Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   WIN 7 Starter: Win32/Small.CA-Virus (https://www.trojaner-board.de/144635-win-7-starter-win32-small-ca-virus.html)

jakobh 15.11.2013 22:14
WIN 7 Starter: Win32/Small.CA-Virus
 
Hallo liebes Board,

mir ist heute aufgefallen, dass laut dem Meldungscenter der Virus Win32/Small.CA-Virus auf meinem Rechner ist. Besonderheiten in der Performance sind mir bisher nicht aufgefallen: das kleine Netbook hat trotz RAM-Upgrade noch nie zu den schnellsten gehört. ;)

Würde mich sehr über Support freuen, allerdings ist mir schleierhaft, wie der Virus in das System gekommen ist (Updates sind aktiviert, Virenscanner aktuell, Hardware-Firewall im Router, Java wird auch aktualisiert und ich klicke grundsätzlich keine .exe-Files in meinem Mailclient an)...

Defogger Log:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:59 on 15/11/2013 (Stefan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
FRST Log:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Stefan (administrator) on STEFAN-NETBOOK on 15-11-2013 15:01:24
Running from C:\Users\Stefan\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Elgato Systems) C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
(Hollie-Soft) C:\Program Files\Klebezettel NG\klebez.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Adobe Systems Incorporated.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GfxServiceInstall] - C:\Windows\System32\GfxCUIServiceInstall.vbs [131 2011-12-13] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11487848 2011-11-30] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [612256 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-01-05] (Toshiba Europe GmbH)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [900160 2013-01-09] (Sophos Limited)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624056 2009-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [1708616 2010-11-16] (Elgato Systems)
HKCU\...\Run: [Klebezettel NG] - C:\Program Files\Klebezettel NG\klebez.exe [4433408 2012-04-06] (Hollie-Soft)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL [ 2013-01-09] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUB&bmod=TEUB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {A7FA4766-E640-4440-A3F3-767C1EA8D63C} URL =
SearchScopes: HKCU - {A7FA4766-E640-4440-A3F3-767C1EA8D63C} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 129.217.129.42

FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default
FF DefaultSearchEngine: Amazon.de
FF SelectedSearchEngine: Amazon.de
FF Homepage: hxxp://www.spiegel.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\searchplugins\woxikonde-synonyme.xml
FF SearchPlugin: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\searchplugins\youtube-ssl.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: EPUBReader - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: noscript - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\9jmjbs7c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [216640 2013-01-09] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [139840 2013-01-09] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232512 2013-01-09] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-01-09] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2869824 2013-01-09] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1459264 2013-01-09] (Sophos Limited)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-12] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112552 2011-06-10] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-09] (TOSHIBA Corporation)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [189184 2012-01-09] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [33536 2012-01-09] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [43392 2012-01-09] (Realtek)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1035368 2011-04-22] (Realtek Semiconductor Corporation                          )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2013-01-09] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-01-09] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2013-01-09] (Sophos Plc)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-01-09] (Sophos Plc)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 15:01 - 2013-11-15 15:04 - 00012268 _____ C:\Users\Stefan\Desktop\FRST.txt
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\FRST
2013-11-15 14:59 - 2013-11-15 14:59 - 00000448 _____ C:\Users\Stefan\Desktop\defogger_disable.log
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 _____ C:\Users\Stefan\defogger_reenable
2013-11-15 11:26 - 2013-11-15 11:26 - 00377856 _____ C:\Users\Stefan\Desktop\fbhlpvv3.exe
2013-11-15 11:25 - 2013-11-15 11:26 - 01090529 _____ (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-11-15 11:24 - 2013-11-15 11:24 - 00050477 _____ C:\Users\Stefan\Desktop\Defogger.exe
2013-11-13 21:19 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-13 21:19 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-13 21:19 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-13 21:19 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-13 21:19 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-13 21:19 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 08:42 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 08:42 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-13 08:42 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-13 08:41 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 08:41 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 08:41 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 08:41 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 08:41 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 08:41 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 08:41 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 08:41 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 08:41 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 08:41 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 08:41 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 08:41 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 08:41 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 08:41 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 08:41 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-10 16:09 - 2013-11-10 16:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-02 22:12 - 2013-11-02 22:12 - 00000000 ____D C:\Users\Stefan\Downloads\FTLNT
2013-11-02 11:06 - 2013-11-02 11:07 - 00000000 ____D C:\Users\Stefan\Downloads\Ignorant Prayers Instrumentals
2013-10-29 23:10 - 2013-10-29 23:10 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-29 12:49 - 2013-11-02 10:31 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-29 11:44 - 2013-10-29 23:25 - 00000000 ____D C:\Users\Stefan\Documents\Kalle
2013-10-29 11:41 - 2013-10-29 11:41 - 00000000 ____D C:\Users\Stefan\Downloads\wetransfer-56cd78
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 16:11 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-10-20 16:11 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-10-20 16:11 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-10-20 16:11 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-10-20 16:09 - 2013-10-20 16:11 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-10-19 14:31 - 2013-09-04 02:15 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-10-19 14:31 - 2013-09-04 02:14 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

