| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Falsche Google Weiterleitung und gar kein Internet mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
22.03.2010, 09:40
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Falsche Google Weiterleitung und gar kein Internet mehr Ok, dann CF erstmal weglassen. Was ist hiermit: O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.03.2010, 09:43
| #2 | |
 | Falsche Google Weiterleitung und gar kein Internet mehrZitat:
|
|
22.03.2010, 20:22
| #3 |
| | 1 von 4 Hallo Arne,
__________________so hab nun folgendes gemacht: 1. Rechner hochgefahren HijackThis laufen lassen, es kam folgendes Logfiles raus: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:07, on 22.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\CtHelper.exe C:\Windows\System32\CTXFIHLP.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\System32\CTXFISPI.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Contour Shuttle\ShuttleHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Cyberlink\PowerCinema\PCMService.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\ScanPanel\ScnPanel.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\UltraMon\UltraMon.exe D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\FreeCommander\FreeCommander.exe C:\Windows\SYSTEM32\taskeng.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Windows\system32\conime.exe D:\Setups\HijackThis\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DataFinder] "C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [streamsys64] rundll32.exe "C:\Users\XXX\AppData\Local\streamsys64\streamsys64.dll", DllInit O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax"" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: FreeCommander.lnk = C:\Program Files\FreeCommander\FreeCommander.exe O4 - Startup: Greenshot.lnk = D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191 O17 - HKLM\System\CS1\Services\Tcpip\..\{1434E5AF-CA7E-4481-8CCE-8026F6B65648}: NameServer = 85.255.112.209,85.255.112.191 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98f4f77a2eb1d) (gupdate1c98f4f77a2eb1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SYSTEM32\OpcEnum.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files\Contour Shuttle\ShuttleEngine.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 18100 bytes 3. Im abgesicherten Modus HijackThis laufen lassen, es kam folgendes Logfiles raus: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:45:04, on 22.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\FreeCommander\FreeCommander.exe D:\Setups\HijackThis\HiJackThis\HijackThis.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DataFinder] "C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [streamsys64] rundll32.exe "C:\Users\XXX\AppData\Local\streamsys64\streamsys64.dll", DllInit O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax"" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: FreeCommander.lnk = C:\Program Files\FreeCommander\FreeCommander.exe O4 - Startup: Greenshot.lnk = D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191 O17 - HKLM\System\CS1\Services\Tcpip\..\{1434E5AF-CA7E-4481-8CCE-8026F6B65648}: NameServer = 85.255.112.209,85.255.112.191 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98f4f77a2eb1d) (gupdate1c98f4f77a2eb1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SYSTEM32\OpcEnum.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files\Contour Shuttle\ShuttleEngine.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 16173 bytes  5. Rechner wieder runter gefahren und im normalen Modus wieder hochgefahren. 6. Nochmal zur Kontrolle HijackThis laufen lassen, es kam folgendes Logfiles raus: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:29, on 22.03.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\CtHelper.exe C:\Windows\System32\CTXFIHLP.EXE C:\Windows\System32\CTXFISPI.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Contour Shuttle\ShuttleHelper.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Cyberlink\PowerCinema\PCMService.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Winamp\winampa.exe C:\Windows\System32\rundll32.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\ScanPanel\ScnPanel.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\mobsync.