok
15:27:19.0852 0868	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:27:19.0882 0868	msdsm - ok
15:27:19.0931 0868	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:27:20.0003 0868	Msfs - ok
15:27:20.0050 0868	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:27:20.0076 0868	msisadrv - ok
15:27:20.0120 0868	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:27:20.0182 0868	MSKSSRV - ok
15:27:20.0216 0868	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:20.0276 0868	MSPCLOCK - ok
15:27:20.0331 0868	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:27:20.0376 0868	MSPQM - ok
15:27:20.0415 0868	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:27:20.0446 0868	MsRPC - ok
15:27:20.0473 0868	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:27:20.0497 0868	mssmbios - ok
15:27:20.0533 0868	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:27:20.0599 0868	MSTEE - ok
15:27:20.0639 0868	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:27:20.0667 0868	Mup - ok
15:27:20.0730 0868	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:27:20.0796 0868	NativeWifiP - ok
15:27:20.0883 0868	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:27:20.0920 0868	NDIS - ok
15:27:20.0976 0868	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:27:21.0046 0868	NdisTapi - ok
15:27:21.0086 0868	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:27:21.0140 0868	Ndisuio - ok
15:27:21.0184 0868	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:27:21.0256 0868	NdisWan - ok
15:27:21.0287 0868	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:27:21.0324 0868	NDProxy - ok
15:27:21.0351 0868	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:27:21.0427 0868	NetBIOS - ok
15:27:21.0482 0868	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:27:21.0555 0868	netbt - ok
15:27:21.0608 0868	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:27:21.0641 0868	nfrd960 - ok
15:27:21.0697 0868	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:27:21.0769 0868	Npfs - ok
15:27:21.0824 0868	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:27:21.0899 0868	nsiproxy - ok
15:27:21.0987 0868	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:27:22.0128 0868	Ntfs - ok
15:27:22.0158 0868	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:27:22.0226 0868	ntrigdigi - ok
15:27:22.0255 0868	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:27:22.0328 0868	Null - ok
15:27:22.0373 0868	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:27:22.0402 0868	nvraid - ok
15:27:22.0432 0868	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:27:22.0458 0868	nvstor - ok
15:27:22.0488 0868	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:27:22.0517 0868	nv_agp - ok
15:27:22.0531 0868	NwlnkFlt - ok
15:27:22.0550 0868	NwlnkFwd - ok
15:27:22.0621 0868	OEM02Dev        (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
15:27:22.0787 0868	OEM02Dev - ok
15:27:22.0839 0868	OEM02Vfx        (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
15:27:22.0967 0868	OEM02Vfx - ok
15:27:23.0023 0868	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:27:23.0087 0868	ohci1394 - ok
15:27:23.0158 0868	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:27:23.0253 0868	Parport - ok
15:27:23.0289 0868	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:27:23.0317 0868	partmgr - ok
15:27:23.0351 0868	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:27:23.0427 0868	Parvdm - ok
15:27:23.0471 0868	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:27:23.0504 0868	pci - ok
15:27:23.0531 0868	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:27:23.0555 0868	pciide - ok
15:27:23.0590 0868	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:27:23.0620 0868	pcmcia - ok
15:27:23.0678 0868	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:27:23.0797 0868	PEAUTH - ok
15:27:23.0881 0868	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:27:23.0955 0868	PptpMiniport - ok
15:27:23.0996 0868	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:27:24.0044 0868	Processor - ok
15:27:24.0117 0868	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:27:24.0189 0868	PSched - ok
15:27:24.0278 0868	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:27:24.0413 0868	ql2300 - ok
15:27:24.0451 0868	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:27:24.0478 0868	ql40xx - ok
15:27:24.0520 0868	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:27:24.0612 0868	QWAVEdrv - ok
15:27:24.0649 0868	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:27:24.0738 0868	RasAcd - ok
15:27:24.0782 0868	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:24.0868 0868	Rasl2tp - ok
15:27:24.0923 0868	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:24.0982 0868	RasPppoe - ok
15:27:25.0035 0868	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:27:25.0070 0868	RasSstp - ok
15:27:25.0112 0868	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:27:25.0179 0868	rdbss - ok
15:27:25.0195 0868	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:25.0251 0868	RDPCDD - ok
15:27:25.0292 0868	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:27:25.0342 0868	rdpdr - ok
15:27:25.0363 0868	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:27:25.0411 0868	RDPENCDD - ok
15:27:25.0445 0868	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:27:25.0485 0868	RDPWD - ok
15:27:25.0547 0868	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:27:25.0802 0868	rismxdp - ok
15:27:25.0850 0868	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:27:25.0901 0868	rspndr - ok
15:27:25.0983 0868	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:27:26.0069 0868	SASDIFSV - ok
15:27:26.0110 0868	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:27:26.0183 0868	SASKUTIL - ok
15:27:26.0211 0868	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:27:26.0240 0868	sbp2port - ok
15:27:26.0306 0868	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:27:26.0350 0868	sdbus - ok
15:27:26.0378 0868	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:27:26.0467 0868	secdrv - ok
15:27:26.0513 0868	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:27:26.0619 0868	Serenum - ok
15:27:26.0793 0868	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:27:27.0000 0868	Serial - ok
15:27:27.0053 0868	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:27:27.0136 0868	sermouse - ok
15:27:27.0197 0868	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:27:27.0238 0868	sffdisk - ok
15:27:27.0273 0868	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:27:27.0342 0868	sffp_mmc - ok
15:27:27.0396 0868	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:27:27.0461 0868	sffp_sd - ok
15:27:27.0510 0868	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:27:27.0604 0868	sfloppy - ok
15:27:27.0655 0868	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:27:27.0681 0868	sisagp - ok
15:27:27.0779 0868	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:27:27.0865 0868	SiSRaid2 - ok
15:27:27.0894 0868	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:27:27.0924 0868	SiSRaid4 - ok
15:27:27.0986 0868	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:27:28.0047 0868	Smb - ok
15:27:28.0105 0868	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:27:28.0134 0868	spldr - ok
15:27:28.0192 0868	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:27:28.0501 0868	srv - ok
15:27:28.0562 0868	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:27:28.0860 0868	srv2 - ok
15:27:28.0914 0868	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:27:29.0055 0868	srvnet - ok
15:27:29.0146 0868	STHDA           (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
15:27:29.0447 0868	STHDA - ok
15:27:29.0509 0868	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:27:29.0538 0868	swenum - ok
15:27:29.0583 0868	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:27:29.0609 0868	Symc8xx - ok
15:27:29.0645 0868	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:27:29.0671 0868	Sym_hi - ok
15:27:29.0698 0868	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:27:29.0726 0868	Sym_u3 - ok
15:27:29.0829 0868	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:27:30.0096 0868	Tcpip - ok
15:27:30.0227 0868	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:27:30.0276 0868	Tcpip6 - ok
15:27:30.0321 0868	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:27:30.0401 0868	tcpipreg - ok
15:27:30.0430 0868	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:27:30.0500 0868	TDPIPE - ok
15:27:30.0544 0868	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:27:30.0596 0868	TDTCP - ok
15:27:30.0638 0868	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:27:30.0708 0868	tdx - ok
15:27:30.0762 0868	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:27:30.0798 0868	TermDD - ok
15:27:30.0891 0868	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:30.0938 0868	tssecsrv - ok
15:27:30.0978 0868	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:27:31.0075 0868	tunmp - ok
15:27:31.0121 0868	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:27:31.0189 0868	tunnel - ok
15:27:31.0235 0868	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:27:31.0265 0868	uagp35 - ok
15:27:31.0311 0868	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:27:31.0360 0868	udfs - ok
15:27:31.0400 0868	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:27:31.0427 0868	uliagpkx - ok
15:27:31.0472 0868	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:27:31.0513 0868	uliahci - ok
15:27:31.0546 0868	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:27:31.0578 0868	UlSata - ok
15:27:31.0620 0868	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:27:31.0652 0868	ulsata2 - ok
15:27:31.0733 0868	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:27:31.0785 0868	umbus - ok
15:27:31.0904 0868	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
15:27:32.0137 0868	USBAAPL - ok
15:27:32.0263 0868	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:32.0346 0868	usbccgp - ok
15:27:32.0426 0868	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:27:32.0512 0868	usbcir - ok
15:27:32.0586 0868	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:27:32.0663 0868	usbehci - ok
15:27:32.0724 0868	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:27:32.0775 0868	usbhub - ok
15:27:32.0877 0868	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:27:32.0971 0868	usbohci - ok
15:27:33.0026 0868	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:27:33.0096 0868	usbprint - ok
15:27:33.0175 0868	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:27:33.0257 0868	usbscan - ok
15:27:33.0336 0868	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:33.0415 0868	USBSTOR - ok
15:27:33.0484 0868	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:27:33.0567 0868	usbuhci - ok
15:27:33.0663 0868	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:27:33.0742 0868	usbvideo - ok
15:27:33.0806 0868	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:33.0894 0868	vga - ok
15:27:33.0929 0868	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:27:34.0013 0868	VgaSave - ok
15:27:34.0056 0868	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:27:34.0099 0868	viaagp - ok
15:27:34.0135 0868	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:27:34.0178 0868	ViaC7 - ok
15:27:34.0213 0868	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:27:34.0238 0868	viaide - ok
15:27:34.0266 0868	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:27:34.0297 0868	volmgr - ok
15:27:34.0352 0868	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:27:34.0390 0868	volmgrx - ok
15:27:34.0438 0868	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:27:34.0475 0868	volsnap - ok
15:27:34.0508 0868	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:27:34.0539 0868	vsmraid - ok
15:27:34.0593 0868	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:27:34.0695 0868	WacomPen - ok
15:27:34.0742 0868	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:34.0818 0868	Wanarp - ok
15:27:34.0846 0868	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:34.0887 0868	Wanarpv6 - ok
15:27:34.0946 0868	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:27:34.0972 0868	Wd - ok
15:27:35.0029 0868	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:27:35.0090 0868	Wdf01000 - ok
15:27:35.0198 0868	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:27:35.0517 0868	winachsf - ok
15:27:35.0618 0868	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:27:35.0687 0868	WmiAcpi - ok
15:27:35.0834 0868	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:27:35.0932 0868	WpdUsb - ok
15:27:35.0964 0868	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:27:36.0041 0868	ws2ifsl - ok
15:27:36.0121 0868	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:36.0208 0868	WUDFRd - ok
15:27:36.0286 0868	yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
15:27:36.0396 0868	yukonwlh - ok
15:27:36.0426 0868	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:27:36.0611 0868	\Device\Harddisk0\DR0 - ok
15:27:36.0649 0868	Boot (0x1200)   (c838676538b28d41be14652426eabec2) \Device\Harddisk0\DR0\Partition0
15:27:36.0651 0868	\Device\Harddisk0\DR0\Partition0 - ok
15:27:36.0657 0868	Boot (0x1200)   (4c6c772ccd7df42fec767006d112b6c2) \Device\Harddisk0\DR0\Partition1
15:27:36.0660 0868	\Device\Harddisk0\DR0\Partition1 - ok
15:27:36.0663 0868	============================================================
15:27:36.0663 0868	Scan finished
15:27:36.0663 0868	============================================================
15:27:36.0692 2364	Detected object count: 0
15:27:36.0692 2364	Actual detected object count: 0
         