==================== One Month Modified Files and Folders =======

2013-11-15 15:04 - 2013-11-15 15:01 - 00012268 _____ C:\Users\Stefan\Desktop\FRST.txt
2013-11-15 15:01 - 2013-11-15 15:01 - 00000000 ____D C:\FRST
2013-11-15 14:59 - 2013-11-15 14:59 - 00000448 _____ C:\Users\Stefan\Desktop\defogger_disable.log
2013-11-15 14:59 - 2013-11-15 14:59 - 00000000 _____ C:\Users\Stefan\defogger_reenable
2013-11-15 14:59 - 2012-06-14 16:27 - 00000000 ____D C:\Users\Stefan
2013-11-15 14:31 - 2012-03-26 21:17 - 01790140 _____ C:\windows\WindowsUpdate.log
2013-11-15 14:30 - 2013-04-11 09:42 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 14:30 - 2009-07-14 05:39 - 00088120 _____ C:\windows\setupact.log
2013-11-15 11:26 - 2013-11-15 11:26 - 00377856 _____ C:\Users\Stefan\Desktop\fbhlpvv3.exe
2013-11-15 11:26 - 2013-11-15 11:25 - 01090529 _____ (Farbar) C:\Users\Stefan\Desktop\FRST.exe
2013-11-15 11:24 - 2013-11-15 11:24 - 00050477 _____ C:\Users\Stefan\Desktop\Defogger.exe
2013-11-15 11:18 - 2009-07-14 05:34 - 00016160 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 11:18 - 2009-07-14 05:34 - 00016160 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 11:01 - 2010-11-20 22:01 - 01498506 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-15 10:54 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-15 08:25 - 2013-10-02 19:31 - 00000000 ____D C:\HebRechw
2013-11-14 11:53 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2013-11-14 10:53 - 2013-07-31 20:21 - 00000000 _____ C:\windows\system32\vireng.log
2013-11-14 00:43 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\de-DE
2013-11-13 21:19 - 2013-07-15 20:02 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 21:12 - 2012-06-15 08:58 - 80340640 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-12 14:12 - 2012-10-08 11:50 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\vlc
2013-11-12 14:12 - 2012-09-19 10:18 - 00000000 ____D C:\Users\Stefan\Downloads\vid
2013-11-11 13:16 - 2013-10-10 12:49 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Dropbox
2013-11-11 13:15 - 2013-10-10 12:52 - 00000000 ___RD C:\Users\Stefan\Dropbox
2013-11-11 09:38 - 2012-06-14 17:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-10 16:10 - 2013-11-10 16:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-02 22:12 - 2013-11-02 22:12 - 00000000 ____D C:\Users\Stefan\Downloads\FTLNT
2013-11-02 11:07 - 2013-11-02 11:06 - 00000000 ____D C:\Users\Stefan\Downloads\Ignorant Prayers Instrumentals
2013-11-02 10:31 - 2013-10-29 12:49 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-10-29 23:25 - 2013-10-29 11:44 - 00000000 ____D C:\Users\Stefan\Documents\Kalle
2013-10-29 23:10 - 2013-10-29 23:10 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-10-29 11:41 - 2013-10-29 11:41 - 00000000 ____D C:\Users\Stefan\Downloads\wetransfer-56cd78
2013-10-28 12:00 - 2009-07-14 05:53 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 16:11 - 2013-10-20 16:11 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 16:11 - 2013-10-20 16:09 - 00004874 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-10-20 16:11 - 2012-01-05 01:54 - 00000000 ____D C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Stefan\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Stefan\AppData\Local\Temp\yvu80at4.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2012-01-05 01:20] - [2011-03-01 09:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 11:17