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\FreeCommander\FreeCommander.exe C:\Windows\system32\wbem\unsecapp.exe D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Java\jre6\bin\jucheck.exe D:\Setups\HijackThis\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DataFinder] "C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe" /auto O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [streamsys64] rundll32.exe "C:\Users\XXX\AppData\Local\streamsys64\streamsys64.dll", DllInit O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\RunOnce: [x64setup] cmd.exe /c "If EXIST "%programfiles%\VistaCodecPack\icons\icons64.dll" REG ADD HKCU\Software\GNU\ffdshow\default /v isSubtitles /t REG_DWORD /d 1 /f&® ADD HKCU\Software\GNU\ffdshow_audio /v ac3 /t REG_DWORD /d 15 /f&®svr32.exe /s "%programfiles%\VistaCodecPack\filters\MatroskaSplitter.ax"" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: FreeCommander.lnk = C:\Program Files\FreeCommander\FreeCommander.exe O4 - Startup: Greenshot.lnk = D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ? O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ScanPanel\ScnPanel.exe O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c98f4f77a2eb1d) (gupdate1c98f4f77a2eb1d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SYSTEM32\OpcEnum.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files\Contour Shuttle\ShuttleEngine.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 17776 bytes Code:
ATTFilter GMER 1.0.15.15281 - h**p://www.gmer.net
Rootkit scan 2010-03-22 19:22:06
Windows 6.0.6002 Service Pack 2
Running: xixbi9k7.exe; Driver: C:\Users\XXX~1\AppData\Local\Temp\uxldipow.sys
---- System - GMER 1.0.15 ----
INT 0x61 ? 8612EBF8
INT 0x71 ? 876A0F00
INT 0x71 ? 876A0F00
INT 0x82 ? 876A0F00
INT 0x92 ? 876A0F00
INT 0xA2 ? 876A0F00
INT 0xB2 ? 876A0F00
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x9602579E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x96025738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9602574C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x960257DC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x9602581F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x96025710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x96025724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x960257B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x96025847]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x96025833]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x9602578A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x96025776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x9602580B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x960257F2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x960257C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x96025762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 82A349D2 5 Bytes JMP 960257CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 82BC85B5 5 Bytes JMP 96025823 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 82BD2B82 5 Bytes JMP 96025766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82BF9D60 5 Bytes JMP 9602580F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 82C1944C 7 Bytes JMP 960257E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82C1970F 5 Bytes JMP 960257F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82C1D47A 5 Bytes JMP 9602577A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82C22E8D 7 Bytes JMP 960257B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 82C250AA 5 Bytes JMP 96025728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 82C29B58 5 Bytes JMP 96025714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82C4AD59 5 Bytes JMP 960257A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 82C5B7B2 5 Bytes JMP 96025837 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 82C5C9B6 5 Bytes JMP 9602584B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 82C9A74B 5 Bytes JMP 9602573C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82C9A796 7 Bytes JMP 96025750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 82C9B253 5 Bytes JMP 9602578E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? System32\Drivers\spkr.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F00D340, 0x3D9767, 0xE8000020]
.text USBPORT.SYS!DllUnload 8EAF441B 5 Bytes JMP 876A04E0
.text aaicilxk.SYS 8F865000 22 Bytes [82, 93, DC, 82, 6C, 92, DC, ...]
.text aaicilxk.SYS 8F865017 34 Bytes [00, 32, A7, 78, 80, 3D, A5, ...]
.text aaicilxk.SYS 8F86503A 3 Bytes CALL 902BD2E3
.text aaicilxk.SYS 8F86503E 142 Bytes [A3, 82, 60, FA, AA, 82, E0, ...]
.text aaicilxk.SYS 8F8650CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text ...