Combofix hab ich auf deine Anweisung hin ausgeführt. Da war schonmal was im Mai letzten Jahres...

Gruß,
Antonia

Alt 14.01.2012, 16:11   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Zitat:
Combofix hab ich auf deine Anweisung hin ausgeführt. Da war schonmal was im Mai letzten Jahres...
Ja das hab uch dann auch gemerkt und schnell meinen Beitrag editiert.

Dann bitte jetzt CF ausführen, combofix.exe natürlich neu runterladen

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2012, 16:40   #9
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hey,
hier das ComboFix-Log:

Code:
ATTFilter
ComboFix 12-01-13.05 - Antonia 14.01.2012  16:24:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1163 [GMT 1:00]
ausgeführt von:: c:\users\Antonia\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\McAfee_8.7i_20091202.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-14 bis 2012-01-14  ))))))))))))))))))))))))))))))
.
.
2012-01-14 15:32 . 2012-01-14 15:32	--------	d-----w-	c:\users\Antonia\AppData\Local\temp
2012-01-14 15:32 . 2012-01-14 15:32	--------	d-----w-	c:\users\Test\AppData\Local\temp
2012-01-14 15:32 . 2012-01-14 15:32	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-01-14 15:32 . 2012-01-14 15:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-14 14:21 . 2012-01-14 14:21	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B9F189F-355D-468D-9E8E-AC57D6448BBB}\offreg.dll
2012-01-13 19:58 . 2012-01-13 19:58	--------	d-----w-	c:\program files\ESET
2012-01-13 12:13 . 2011-11-30 01:21	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B9F189F-355D-468D-9E8E-AC57D6448BBB}\mpengine.dll
2012-01-12 22:57 . 2012-01-12 22:57	--------	d-----w-	c:\users\Test\AppData\Roaming\Apple Computer
2012-01-11 09:27 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 09:27 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 09:27 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 09:27 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 09:27 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 09:27 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 09:27 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-09 15:40 . 2012-01-09 15:40	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-09 15:40 . 2012-01-09 15:40	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 15:40 . 2012-01-09 15:40	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 15:40 . 2012-01-09 15:40	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2011-12-16 15:43 . 2011-12-16 15:43	--------	d-----w-	c:\windows\CheckSur
2011-12-16 13:26 . 2011-12-16 13:26	--------	d-----w-	c:\program files\iPod
2011-12-16 13:26 . 2011-12-16 13:28	--------	d-----w-	c:\program files\iTunes
2011-12-16 11:04 . 2011-10-14 16:02	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-12-16 11:04 . 2011-10-25 15:56	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-16 10:59 . 2011-11-23 13:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-12-16 10:59 . 2011-10-27 08:01	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-16 10:59 . 2011-10-27 08:01	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 11:03 . 2011-10-07 06:54	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2011-11-13 14:58	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-15 13:29 . 2010-05-29 19:53	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-05-10 20:58 . 2011-05-10 20:57	16537376	----a-w-	c:\program files\jre-6u25-windows-i586.exe
2010-05-30 13:52 . 2010-05-30 13:52	28534656	----a-w-	c:\program files\AdbeRdr930_de_DE.exe
2010-05-30 13:46 . 2010-05-30 04:14	8188856	----a-w-	c:\program files\Firefox Setup 3.6.3.exe
2012-01-09 15:40 . 2011-05-10 20:52	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-22 18:07 . 2010-05-30 14:07	23864	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Antonia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Antonia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Antonia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Antonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Antonia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Antonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-10-25 11:31	167936	----a-w-	c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-12-08 12:34	3444736	----a-w-	c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 14:43	118784	------w-	c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13	166424	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-12-24 16:50	981680	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2009-08-25 14:00	136512	----a-w-	c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-05-20 10:53	184320	------w-	c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13	133656	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2009-10-22 18:07	124240	----a-w-	c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2008-02-15 16:23	405504	----a-w-	c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12	253672	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42	2424192	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 13141427
*Deregistered* - 13141427
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 13:01]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-30 13:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Antonia\AppData\Roaming\Mozilla\Firefox\Profiles\n1uqdehm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-14 16:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-01-14  16:36:29
ComboFix-quarantined-files.txt  2012-01-14 15:36
ComboFix2.txt  2011-05-02 20:51
.
Vor Suchlauf: 15 Verzeichnis(se), 55.526.682.624 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 55.903.522.816 Bytes frei
.
- - End Of File - - 4CA07A5CF2C7ED61B6444EF35EABF4E1
         

Gruß,
Antonia

Alt 14.01.2012, 17:22   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Zitat:
McAfee VirusScan Enterprise
Wieso hast du ein McAfee Enterprise drauf? Das Teil kenn ich nur in Firmenumgebungen aber nicht auf Heimcomputer mit einem Windows Home!
Wo hast du das her?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2012, 17:24   #11
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hab ich damals von der Uni bekommen...

Alt 14.01.2012, 17:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.01.2012, 18:26   #13
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



So. Hier erstmal GMER. OSAM mach ich jetzt.