==================== End Of Log ============================

Addition Log:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013
Ran by Stefan at 2013-11-15 15:07:54
Running from C:\Users\Stefan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

==================== Installed Programs ======================

AAVUpdateManager (Version: 18.00.0000)
ACSI Campsite Guide Europe 2013 (Version: 1.00.0000)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.2.0)
Adobe Acrobat 8.2.0 - CPSID_52074
Adobe Acrobat 8.2.0 Professional (Version: 8.2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.9.9)
CCleaner (Version: 3.28)
Cinergy T Stick RC V86.001.1129.2011 (Version: 86.001.1129.2011)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Citavi (Version: 3.4.0.2)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Dropbox (HKCU Version: 2.4.2)
Filfre 1.01 (Version: 1.0.1)
HebRech HebRechw (Version: 0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.8.1064)
Intel(R) Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Klebezettel NG (Version 2.9.12)
K-Lite Codec Pack 9.1.8 (Standard) (Version: 9.1.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office XP Professional mit FrontPage (Version: 10.0.6626.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 9.0.21022)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0 (x86 de) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
Mozilla Thunderbird 24.1.0 (x86 de) (Version: 24.1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6516)
Realtek USB 2.0 Card Reader (Version: 6.1.7601.30130)
Realtek WLAN Driver (Version: 2.00.0016)
RedMon - Redirection Port Monitor
Skype™ 6.0 (Version: 6.0.126)
Sophos Anti-Virus (Version: 10.0.11)
Sophos AutoUpdate (Version: 2.7.4.317)
Steuer-Spar-Erklärung 2012 (Version: 17.11)
Steuer-Spar-Erklärung 2013 (Version: 18.09)
Synaptics Pointing Device Driver (Version: 15.3.27.1)
TerraTec Home Cinema (Version: 6.25.6)
TerraTec Remote Control (Version: 5.38)
TOSHIBA Assist (Version: 4.2.3.0)
TOSHIBA Audio Enhancement (Version: 1.0.2.7)
TOSHIBA Hardware Setup (Version: 2.1.0.6)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.9)
Toshiba Manuals (Version: 10.03)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA Service Station (Version: 2.2.13)
TOSHIBA Supervisor Password (Version: 2.1.0.2)
TOSHIBA Web Camera Application (Version: 2.0.3.29)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VLC media player 2.0.8 (Version: 2.0.8)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
xp-AntiSpy 3.98-2

==================== Restore Points  =========================

15-10-2013 13:43:58 Windows Update
19-10-2013 13:30:51 Windows Update
20-10-2013 15:08:18 Installed Java 7 Update 45
25-10-2013 08:15:11 Windows Update
29-10-2013 10:13:44 Windows Update
06-11-2013 22:34:31 Windows Update
10-11-2013 15:04:33 Windows Update
13-11-2013 20:11:51 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0BA9D94A-67D6-4A6F-A13C-BA820CADEA66} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {43DDF87C-41AC-4DAF-9AEC-58DAB096BCED} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {D0BE26D5-11DC-478D-9354-A2530F5D8DF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {EA032E01-7249-4D7F-9D96-7F0ED63C4813} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-06-10 05:05 - 2011-06-10 05:05 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Object List" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "First Help" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "First Counter" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Help" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Counter" des Schlüssels "SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Help" des Schlüssels "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Der Wert "Last Counter" des Schlüssels "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib" kann nicht aktualisiert werden. Das erste DWORD im Datenbereich enthält den Fehlercode, und das zweite DWORD enthält den aktualisierten Wert.

Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDS.MFL

Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDSBS.MFL

Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt) (User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\IT-IT\MSFEEDS.MFL


System errors:
=============
Error: (11/15/2013 02:29:52 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (11/15/2013 10:54:36 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/15/2013 08:22:35 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/14/2013 02:22:33 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/14/2013 01:55:06 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/14/2013 01:18:01 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/14/2013 00:14:23 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/14/2013 10:18:57 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (11/14/2013 08:22:36 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/14/2013 08:09:40 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


Microsoft Office Sessions:
=========================
Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Object ListSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance8130000001A110000

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: First HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance121300000035210000FC100000

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: First CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance121300000034210000DF100000

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last HelpSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000E7210000C2100000

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last CounterSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance1213000000E6210000A5100000

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last HelpSOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib1213000000E721000087100000

Error: (11/06/2013 11:53:12 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Last CounterSOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib1213000000E62100006A100000

Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt)(User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDS.MFL

Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt)(User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\NL-NL\MSFEEDSBS.MFL

Error: (10/27/2013 02:47:14 PM) (Source: WinMgmt)(User: )
Description: 0x80041002C:\WINDOWS\SYSTEM32\WBEM\IT-IT\MSFEEDS.MFL


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 2033.77 MB
Available physical RAM: 1130.32 MB
Total Pagefile: 6129.77 MB
Available Pagefile: 4998.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.25 MB

==================== Drives ================================

Drive c: (TI30834800A) (Fixed) (Total:285.63 GB) (Free:164 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (CANON_DC) (Removable) (Total:7.5 GB) (Free:4.34 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: EF0C5DB5)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=17)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

GMER Log:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-15 19:18:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.ES2O 298,09GB
Running: fbhlpvv3.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\kwlcrpob.sys