.text C:\Windows\system32\drivers\ACEDRV08.sys section is writeable [0x96173000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0x961B7000]
.relo2 C:\Windows\system32\drivers\ACEDRV08.sys unknown last section [0x961D3000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\ACEDRV09.sys section is writeable [0x8EA01000, 0x3326E, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0x8EA46000]
.relo2 C:\Windows\system32\drivers\ACEDRV09.sys unknown last section [0x8EA62000, 0x8E, 0x42000040]
|
|
22.03.2010, 20:23
| #4 |
| | 2 von 4Code:
ATTFilter ---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00280EE9
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00280EFA
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00280EA2
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00280EB3
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00280F55
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00280014
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00280FC3
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00280F15
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 0028002F
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00280F97
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00280F7C
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00280FB2
.text C:\Windows\system32\services.exe[672] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00280F3A
.text C:\Windows\system32\services.exe[672] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00280054
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00280FDE
.text C:\Windows\system32\services.exe[672] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00280FEF
.text C:\Windows\system32\services.exe[672] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00280EC4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 0029003D
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00290022
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00290FEF
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00290F9B
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00290058
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00290000
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00290FD4
.text C:\Windows\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00290011
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00BC0047
.text C:\Windows\system32\services.exe[672] msvcrt.dll!system 77C9804B 5 Bytes JMP 00BC002C
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00BC001B
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00BC0000
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00BC0FBC
.text C:\Windows\system32\services.exe[672] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00BC0FD7
.text C:\Windows\system32\services.exe[672] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00270FE5
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 001E0F65
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 001E00AB
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 001E00EB
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 001E0F54
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 001E0075
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 001E001B
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 001E0FCA
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 001E0F8A
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 001E0058
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 001E0F9B
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 001E0047
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 001E002C
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 001E009A
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 001E0110
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 001E0FE5
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 001E0000
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 001E00C6
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00810FC0
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00810FDB
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00810000
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00810062
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 0081007D
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0081002C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00810011
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00810047
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00820031
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!system 77C9804B 5 Bytes JMP 00820016
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00820FB7
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00820FEF
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00820FA6
.text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00820FD2
.text C:\Windows\system32\lsass.exe[704] WS2_32.dll!socket 773C36D1 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 008400A1
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00840090
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00840F0A
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00840F25
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00840053
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00840FC3
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00840FA8
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 0084007F
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00840036
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00840F83
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00840025
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 0084000A
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 0084006E
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 008400C6
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00840FD4
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00840FEF
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00840F40
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00860047
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!system 77C9804B 5 Bytes JMP 00860FBC
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00860FD7
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00860000
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 0086002C
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00860011
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 0085006C
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00850FCA
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00850051
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00850FAF
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00850FE5
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 0085001B
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00850036
.text C:\Windows\system32\svchost.exe[856] WS2_32.dll!socket 773C36D1 5 Bytes JMP 006E0000
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00680095
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00680F59
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00680EFE
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00680F19
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00680062
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00680FAF
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00680000
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00680084
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00680F8A
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00680022
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 0068003D
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00680011
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00680073
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 006800B0
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00680FD4
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00680FE5
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00680F2A
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 006A0F8D
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!system 77C9804B 5 Bytes JMP 006A0F9E
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_open 77C9D106 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 006A0FC3
.text C:\Windows\system32\svchost.exe[932] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 006A000C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00690062
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00690FC0
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00690000
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00690047
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00690F9B
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0069002C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00690011
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00690FDB
.text C:\Windows\system32\svchost.exe[932] WS2_32.dll!socket 773C36D1 5 Bytes JMP 001F0FEF