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-14 18:25:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVT-75ZCT1 rev.11.01A11
Running: 90tl2x3e.exe; Driver: C:\Users\Antonia\AppData\Local\Temp\fxldqpow.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwCreateFile [0x87F8968A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwCreateProcess [0x87F895E8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwCreateProcessEx [0x87F895FC]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwMapViewOfSection [0x87F896C8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwNotifyChangeKey [0x87F8964E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwProtectVirtualMemory [0x87F8969E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwReplaceKey [0x87F89676]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwRestoreKey [0x87F89662]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwSetContextThread [0x87F8963A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwSetInformationProcess [0x87F89626]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwTerminateProcess [0x87F896F7]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwUnmapViewOfSection [0x87F896DE]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwYieldExecution [0x87F896B4]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwCreateUserProcess [0x87F89612]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                           81E5F982 5 Bytes  JMP 87F896B8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwNotifyChangeKey                                                                          81FF3609 5 Bytes  JMP 87F89652 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateUserProcess                                                                        81FFDC11 5 Bytes  JMP 87F89616 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                         82025143 5 Bytes  JMP 87F896FB \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                         8204489A 7 Bytes  JMP 87F896CC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwUnmapViewOfSection                                                                       82044B5D 5 Bytes  JMP 87F896E2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtSetInformationProcess                                                                    820488C8 5 Bytes  JMP 87F8962A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwProtectVirtualMemory                                                                     8204E2DD 7 Bytes  JMP 87F896A2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtCreateFile                                                                               8207633B 5 Bytes  JMP 87F8968E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwRestoreKey                                                                               82086DB2 5 Bytes  JMP 87F89666 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwReplaceKey                                                                               82087FB6 5 Bytes  JMP 87F8967A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcess                                                                            820C5D7F 5 Bytes  JMP 87F895EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                          820C5DCA 7 Bytes  JMP 87F89600 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwSetContextThread                                                                         820C6883 5 Bytes  JMP 87F8963E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                              Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Antonia\AppData\Local\Temp\catchme.sys                                                         Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!GetStartupInfoW         77111929 5 Bytes  JMP 0095006E 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!GetStartupInfoA         771119C9 5 Bytes  JMP 0095005D 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateProcessW          77111BF3 5 Bytes  JMP 00950093 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateProcessA          77111C28 5 Bytes  JMP 00950F06 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!VirtualProtect          77111DC3 5 Bytes  JMP 00950F3C 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateNamedPipeA        77112EF5 5 Bytes  JMP 00950FB9 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateNamedPipeW        77115C0C 5 Bytes  JMP 0095000A 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreatePipe              77138F06 5 Bytes  JMP 00950042 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryExW          7713927C 5 Bytes  JMP 00950F4D 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryW            77139400 5 Bytes  JMP 00950F79 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryExA          77139554 5 Bytes  JMP 00950F68 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!LoadLibraryA            7713957C 5 Bytes  JMP 00950F9E 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!VirtualProtectEx        7713DC52 5 Bytes  JMP 00950031 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!GetProcAddress          7715925B 5 Bytes  JMP 009500A4 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateFileW             7715B0EB 5 Bytes  JMP 00950FCA 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!CreateFileA             7715D07F 5 Bytes  JMP 00950FEF 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] kernel32.dll!WinExec                 771A60CF 5 Bytes  JMP 00950F17 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_wsystem                  77067F2F 5 Bytes  JMP 00940025 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!system                    7706804B 5 Bytes  JMP 00940F90 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_creat                    7706BBE1 5 Bytes  JMP 00940FC6 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_open                     7706D106 5 Bytes  JMP 00940000 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_wcreat                   7706D326 5 Bytes  JMP 00940FAB 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] msvcrt.dll!_wopen                    7706D501 5 Bytes  JMP 00940FD7 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyExA         75EC39AB 5 Bytes  JMP 003E004D 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyA           75EC3BA9 5 Bytes  JMP 003E0FB2 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyA             75EC89C7 5 Bytes  JMP 003E0FEF 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyW           75ED391E 5 Bytes  JMP 003E0FA1 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegCreateKeyExW         75ED41F1 5 Bytes  JMP 003E005E 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyExA           75ED7C42 5 Bytes  JMP 003E0FC3 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyW             75EDE2B5 5 Bytes  JMP 003E0FDE 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] ADVAPI32.dll!RegOpenKeyExW           75EE7BA1 5 Bytes  JMP 003E001E 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[504] WS2_32.dll!socket                    761036D1 5 Bytes  JMP 003F0000 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 00150F15 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 00150F30 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 00150EE9 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 00150EFA 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 00150F66 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 00150FCA 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 0015001B 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 00150F4B 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 00150F77 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 00150FA5 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 00150F94 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 00150036 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 0015005B 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 0015009B 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 00150FE5 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 00150000 
.text           C:\Windows\system32\services.exe[628] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 00150076 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 000E0F94 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 000E0036 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 000E000A 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 000E0FA5 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 000E005B 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 000E0FE5 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 000E001B 
.text           C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 000E0FCA 
.text           C:\Windows\system32\services.exe[628] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 00140FAF 
.text           C:\Windows\system32\services.exe[628] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 00140044 
.text           C:\Windows\system32\services.exe[628] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 00140018 
.text           C:\Windows\system32\services.exe[628] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 00140FEF 
.text           C:\Windows\system32\services.exe[628] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 00140033 
.text           C:\Windows\system32\services.exe[628] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 00140FDE 
.text           C:\Windows\system32\services.exe[628] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 000F0FE5 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoW                                         77111929 5 Bytes  JMP 00D30F01 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!GetStartupInfoA                                         771119C9 5 Bytes  JMP 00D30F1C 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessW                                          77111BF3 5 Bytes  JMP 00D30EDC 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateProcessA                                          77111C28 5 Bytes  JMP 00D30073 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtect                                          77111DC3 5 Bytes  JMP 00D30047 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeA                                        77112EF5 5 Bytes  JMP 00D30FC0 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateNamedPipeW                                        77115C0C 5 Bytes  JMP 00D30011 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!CreatePipe                                              77138F06 5 Bytes  JMP 00D30F37 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExW                                          7713927C 5 Bytes  JMP 00D30F6D 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryW                                            77139400 5 Bytes  JMP 00D30FA5 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryExA                                          77139554 5 Bytes  JMP 00D30F8A 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!LoadLibraryA                                            7713957C 5 Bytes  JMP 00D3002C 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!VirtualProtectEx                                        7713DC52 5 Bytes  JMP 00D30F52 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!GetProcAddress                                          7715925B 5 Bytes  JMP 00D30EB7 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileW                                             7715B0EB 5 Bytes  JMP 00D30FDB 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!CreateFileA                                             7715D07F 5 Bytes  JMP 00D30000 