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00670084
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00670F3E
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 0067009F
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00670F12
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00670F74
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00670022
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00670FC7
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00670069
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 0067004E
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00670033
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00670F91
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00670FAC
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00670F63
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 006700C4
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00670011
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00670000
.text C:\Windows\System32\svchost.exe[968] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00670F23
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 006A0FBE
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!system 77C9804B 5 Bytes JMP 006A003F
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 006A002E
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_open 77C9D106 5 Bytes JMP 006A0000
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 006A0FD9
.text C:\Windows\System32\svchost.exe[968] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 006A001D
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00680F83
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 0068001B
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00680000
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00680F94
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00680F72
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00680FCA
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00680FE5
.text C:\Windows\System32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00680FAF
.text C:\Windows\System32\svchost.exe[968] WS2_32.dll!socket 773C36D1 5 Bytes JMP 0066000A
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenA 779CD690 5 Bytes JMP 00690000
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenW 779CDB09 5 Bytes JMP 0069001B
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlA 779CF3A4 5 Bytes JMP 0069002C
.text C:\Windows\System32\svchost.exe[968] wininet.dll!InternetOpenUrlW 77A16DDF 5 Bytes JMP 00690FDB
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 009A0096
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 009A0F5A
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 009A0EFF
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 009A0F10
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 009A0F97
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 009A0FD4
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 009A0FC3
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 009A0F75
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 009A0FB2
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 009A0054
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 009A006F
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 009A0039
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 009A0F86
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 009A00BB
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 009A0FE5
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 009A0000
.text C:\Windows\System32\svchost.exe[1016] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 009A0F2B
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 009C0F97
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!system 77C9804B 5 Bytes JMP 009C002C
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 009C0FC6
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_open 77C9D106 5 Bytes JMP 009C0000
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 009C0011
.text C:\Windows\System32\svchost.exe[1016] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 009C0FE3
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 009B0047
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 009B0025
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 009B0FE5
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 009B0036
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 009B0058
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 009B000A
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 009B0FCA
.text C:\Windows\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 009B0FB9
.text C:\Windows\System32\svchost.exe[1016] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00220FEF
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 008C008E
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 008C007D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 008C0F12
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 008C0F23
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 008C0F5C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 008C001B
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 008C0FC0
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 008C006C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 008C0F6D
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 008C002C
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 008C0F8A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 008C0FA5
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 008C005B
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 008C0EF7
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 008C000A
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 008C0FEF
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 008C009F
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77C97F2F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00930033
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!system 77C9804B 5 Bytes JMP 00930022
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00930011
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00930000
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00930FBC
.text C:\Windows\System32\svchost.exe[1092] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00930FD7
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00920FB9
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00920FD4
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00920000
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 0092005B
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00920076
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0092001B
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00920FE5
.text C:\Windows\System32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00920036
.text C:\Windows\System32\svchost.exe[1092] WS2_32.dll!socket 773C36D1 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00A4008A
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00A40F44
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00A400C0
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00A40F29
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00A40F70
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00A4001E
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00A40FCD
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00A4006F
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00A40054
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00A40FB2
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00A40F97
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00A40039
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00A40F5F
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00A40F0E
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00A40FDE
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00A40FEF
.text C:\Windows\system32\svchost.exe[1144] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00A400A5
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00B70042
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!system 77C9804B 5 Bytes JMP 00B70027
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00B70FD2
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00B70000
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00B70FC1
.text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00B70FE3
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00B60F97
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00B6002F
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00B60000
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00B60FA8
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00B60F86
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00B60FDE
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00B60FEF