.text           C:\Windows\system32\lsass.exe[644] kernel32.dll!WinExec                                                 771A60CF 5 Bytes  JMP 00D30062 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExA                                         75EC39AB 5 Bytes  JMP 0010005B 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyA                                           75EC3BA9 5 Bytes  JMP 00100036 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyA                                             75EC89C7 5 Bytes  JMP 00100000 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyW                                           75ED391E 5 Bytes  JMP 00100FB9 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegCreateKeyExW                                         75ED41F1 5 Bytes  JMP 00100076 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExA                                           75ED7C42 5 Bytes  JMP 00100FD4 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyW                                             75EDE2B5 5 Bytes  JMP 00100FE5 
.text           C:\Windows\system32\lsass.exe[644] ADVAPI32.dll!RegOpenKeyExW                                           75EE7BA1 5 Bytes  JMP 00100025 
.text           C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wsystem                                                  77067F2F 5 Bytes  JMP 0012005D 
.text           C:\Windows\system32\lsass.exe[644] msvcrt.dll!system                                                    7706804B 5 Bytes  JMP 00120038 
.text           C:\Windows\system32\lsass.exe[644] msvcrt.dll!_creat                                                    7706BBE1 5 Bytes  JMP 0012000C 
.text           C:\Windows\system32\lsass.exe[644] msvcrt.dll!_open                                                     7706D106 5 Bytes  JMP 00120FEF 
.text           C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wcreat                                                   7706D326 5 Bytes  JMP 0012001D 
.text           C:\Windows\system32\lsass.exe[644] msvcrt.dll!_wopen                                                    7706D501 5 Bytes  JMP 00120FD2 
.text           C:\Windows\system32\lsass.exe[644] WS2_32.dll!socket                                                    761036D1 5 Bytes  JMP 00110000 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoW                                       77111929 5 Bytes  JMP 008A0082 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoA                                       771119C9 5 Bytes  JMP 008A0F3C 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW                                        77111BF3 5 Bytes  JMP 008A0EF5 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA                                        77111C28 5 Bytes  JMP 008A0F06 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtect                                        77111DC3 5 Bytes  JMP 008A0F72 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeA                                      77112EF5 5 Bytes  JMP 008A0FD4 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeW                                      77115C0C 5 Bytes  JMP 008A0025 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!CreatePipe                                            77138F06 5 Bytes  JMP 008A0071 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW                                        7713927C 5 Bytes  JMP 008A0F83 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryW                                          77139400 5 Bytes  JMP 008A0FAF 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExA                                        77139554 5 Bytes  JMP 008A0F94 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryA                                          7713957C 5 Bytes  JMP 008A0036 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtectEx                                      7713DC52 5 Bytes  JMP 008A0F61 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!GetProcAddress                                        7715925B 5 Bytes  JMP 008A009D 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileW                                           7715B0EB 5 Bytes  JMP 008A0FE5 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileA                                           7715D07F 5 Bytes  JMP 008A0000 
.text           C:\Windows\system32\svchost.exe[856] kernel32.dll!WinExec                                               771A60CF 5 Bytes  JMP 008A0F21 
.text           C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wsystem                                                77067F2F 5 Bytes  JMP 00890F9C 
.text           C:\Windows\system32\svchost.exe[856] msvcrt.dll!system                                                  7706804B 5 Bytes  JMP 00890FAD 
.text           C:\Windows\system32\svchost.exe[856] msvcrt.dll!_creat                                                  7706BBE1 5 Bytes  JMP 00890FE3 
.text           C:\Windows\system32\svchost.exe[856] msvcrt.dll!_open                                                   7706D106 5 Bytes  JMP 00890000 
.text           C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wcreat                                                 7706D326 5 Bytes  JMP 00890FBE 
.text           C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wopen                                                  7706D501 5 Bytes  JMP 00890011 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExA                                       75EC39AB 5 Bytes  JMP 00830051 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyA                                         75EC3BA9 5 Bytes  JMP 00830FB6 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA                                           75EC89C7 5 Bytes  JMP 00830FE5 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyW                                         75ED391E 5 Bytes  JMP 00830FA5 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExW                                       75ED41F1 5 Bytes  JMP 00830062 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExA                                         75ED7C42 5 Bytes  JMP 0083001B 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyW                                           75EDE2B5 5 Bytes  JMP 0083000A 
.text           C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExW                                         75EE7BA1 5 Bytes  JMP 0083002C 
.text           C:\Windows\system32\svchost.exe[856] WS2_32.dll!socket                                                  761036D1 5 Bytes  JMP 00880000 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW                                       77111929 5 Bytes  JMP 001B0089 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA                                       771119C9 5 Bytes  JMP 001B0F4D 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessW                                        77111BF3 5 Bytes  JMP 001B00D0 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA                                        77111C28 5 Bytes  JMP 001B00B5 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect                                        77111DC3 5 Bytes  JMP 001B0F79 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA                                      77112EF5 5 Bytes  JMP 001B001B 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW                                      77115C0C 5 Bytes  JMP 001B0FCA 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreatePipe                                            77138F06 5 Bytes  JMP 001B0078 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW                                        7713927C 5 Bytes  JMP 001B0053 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW                                          77139400 5 Bytes  JMP 001B0F9E 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA                                        77139554 5 Bytes  JMP 001B0036 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA                                          7713957C 5 Bytes  JMP 001B0FAF 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx                                      7713DC52 5 Bytes  JMP 001B0F5E 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress                                        7715925B 5 Bytes  JMP 001B0F14 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW                                           7715B0EB 1 Byte  [E9]
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW                                           7715B0EB 5 Bytes  JMP 001B0FEF 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileA                                           7715D07F 5 Bytes  JMP 001B000A 
.text           C:\Windows\system32\svchost.exe[920] kernel32.dll!WinExec                                               771A60CF 5 Bytes  JMP 001B00A4 
.text           C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wsystem                                                77067F2F 5 Bytes  JMP 001A0036 
.text           C:\Windows\system32\svchost.exe[920] msvcrt.dll!system                                                  7706804B 5 Bytes  JMP 001A0FAB 
.text           C:\Windows\system32\svchost.exe[920] msvcrt.dll!_creat                                                  7706BBE1 5 Bytes  JMP 001A001B 
.text           C:\Windows\system32\svchost.exe[920] msvcrt.dll!_open                                                   7706D106 5 Bytes  JMP 001A0000 
.text           C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wcreat                                                 7706D326 5 Bytes  JMP 001A0FC6 
.text           C:\Windows\system32\svchost.exe[920] msvcrt.dll!_wopen                                                  7706D501 5 Bytes  JMP 001A0FD7 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA                                       75EC39AB 5 Bytes  JMP 000F0051 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA                                         75EC3BA9 5 Bytes  JMP 000F0FC0 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA                                           75EC89C7 5 Bytes  JMP 000F0000 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW                                         75ED391E 5 Bytes  JMP 000F0FAF 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW                                       75ED41F1 5 Bytes  JMP 000F0F8A 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA                                         75ED7C42 5 Bytes  JMP 000F001B 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW                                           75EDE2B5 5 Bytes  JMP 000F0FE5 
.text           C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW                                         75EE7BA1 5 Bytes  JMP 000F002C 
.text           C:\Windows\system32\svchost.exe[920] WS2_32.dll!socket                                                  761036D1 5 Bytes  JMP 00190FEF 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoW                                       77111929 5 Bytes  JMP 002100A2 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoA                                       771119C9 5 Bytes  JMP 00210091 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessW                                        77111BF3 5 Bytes  JMP 002100C4 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessA                                        77111C28 5 Bytes  JMP 002100B3 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtect                                        77111DC3 5 Bytes  JMP 00210F81 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeA                                      77112EF5 5 Bytes  JMP 00210FDB 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeW                                      77115C0C 5 Bytes  JMP 00210FCA 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!CreatePipe                                            77138F06 5 Bytes  JMP 00210F66 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExW                                        7713927C 5 Bytes  JMP 0021005B 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryW                                          77139400 5 Bytes  JMP 00210FA8 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExA                                        77139554 5 Bytes  JMP 00210040 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryA                                          7713957C 5 Bytes  JMP 00210FB9 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtectEx                                      7713DC52 5 Bytes  JMP 00210080 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!GetProcAddress                                        7715925B 5 Bytes  JMP 00210F12 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileW                                           7715B0EB 5 Bytes  JMP 0021001B 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileA                                           7715D07F 5 Bytes  JMP 0021000A 