.text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00B60FC3
.text C:\Windows\system32\svchost.exe[1144] WS2_32.dll!socket 773C36D1 5 Bytes JMP 009F0000
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00180F15
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00180051
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00180EE2
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00180EF3
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00180F5C
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00180FDE
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00180FC3
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00180F30
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00180F77
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 0018002F
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00180040
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00180FB2
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00180F41
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00180EC7
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00180014
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00180F04
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 001A005D
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!system 77C9804B 5 Bytes JMP 001A0042
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 001A0FD2
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_open 77C9D106 5 Bytes JMP 001A0FEF
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 001A0027
.text C:\Windows\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 001A000C
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00190F5E
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00190000
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00190FEF
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00190F6F
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00190025
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00190FB9
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00190FD4
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00190F94
.text C:\Windows\system32\svchost.exe[1212] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00170FEF
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00FD0095
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00FD0F4F
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00FD0F23
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00FD00BA
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00FD0069
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00FD0FE5
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00FD0FD4
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00FD007A
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00FD0F8F
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00FD0047
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00FD0058
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00FD0036
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00FD0F74
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00FD0F08
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00FD001B
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00FD0000
.text C:\Windows\system32\svchost.exe[1296] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00FD0F3E
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 014C0038
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!system 77C9804B 5 Bytes JMP 014C001D
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 014C0FD2
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_open 77C9D106 5 Bytes JMP 014C0000
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 014C0FB7
.text C:\Windows\system32\svchost.exe[1296] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 014C0FE3
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 0146002F
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 01460F9E
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 01460FEF
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 01460F8D
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 01460F7C
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 01460FD4
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 0146000A
.text C:\Windows\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 01460FB9
.text C:\Windows\system32\svchost.exe[1296] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00F8000A
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenA 779CD690 5 Bytes JMP 014B0FEF
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenW 779CDB09 5 Bytes JMP 014B0FCA
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenUrlA 779CF3A4 5 Bytes JMP 014B0FB9
.text C:\Windows\system32\svchost.exe[1296] WinInet.dll!InternetOpenUrlW 77A16DDF 5 Bytes JMP 014B0F9E
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 008B00EB
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 008B00C6
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 008B0132
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 008B0121
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 008B0090
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 008B0FCA
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 008B0011
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 008B0F9B
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 008B0075
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 008B003D
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 008B0058
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 008B002C
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 008B00AB
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 008B0F8A
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[1388] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 008B00FC
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 008D0FB7
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!system 77C9804B 5 Bytes JMP 008D004C
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 008D0FD2
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_open 77C9D106 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 008D0027
.text C:\Windows\system32\svchost.exe[1388] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 008D000C
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 008C0062
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 008C0047
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 008C0FCA
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 008C0F9B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 008C001B
.text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 008C000A
|
|
22.03.2010, 20:23
| #5 |
| | 3 von 4Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 008C0036
.text C:\Windows\system32\svchost.exe[1388] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00850000
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00810F3A
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 0081008A
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00810F04
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00810F15
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00810F70
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 0081001B
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00810FD4
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00810F55
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00810F8D
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00810040
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00810F9E
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00810FB9
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00810065
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00810EF3
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00810FE5
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00810000
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 0081009B
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00830FA1
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!system 77C9804B 5 Bytes JMP 00830FBC
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00830FD7
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00830000
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00830022
.text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00830011
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00820F94
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00820036
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00820FEF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00820FAF
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00820F83
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00820FD4
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 0082000A
.text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00820025
.text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00800000
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00150076
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00150F30
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00150087
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00150EFA
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00150040
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00150FC3
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00150FA8
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00150051
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 0015002F
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00150014
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00150F72
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00150F97
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00150F4B
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00150098
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00150FD4
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00150FEF
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00150F0B
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00170058
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!system 77C9804B 5 Bytes JMP 0017003D
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00170FD7
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 0017002C
.text C:\Windows\system32\svchost.exe[1948] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00170011
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00160F97
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00160FB9
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00160FA8
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00160054
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00160FD4
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00160FEF
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 0016002F
.text C:\Windows\system32\svchost.exe[1948] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00100FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2096] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2096] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 001A0F74
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 001A0F85
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 001A00DF
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 001A0F3E
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 001A0084
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 001A0036
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 001A0047
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 001A00A6
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 001A0FAA
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 001A0FDB
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 001A0073
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 001A0058
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 001A0095
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 001A0F2D
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 001A001B
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 001A000A
.text C:\Windows\system32\svchost.exe[2876] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 001A0F59
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 001D0027
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!system 77C9804B 5 Bytes JMP 001D0FA6
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 001D0FD2
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_open 77C9D106 5 Bytes JMP 001D0FE3
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 001D0FB7
.text C:\Windows\system32\svchost.exe[2876] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 001C0054
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 001C0FB2
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 001C0039
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 001C0F8D
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[2876] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[2876] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00130FEF
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00910EF8
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00910F13
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00910EB1
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00910ECC
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00910F50
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00910FCA
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00910FAF
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00910F24
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00910F61
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00910F83
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00910F72
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00910F9E
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00910F3F
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00910059
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00910000
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00910FEF
.text C:\Windows\system32\svchost.exe[3064] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00910EE7
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 009B0FCF
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!system 77C9804B 5 Bytes JMP 009B005A
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 009B0038
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_open 77C9D106 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 009B0049
.text C:\Windows\system32\svchost.exe[3064] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 009B0011
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 009A0F9E
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 009A0FD4
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 009A0FEF
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 009A0FAF
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 009A0F8D
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 009A0025
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 009A0014
.text C:\Windows\system32\svchost.exe[3064] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 009A0036
.text C:\Windows\system32\svchost.exe[3064] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00300FEF
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00050F33
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00050F4E
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00050EF6
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00050F11
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 0005005E
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00050025
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00050FDE
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00050079
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00050F90
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00050FBC
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00050FA1
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00050FCD
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00050F5F
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 000500A8
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 0005000A
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00050FEF
.text C:\Windows\System32\svchost.exe[3276] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00050F22
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00070028
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!system 77C9804B 5 Bytes JMP 00070F93
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00070FB5
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00070FE3
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00070FA4
.text C:\Windows\System32\svchost.exe[3276] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00070FD2
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00060062
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00060FC0
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00060047
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00060073
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 0006002C
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00060011
.text C:\Windows\System32\svchost.exe[3276] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00060FD1
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 03F40F2B
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 03F40F3C
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 03F40F10
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 03F400A7
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 03F4004C
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 03F40FC3
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 03F40FA8
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 03F40F4D
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 03F40F72
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 03F40F8D
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 03F4002F