.text           C:\Windows\System32\svchost.exe[956] kernel32.dll!WinExec                                               771A60CF 5 Bytes  JMP 00210F37 
.text           C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wsystem                                                77067F2F 5 Bytes  JMP 00200FC3 
.text           C:\Windows\System32\svchost.exe[956] msvcrt.dll!system                                                  7706804B 5 Bytes  JMP 0020004E 
.text           C:\Windows\System32\svchost.exe[956] msvcrt.dll!_creat                                                  7706BBE1 5 Bytes  JMP 00200FDE 
.text           C:\Windows\System32\svchost.exe[956] msvcrt.dll!_open                                                   7706D106 5 Bytes  JMP 0020000C 
.text           C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wcreat                                                 7706D326 5 Bytes  JMP 00200033 
.text           C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wopen                                                  7706D501 5 Bytes  JMP 00200FEF 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA                                       75EC39AB 5 Bytes  JMP 0016004A 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA                                         75EC3BA9 5 Bytes  JMP 00160FB2 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA                                           75EC89C7 5 Bytes  JMP 00160FE5 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW                                         75ED391E 5 Bytes  JMP 00160039 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW                                       75ED41F1 5 Bytes  JMP 0016005B 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA                                         75ED7C42 5 Bytes  JMP 00160014 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW                                           75EDE2B5 5 Bytes  JMP 00160FD4 
.text           C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW                                         75EE7BA1 5 Bytes  JMP 00160FC3 
.text           C:\Windows\System32\svchost.exe[956] WS2_32.dll!socket                                                  761036D1 5 Bytes  JMP 001B0000 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 001C0F29 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 001C0F3A 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 001C0080 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 001C0EF3 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 001C004A 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 001C0FC3 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 001C0FB2 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 001C0F4B 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 001C0039 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 001C0028 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 001C0F86 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 001C0F97 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 001C0065 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 001C009B 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 001C0FD4 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 001C0FEF 
.text           C:\Windows\System32\svchost.exe[1044] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 001C0F04 
.text           C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 00170053 
.text           C:\Windows\System32\svchost.exe[1044] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 00170038 
.text           C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 0017000C 
.text           C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 00170FE3 
.text           C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 00170027 
.text           C:\Windows\System32\svchost.exe[1044] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 00170FD2 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 00150073 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 00150047 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 00150000 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 00150062 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 0015008E 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 0015002C 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 00150011 
.text           C:\Windows\System32\svchost.exe[1044] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 00150FD1 
.text           C:\Windows\System32\svchost.exe[1044] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 00160FEF 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 011500B1 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 01150F6B 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 01150F35 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 011500CC 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 01150067 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 01150FE5 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 01150FD4 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 0115008C 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 01150F8D 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 01150FA8 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 0115004A 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 01150FB9 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 01150F7C 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 011500E7 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 01150011 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 01150000 
.text           C:\Windows\System32\svchost.exe[1076] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 01150F50 
.text           C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 01030F86 
.text           C:\Windows\System32\svchost.exe[1076] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 01030011 
.text           C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 01030FAB 
.text           C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 01030FEF 
.text           C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 01030000 
.text           C:\Windows\System32\svchost.exe[1076] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 01030FC6 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 01010054 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 01010028 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 01010FE5 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 01010039 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 01010065 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 01010FC3 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 01010FD4 
.text           C:\Windows\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 01010FB2 
.text           C:\Windows\System32\svchost.exe[1076] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 01020FEF 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 013F0F18 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 013F0F29 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 013F0083 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 013F0EEC 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 013F0F66 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 013F0FD4 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 013F0FC3 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 013F0F3A 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 013F0F8D 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 013F0FA8 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 013F004A 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 013F002F 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 013F0F55 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 013F0ED1 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 013F000A 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 013F0FEF 
.text           C:\Windows\system32\svchost.exe[1096] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 013F0F07 
.text           C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 013E0FA3 
.text           C:\Windows\system32\svchost.exe[1096] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 013E002E 
.text           C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 013E001D 
.text           C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 013E0FEF 
.text           C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 013E0FBE 
.text           C:\Windows\system32\svchost.exe[1096] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 013E0000 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 00DF0040 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 00DF0FA8 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 00DF0FE5 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 00DF0025 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 00DF0051 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 00DF0000 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 00DF0FCA 
.text           C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 00DF0FB9 
.text           C:\Windows\system32\svchost.exe[1096] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 01310000 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 00240F43 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 00240089 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 00240F1E 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 002400B5 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 00240F94 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 0024002C 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 0024003D 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 00240F68 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 00240FA5 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 00240FD1 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 00240FB6 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 0024004E 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 00240F79 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 002400C6 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 0024001B 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 0024000A 
.text           C:\Windows\system32\svchost.exe[1240] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 0024009A 
.text           C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 001E0047 
.text           C:\Windows\system32\svchost.exe[1240] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 001E0FBC 
.text           C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 001E0FDE 
.text           C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 001E0FEF 
.text           C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 001E0FCD 
.text           C:\Windows\system32\svchost.exe[1240] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 001E0018 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 000B0F9B 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 000B002C 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 000B0000 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 000B003D 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 000B0F8A 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 000B0FC0 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 000B0FDB 
.text           C:\Windows\system32\svchost.exe[1240] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 000B0011 