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 03F4001E
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 03F4005D
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 03F400B8
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 03F40FD4
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 03F40FEF
.text C:\Windows\Explorer.EXE[3452] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 03F4008C
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 043C0025
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 043C0014
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 043C0FEF
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 043C0F8D
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 043C0036
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 043C0FB9
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 043C0FD4
.text C:\Windows\Explorer.EXE[3452] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 043C0FA8
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 04420FB7
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!system 77C9804B 5 Bytes JMP 04420042
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 0442000C
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_open 77C9D106 5 Bytes JMP 04420FEF
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 04420027
.text C:\Windows\Explorer.EXE[3452] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 04420FD2
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenA 779CD690 5 Bytes JMP 043D0FEF
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenW 779CDB09 5 Bytes JMP 043D0FD4
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenUrlA 779CF3A4 5 Bytes JMP 043D000A
.text C:\Windows\Explorer.EXE[3452] WININET.dll!InternetOpenUrlW 77A16DDF 5 Bytes JMP 043D001B
.text C:\Windows\Explorer.EXE[3452] WS2_32.dll!socket 773C36D1 5 Bytes JMP 03E70000
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 000100BD
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 000100D8
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 00010F41
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 00010051
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00010FCA
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00010FB9
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00010F77
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00010F9E
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00010040
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00010025
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00010F30
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[4456] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 00010F5C
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00050FB9
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!system 77C9804B 5 Bytes JMP 00050FCA
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 0005003A
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00050000
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 00050FE5
.text C:\Windows\system32\svchost.exe[4456] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 0005001D
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00060F94
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 00060025
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00060036
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00060051
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00060FCA
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00060FE5
.text C:\Windows\system32\svchost.exe[4456] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00060FB9
.text C:\Windows\system32\svchost.exe[4456] WS2_32.dll!socket 773C36D1 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!GetStartupInfoW 775C1929 5 Bytes JMP 00010F52
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!GetStartupInfoA 775C19C9 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateProcessW 775C1BF3 5 Bytes JMP 00010F2D
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateProcessA 775C1C28 5 Bytes JMP 000100CE
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!VirtualProtect 775C1DC3 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateNamedPipeA 775C2EF5 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateNamedPipeW 775C5C0C 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreatePipe 775E8E6E 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryExW 775E9109 5 Bytes JMP 00010F94
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryW 775E9362 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryExA 775E94B4 5 Bytes JMP 00010FAF
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!LoadLibraryA 775E94DC 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!VirtualProtectEx 775EDBDA 5 Bytes JMP 00010F6D
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!GetProcAddress 7760903B 5 Bytes JMP 00010F1C
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateFileW 7760AECB 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!CreateFileA 7760CE5F 5 Bytes JMP 00010FE5
.text C:\Windows\system32\svchost.exe[7168] kernel32.dll!WinExec 77655CF7 5 Bytes JMP 000100BD
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_wsystem 77C97F2F 5 Bytes JMP 00060062
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!system 77C9804B 5 Bytes JMP 00060047
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_creat 77C9BBE1 5 Bytes JMP 00060011
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_open 77C9D106 5 Bytes JMP 00060000
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_wcreat 77C9D326 5 Bytes JMP 0006002C
.text C:\Windows\system32\svchost.exe[7168] msvcrt.dll!_wopen 77C9D501 5 Bytes JMP 00060FD7
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyExA 777639AB 5 Bytes JMP 00070058
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyA 77763BA9 5 Bytes JMP 0007002C
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyA 777689C7 5 Bytes JMP 00070000
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyW 7777391E 5 Bytes JMP 00070047
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegCreateKeyExW 777741F1 5 Bytes JMP 00070F9B
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyExA 77777C42 5 Bytes JMP 00070011
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyW 7777E2B5 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[7168] ADVAPI32.dll!RegOpenKeyExW 77787BA1 5 Bytes JMP 00070FC0
.text C:\Windows\system32\svchost.exe[7168] WS2_32.dll!socket 773C36D1 5 Bytes JMP 00080000
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00182F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00182D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00182CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\XXX\Desktop\xixbi9k7.exe[580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00182CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WinTV\Ir.exe[1424] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00182F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00182D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00182CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\SYSTEM32\taskeng.exe[2688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00182CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[2988] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01C12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee.com\agent\mcagent.exe[3056] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00152F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00152D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00152CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\mobsync.exe[3388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00152CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01792F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01792D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01792CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01792CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00792F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00792D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00792CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3580] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00792CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00942F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00942D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00942CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\UltraMon\UltraMon.exe[3680] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00942CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00DC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAEMON Tools Pro\DTProAgent.exe[4104] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[4128] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01992F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01992D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01992CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Picasa2\PicasaMediaDetector.exe[4248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01992CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[4280] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00232F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00232D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00232CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Defender\MSASCui.exe[4372] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00232CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00832F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00832D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00832CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe[4488] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00832CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00842F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00842D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00842CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CtHelper.exe[4560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00842CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