.text           C:\Windows\system32\svchost.exe[1240] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 001D0000 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 0141007D 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 01410F37 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 014100BA 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 014100A9 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 01410F63 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 0141000A 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 01410FAF 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 01410F52 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 01410047 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 01410036 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 01410F94 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 0141001B 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 01410058 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 01410F08 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 01410FD4 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 01410FEF 
.text           C:\Windows\system32\svchost.exe[1312] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 0141008E 
.text           C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 01400FB2 
.text           C:\Windows\system32\svchost.exe[1312] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 01400FCD 
.text           C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 01400022 
.text           C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 01400000 
.text           C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 0140003D 
.text           C:\Windows\system32\svchost.exe[1312] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 01400011 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 00DE0FB9 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 00DE0FE5 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 00DE0000 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 00DE0FD4 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 00DE0076 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 00DE0036 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 00DE0025 
.text           C:\Windows\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 00DE0047 
.text           C:\Windows\system32\svchost.exe[1312] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 00DF0FEF 
.text           C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenA                                         75DDD6A8 5 Bytes  JMP 00160000 
.text           C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenW                                         75DDDB21 5 Bytes  JMP 00160FE5 
.text           C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenUrlA                                      75DDF3BC 5 Bytes  JMP 00160011 
.text           C:\Windows\system32\svchost.exe[1312] WinInet.dll!InternetOpenUrlW                                      75E26DFF 5 Bytes  JMP 00160FC0 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 02250F7B 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 022500C1 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 02250F4F 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 022500DC 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 02250095 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 0225002C 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 02250FDB 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 02250F96 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 0225007A 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 02250058 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 02250069 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 02250047 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 022500A6 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 02250F34 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 0225001B 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 02250000 
.text           C:\Windows\system32\svchost.exe[1452] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 02250F6A 
.text           C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 02240F88 
.text           C:\Windows\system32\svchost.exe[1452] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 02240FA3 
.text           C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 02240FC8 
.text           C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 02240000 
.text           C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 0224001D 
.text           C:\Windows\system32\svchost.exe[1452] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 02240FE3 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 02220F91 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 02220033 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 02220000 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 02220FAC 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 0222004E 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 02220011 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 02220FDB 
.text           C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 02220022 
.text           C:\Windows\system32\svchost.exe[1452] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 02230000 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 00010087 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 0001006C 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 000100C7 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 000100AC 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 00010F66 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 00010025 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 00010FD4 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 00010F41 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 00010F83 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 00010040 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 00010F9E 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 00010FB9 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 00010051 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 00010F15 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 0001000A 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 00010FEF 
.text           C:\Windows\system32\svchost.exe[1684] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 00010F26 
.text           C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 00050F9A 
.text           C:\Windows\system32\svchost.exe[1684] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 0005001B 
.text           C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 00050FBC 
.text           C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 00050000 
.text           C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 00050FAB 
.text           C:\Windows\system32\svchost.exe[1684] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 00050FD7 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 00060054 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 00060FA8 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 00060FEF 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 00060039 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 00060065 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 00060014 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 00060FD4 
.text           C:\Windows\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 00060FC3 
.text           C:\Windows\system32\svchost.exe[1684] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 00080FEF 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 01720F7C 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 017200C2 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 01720F49 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 01720F5A 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 01720082 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 01720014 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 01720FC3 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 01720F97 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 01720071 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 01720043 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 01720054 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 01720FB2 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 017200A7 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 01720F2E 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 01720FD4 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 01720FE5 
.text           C:\Windows\system32\svchost.exe[1804] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 01720F6B 
.text           C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 01710FE5 
.text           C:\Windows\system32\svchost.exe[1804] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 01710066 
.text           C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 0171003A 
.text           C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 0171000C 
.text           C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 01710055 
.text           C:\Windows\system32\svchost.exe[1804] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 0171001D 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 016F0040 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 016F0F94 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 016F0000 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 016F0025 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 016F0F83 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 016F0FCA 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 016F0FE5 
.text           C:\Windows\system32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 016F0FAF 
.text           C:\Windows\system32\svchost.exe[1804] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 01700FEF 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 00CB0076 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 00CB0F3A 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 00CB00A2 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 00CB0087 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 00CB004A 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 00CB0FDE 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 00CB002F 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 00CB0F4B 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 00CB0F66 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 00CB0F9E 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 00CB0F8D 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 00CB0FC3 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 00CB005B 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 00CB0EF0 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileW                                          7715B0EB 1 Byte  [E9]
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 00CB0FEF 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 00CB0000 
.text           C:\Windows\system32\svchost.exe[2116] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 00CB0F15 
.text           C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 00CA0F88 
.text           C:\Windows\system32\svchost.exe[2116] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 00CA0FA3 
.text           C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 00CA0FD2 
.text           C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 00CA0FEF 
.text           C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 00CA001D 
.text           C:\Windows\system32\svchost.exe[2116] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 00CA0000 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 00C40F94 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 00C4002C 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 00C4000A 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 00C40FA5 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 00C4005B 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 00C40FDB 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 00C4001B 
.text           C:\Windows\system32\svchost.exe[2116] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 00C40FCA 
.text           C:\Windows\system32\svchost.exe[2116] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 00C50000 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetStartupInfoW                77111929 5 Bytes  JMP 009F0F10 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetStartupInfoA                771119C9 5 Bytes  JMP 009F0F21 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateProcessW                 77111BF3 5 Bytes  JMP 009F008C 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateProcessA                 77111C28 5 Bytes  JMP 009F007B 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtect                 77111DC3 5 Bytes  JMP 009F0F46 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateNamedPipeA               77112EF5 5 Bytes  JMP 009F0FC3 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateNamedPipeW               77115C0C 5 Bytes  JMP 009F0FA8 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreatePipe                     77138F06 3 Bytes  JMP 009F004C 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreatePipe + 4                 77138F0A 1 Byte  [89]
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExW                 7713927C 5 Bytes  JMP 009F0F57 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryW                   77139400 3 Bytes  JMP 009F0014 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryW + 4               77139404 1 Byte  [89]
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExA                 77139554 3 Bytes  JMP 009F0F68 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryExA + 4             77139558 1 Byte  [89]
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryA                   7713957C 3 Bytes  JMP 009F0F8D 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!LoadLibraryA + 4               77139580 1 Byte  [89]
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtectEx               7713DC52 3 Bytes  JMP 009F003B 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!VirtualProtectEx + 4           7713DC56 1 Byte  [89]
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!GetProcAddress                 7715925B 5 Bytes  JMP 009F0EDA 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateFileW                    7715B0EB 5 Bytes  JMP 009F0FD4 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!CreateFileA                    7715D07F 5 Bytes  JMP 009F0FEF 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] kernel32.dll!WinExec                        771A60CF 5 Bytes  JMP 009F0EF5 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wsystem                         77067F2F 5 Bytes  JMP 009E0FB9 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!system                           7706804B 5 Bytes  JMP 009E0FCA 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_creat                           7706BBE1 5 Bytes  JMP 009E0029 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_open                            7706D106 5 Bytes  JMP 009E000C 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wcreat                          7706D326 5 Bytes  JMP 009E003A 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] msvcrt.dll!_wopen                           7706D501 5 Bytes  JMP 009E0FEF 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyExA                75EC39AB 5 Bytes  JMP 0026005E 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyA                  75EC3BA9 5 Bytes  JMP 00260FCD 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyA                    75EC89C7 5 Bytes  JMP 00260FEF 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyW                  75ED391E 5 Bytes  JMP 00260FBC 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegCreateKeyExW                75ED41F1 5 Bytes  JMP 00260FA1 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyExA                  75ED7C42 5 Bytes  JMP 0026002F 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyW                    75EDE2B5 5 Bytes  JMP 00260014 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] ADVAPI32.dll!RegOpenKeyExW                  75EE7BA1 5 Bytes  JMP 00260FDE 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2264] WS2_32.dll!socket                           761036D1 5 Bytes  JMP 003F0FE5 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 00900F55 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 00900F66 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 009000D8 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 009000C7 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 00900F77 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 0090000A 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 00900025 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 00900091 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 00900F9E 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 00900051 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 00900FAF 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 00900040 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 0090006C 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 00900F30 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 00900FD4 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 00900FE5 
.text           C:\Windows\system32\svchost.exe[2308] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 009000B6 
.text           C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 008A0FA6 
.text           C:\Windows\system32\svchost.exe[2308] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 008A0031 
.text           C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 008A0FC1 
.text           C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 008A0FEF 
.text           C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 008A0020 
.text           C:\Windows\system32\svchost.exe[2308] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 008A0FDE 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 1 Byte  [E9]
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 00290FAF 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 00290051 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 00290000 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 00290FCA 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 0029006C 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 00290036 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 00290011 
.text           C:\Windows\system32\svchost.exe[2308] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 00290FE5 
.text           C:\Windows\system32\svchost.exe[2308] WS2_32.dll!socket                                                 761036D1 5 Bytes  JMP 002E0000 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!GetStartupInfoW                                      77111929 5 Bytes  JMP 000700B3 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!GetStartupInfoA                                      771119C9 5 Bytes  JMP 000700A2 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateProcessW                                       77111BF3 5 Bytes  JMP 00070F52 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateProcessA                                       77111C28 5 Bytes  JMP 000700E9 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!VirtualProtect                                       77111DC3 5 Bytes  JMP 00070F81 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateNamedPipeA                                     77112EF5 5 Bytes  JMP 00070036 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateNamedPipeW                                     77115C0C 5 Bytes  JMP 00070047 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreatePipe                                           77138F06 5 Bytes  JMP 00070091 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryExW                                       7713927C 5 Bytes  JMP 00070F9E 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryW                                         77139400 5 Bytes  JMP 00070FCA 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryExA                                       77139554 5 Bytes  JMP 00070FB9 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!LoadLibraryA                                         7713957C 5 Bytes  JMP 00070FDB 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!VirtualProtectEx                                     7713DC52 5 Bytes  JMP 00070076 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!GetProcAddress                                       7715925B 5 Bytes  JMP 00070F37 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateFileW                                          7715B0EB 5 Bytes  JMP 0007001B 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!CreateFileA                                          7715D07F 5 Bytes  JMP 00070000 
.text           C:\Windows\System32\svchost.exe[2344] kernel32.dll!WinExec                                              771A60CF 5 Bytes  JMP 000700C4 
.text           C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_wsystem                                               77067F2F 5 Bytes  JMP 00060FC8 
.text           C:\Windows\System32\svchost.exe[2344] msvcrt.dll!system                                                 7706804B 5 Bytes  JMP 00060049 
.text           C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_creat                                                 7706BBE1 5 Bytes  JMP 0006001D 
.text           C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_open                                                  7706D106 5 Bytes  JMP 0006000C 
.text           C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_wcreat                                                7706D326 5 Bytes  JMP 00060038 
.text           C:\Windows\System32\svchost.exe[2344] msvcrt.dll!_wopen                                                 7706D501 5 Bytes  JMP 00060FEF 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyExA                                      75EC39AB 5 Bytes  JMP 0005005E 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyA                                        75EC3BA9 5 Bytes  JMP 00050FC3 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyA                                          75EC89C7 5 Bytes  JMP 00050FEF 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyW                                        75ED391E 5 Bytes  JMP 00050FB2 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegCreateKeyExW                                      75ED41F1 5 Bytes  JMP 0005006F 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyExA                                        75ED7C42 5 Bytes  JMP 00050014 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyW                                          75EDE2B5 5 Bytes  JMP 00050FDE 
.text           C:\Windows\System32\svchost.exe[2344] ADVAPI32.dll!RegOpenKeyExW                                        75EE7BA1 5 Bytes  JMP 0005002F 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\mfevtps.exe[916] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]  [00405995] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT             C:\Windows\system32\mfevtps.exe[916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]      [004059CB] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                  Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                          mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device                                                                                                                  fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                 mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                 mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device                                                                                                                  Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
Gruß,
Antonia