|
|
22.03.2010, 20:24
| #6 |
| | 4 von 4Code:
ATTFilter IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFIHLP.EXE[4708] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4868] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4916] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PowerISO\PWRISOVM.EXE[4924] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Contour Shuttle\ShuttleHelper.exe[4952] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [001C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [001C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [001C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT D:\Setups\Greenshot\Greenshot-NO-INSTALLER-0.7.009\Greenshot.exe[4964] @ C:\Windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [001C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[4980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00452F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00452D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00452CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[5000] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00452CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\CTXFISPI.EXE[5152] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[5276] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [017F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [017F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [017F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitdm.exe[5308] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [017F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\WindowsMobile\wmdc.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Orbitdownloader\orbitnet.exe[5492] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanPanel\ScnPanel.exe[5504] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01D52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01D52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01D52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\National Instruments\Shared\DataFinderDesktop\bin\DataFinder.exe[5508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01D52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [016E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[5544] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Cyberlink\PowerCinema\PCMService.exe[5560] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wbem\unsecapp.exe[5692] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[5732] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[5760] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [008A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Winamp\winampa.exe[5808] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[6044] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[6332] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00102F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00102D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00102CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\svchost.exe[7168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00102CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8612F1F8
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\fastfat \FatCdrom 895DD500
Device \Driver\volmgr \Device\VolMgrControl 8536A1F8
Device \Driver\usbuhci \Device\USBPDO-0 875B81F8
Device \Driver\usbuhci \Device\USBPDO-1 875B81F8
Device \Driver\PCI_PNP8641 \Device\00000052 spkr.sys
Device \Driver\usbehci \Device\USBPDO-2 875B61F8
Device \Driver\usbuhci \Device\USBPDO-3 875B81F8
Device \Driver\usbuhci \Device\USBPDO-4 875B81F8
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 875B81F8
Device \Driver\usbehci \Device\USBPDO-6 875B61F8
Device \Driver\volmgr \Device\HarddiskVolume1 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8536A1F8
Device \Driver\cdrom \Device\CdRom0 876441F8
Device \Driver\volmgr \Device\HarddiskVolume3 8536A1F8
Device \Driver\cdrom \Device\CdRom1 876441F8
Device \Driver\iaStorV \Device\Ide\iaStor0 8612E1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-0 8612E1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-1 8612E1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-2 8612E1F8
Device \Driver\USBSTOR \Device\00000073 893E91F8
Device \Driver\volmgr \Device\HarddiskVolume4 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume5 8536A1F8
Device \Driver\USBSTOR \Device\00000075 893E91F8
Device \Driver\volmgr \Device\HarddiskVolume6 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume7 8536A1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8927C500
Device \Driver\volmgr \Device\HarddiskVolume8 8536A1F8
Device \Driver\volmgr \Device\HarddiskVolume9 8536A1F8
Device \Driver\Smb \Device\NetbiosSmb 8949F1F8
Device \Driver\iScsiPrt \Device\RaidPort0 876E01F8
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \Driver\USBSTOR \Device\0000006b 893E91F8
Device \Driver\USBSTOR \Device\0000006c 893E91F8
Device \Driver\usbuhci \Device\USBFDO-0 875B81F8
Device \Driver\USBSTOR \Device\0000006d 893E91F8
Device \Driver\usbuhci \Device\USBFDO-1 875B81F8
Device \Driver\USBSTOR \Device\0000006e 893E91F8
Device \Driver\usbehci \Device\USBFDO-2 875B61F8
Device \Driver\USBSTOR \Device\0000006f 893E91F8
Device \Driver\usbuhci \Device\USBFDO-3 875B81F8
Device \Driver\usbuhci \Device\USBFDO-4 875B81F8
Device \Driver\usbuhci \Device\USBFDO-5 875B81F8
Device \Driver\sptd \Device\2016974657 spkr.sys
Device \Driver\usbehci \Device\USBFDO-6 875B61F8
Device \Driver\aaicilxk \Device\Scsi\aaicilxk1Port2Path0Target0Lun0 87760500
Device \Driver\aaicilxk \Device\Scsi\aaicilxk1 87760500
Device \FileSystem\fastfat \Fat 895DD500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\cdfs \Cdfs 896571F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcnvnpotxpjcbipsmmvhwysxwpexxwbfpo.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcnvnpotxpjcbipsmmvhwysxwpexxwbfpo.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcleiaynaubqtrlqmrcottnvhntyjupddi.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3E 0x84 0x44 0xFA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1E 0xE9 0x3C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xC7 0x8A 0xE3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0xE0 0x8C 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -510268767
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2103802456
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0x1C 0x2F 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1E 0xE9 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xC7 0x8A 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x8E 0x14 0x7E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x91 0x1C 0x2F 0x03 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6A 0x1E 0xE9 0x3C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xC7 0x8A 0xE3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x8E 0x14 0x7E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xAE 0x4B 0xA0 0xEA ...
---- EOF - GMER 1.0.15 ----
9. Noch die Screenshots von den Detailfenstern von den Funden von McAfee gemacht:  Bin mal gespannt, was Du darin sehen kannst. Viele Grüße Tanja |
|
| Themen zu Falsche Google Weiterleitung und gar kein Internet mehr |
| becker, browser, combofix, conduit, content.ie5, downloader, excel, explorer, failed, falsche seite, favicon, fehlermeldung, firefox, flash player, google, install.exe, internet, kein internet, keine fehlermeldung, local\temp, logfile, malwarebytes' anti-malware, msiexec.exe, neustart, photoshop, problem, programdata, rundll, security, seiten, server, services.exe, sketchup, software, usb, vlc media player, windows-defender, winlogon.exe |
Hybrid-Darstellung