Alt 14.01.2012, 18:34   #14
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hier OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:33:58 on 14.01.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BCM42RLY" (BCM42RLY) - ? - C:\Windows\System32\drivers\BCM42RLY.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Antonia\AppData\Local\Temp\catchme.sys  (File not found)
"fxldqpow" (fxldqpow) - ? - C:\Users\Antonia\AppData\Local\Temp\fxldqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys
"McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Antonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
"McAfee Framework-Dienst" (McAfeeFramework) - "McAfee, Inc." - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 14.01.2012, 19:08   #15
HilfeHilfeH
 
Bundespolizei-Trojaner eingefangen - Standard

Bundespolizei-Trojaner eingefangen



Hier das nächste Log:

Code:
ATTFilter
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-14 18:35:45
-----------------------------
18:35:45.630    OS Version: Windows 6.0.6002 Service Pack 2
18:35:45.631    Number of processors: 2 586 0xF0D
18:35:45.633    ComputerName: BÄR  UserName: 
18:35:47.229    Initialize success
18:37:43.493    AVAST engine defs: 12011401
18:37:50.875    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
18:37:50.878    Disk 0 Vendor: WDC_WD1600BEVT-75ZCT1 11.01A11 Size: 152627MB BusType: 3
18:37:50.967    Disk 0 MBR read successfully
18:37:50.988    Disk 0 MBR scan
18:37:50.994    Disk 0 Windows VISTA default MBR code
18:37:51.074    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
18:37:51.090    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 208896
18:37:51.163    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       139723 MB offset 21180416
18:37:51.168    Disk 0 Partition - 00     0F Extended LBA              2560 MB offset 307335168
18:37:51.268    Disk 0 Partition 4 00     DD              MSDOS5.0     2559 MB offset 307337216
18:37:51.400    Disk 0 scanning sectors +312578048
18:37:51.912    Disk 0 scanning C:\Windows\system32\drivers
18:39:08.626    Service scanning
18:39:10.051    Modules scanning
18:40:37.660    Disk 0 trace - called modules:
18:40:37.700    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
18:40:37.708    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857d2ac8]
18:40:37.716    3 CLASSPNP.SYS[82f178b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84df5b98]
18:40:38.674    AVAST engine scan C:\Windows
18:41:34.988    AVAST engine scan C:\Windows\system32
18:46:20.030    AVAST engine scan C:\Windows\system32\drivers
18:46:32.776    AVAST engine scan C:\Users\Antonia
19:01:18.291    AVAST engine scan C:\ProgramData
19:02:38.192    Scan finished successfully
19:06:50.869    Disk 0 MBR has been saved successfully to "C:\Users\Antonia\Desktop\MBR.dat"
19:06:50.874    The log file has been saved successfully to "C:\Users\Antonia\Desktop\aswMBR.txt"
         
Gruß,
Antonia

Antwort

Themen zu Bundespolizei-Trojaner eingefangen
administrator, anti-malware, appdata, autostart, cache, code, dateien, dateisystem, exploit.drop.2, explorer.exe, gelöscht, gen, heuristiks/extra, heuristiks/shuriken, infizierte, java, logdatei, malwarebytes, microsoft, neu, ohne abgesicherten modus, quarantäne, rechner, seite, software, speicher, starten, temp, trojan.zbot.cbcgen, vista




Ähnliche Themen: Bundespolizei-Trojaner eingefangen


  1. Bundespolizei-Trojaner eingefangen? (Vista)
    Plagegeister aller Art und deren Bekämpfung - 15.11.2014 (17)
  2. Bundespolizei-Trojaner eingefangen - wie werde ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (12)
  3. Bundespolizei Trojaner eingefangen/Logfiles vorhanden
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (3)
  4. Bundespolizei-/Ukash-Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (10)
  5. Verdammten Bundespolizei-Trojaner eingefangen.
    Log-Analyse und Auswertung - 28.10.2012 (2)
  6. Bundespolizei-/Ukash-Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2012 (3)
  7. Bundespolizei-Trojaner eingefangen! Brauche dringend Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (13)
  8. Bundespolizei Trojaner 1.13 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (1)
  9. Bundespolizei Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (8)
  10. Bundespolizei-Trojaner eingefangen - System kompromittiert- Formatierung?
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  11. Bundespolizei Ukash Trojaner eingefangen!
    Log-Analyse und Auswertung - 11.07.2012 (1)
  12. Bundespolizei/ucash Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (27)
  13. Bundespolizei-Trojaner eingefangen trotz Schutzmaßnahmen
    Antiviren-, Firewall- und andere Schutzprogramme - 12.04.2012 (7)
  14. Auch den Bundespolizei Trojaner eingefangen, Win7 64 bit
    Log-Analyse und Auswertung - 14.02.2012 (23)
  15. Bundespolizei Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (5)
  16. Bundespolizei Trojaner eingefangen Windows XP
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (3)
  17. Bundespolizei-Trojaner eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (4)

Zum Thema Bundespolizei-Trojaner eingefangen - Hallo liebe Helfer, ich habe mir gestern abend den Bundespolizei-Trojaner eingefangen, der 100€ haben will, damit er wieder weggeht. Habe dann die Schritte dieser Seite "hxxp://www.redirect301.de/bundespolizei-trojaner-entfernen.html" befolgt. Bei "Schritt 8" - Bundespolizei-Trojaner eingefangen...
Archiv
Du betrachtest: Bundespolizei-Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.