---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                  81E80A15 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                    81EBA212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text          C:\windows\system32\svchost.exe[368] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] ntdll.dll!LdrLoadDll                  77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!GlobalAlloc              764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!CreateFileA              764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!FreeLibrary              764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!WriteFile                765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!ExitProcess              7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!WriteFileEx              7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!WinExec                  7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!closesocket                76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!connect                    76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!getpeername                76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[368] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] ntdll.dll!RtlExitUserThread            77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] ntdll.dll!KiUserExceptionDispatcher    77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] ntdll.dll!LdrLoadDll                    77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!CreateProcessA            764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!ResumeThread              764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!VirtualProtect            764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryExA            764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryExW            764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!GlobalAlloc                764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!GetProcAddress            764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryA              764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!CreateFileA                764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!LoadLibraryW              764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!FreeLibrary                764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!WriteFile                  765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!ExitProcess                7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!CreateProcessInternalA    7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!WriteFileEx                7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!GetThreadContext          76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!WriteProcessMemory        7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!WinExec                    7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!VirtualProtectEx          7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] kernel32.dll!SetThreadContext          765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!closesocket                  76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!WSAStartup                  76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!bind                        76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!accept                      76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!recv                        76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!connect                      76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!send                        76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!getpeername                  76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!listen                      76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\lsass.exe[596] WS2_32.dll!WSASocketA                  76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] ntdll.dll!LdrLoadDll                  77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!GlobalAlloc              764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!CreateFileA              764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!FreeLibrary              764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!WriteFile                765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!ExitProcess              7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!WriteFileEx              7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!WinExec                  7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!closesocket                76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!connect                    76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!getpeername                76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[772] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll                  77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!GlobalAlloc              764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!CreateFileA              764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!FreeLibrary              764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!WriteFile                765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!ExitProcess              7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!WriteFileEx              7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!WinExec                  7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!closesocket                76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!connect                    76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!getpeername                76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[852] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll                  77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!GlobalAlloc              764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!CreateFileA              764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!FreeLibrary              764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!WriteFile                765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!ExitProcess              7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!WriteFileEx              7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!WinExec                  7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!closesocket                76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!connect                    76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!getpeername                76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[924] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll                77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!GlobalAlloc            764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateFileA            764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!FreeLibrary            764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!WriteFile              765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!ExitProcess            7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!WriteFileEx            7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!WinExec                7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!closesocket              76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!connect                  76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!getpeername              76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[1024] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll                77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!GlobalAlloc            764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateFileA            764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!FreeLibrary            764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!WriteFile              765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!ExitProcess            7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!WriteFileEx            7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!WinExec                7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!closesocket              76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!connect                  76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!getpeername              76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1068] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll                77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!GlobalAlloc            764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!CreateFileA            764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!FreeLibrary            764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!WriteFile              765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!ExitProcess            7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!WriteFileEx            7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!WinExec                7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!closesocket              76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!connect                  76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!getpeername              76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1116] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] ntdll.dll!RtlExitUserThread                  77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] ntdll.dll!KiUserExceptionDispatcher          77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] ntdll.dll!LdrLoadDll                        77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!CreateProcessA                  764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!CopyFileExW                    764EB280 7 Bytes  JMP 75A276B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!ResumeThread                    764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!VirtualProtect                  764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryExA                  764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryExW                  764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!MoveFileWithProgressW          764F8DD4 5 Bytes  JMP 75A27550 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!GlobalAlloc                    764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!GetProcAddress                  764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryA                    764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!CreateFileA                    764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!LoadLibraryW                    764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!FreeLibrary                    764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!WriteFile                      765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!ExitProcess                    7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!CreateProcessInternalA          7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!WriteFileEx                    7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!GetThreadContext                76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!WriteProcessMemory              7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!WinExec                        7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!VirtualProtectEx                7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] kernel32.dll!SetThreadContext                765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] ole32.dll!CoCreateInstance                  76139D0B 8 Bytes  JMP 75A27990 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WININET.dll!InternetQueryDataAvailable      75E38E1B 5 Bytes  JMP 75A2E8A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WININET.dll!InternetReadFile                75E3925D 5 Bytes  JMP 75A2E8C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WININET.dll!InternetOpenA                    75E5EC8A 5 Bytes  JMP 75A2E860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WININET.dll!InternetOpenUrlA                75ECD1C7 5 Bytes  JMP 75A2E880 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!closesocket                      76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!WSAStartup                        76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!bind                              76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!accept                            76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!recv                              76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!connect                          76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!send                              76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!getpeername                      76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!listen                            76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\Explorer.EXE[1616] WS2_32.dll!WSASocketA                        76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] ntdll.dll!LdrLoadDll                77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!GlobalAlloc            764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!CreateFileA            764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!FreeLibrary            764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!WriteFile              765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!ExitProcess            7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!WriteFileEx            7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!WinExec                7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!closesocket              76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!connect                  76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!getpeername              76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[1888] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] ntdll.dll!LdrLoadDll                77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!GlobalAlloc            764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!CreateFileA            764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!FreeLibrary            764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!WriteFile              765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!ExitProcess            7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!WriteFileEx            7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!WinExec                7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!closesocket              76BF3918 5 Bytes  JMP 75A2E960 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!WSAStartup                76BF3AB2 7 Bytes  JMP 75A2E900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!bind                      76BF4582 5 Bytes  JMP 75A2E940 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!accept                    76BF68B6 5 Bytes  JMP 75A2E920 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!recv                      76BF6B0E 5 Bytes  JMP 75A2E9E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!connect                  76BF6BDD 5 Bytes  JMP 75A2E980 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!send                      76BF6F01 5 Bytes  JMP 75A2EA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!getpeername              76BF7147 5 Bytes  JMP 75A2E9A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!listen                    76BFB001 5 Bytes  JMP 75A2E9C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[2420] WS2_32.dll!WSASocketA                76BFC82A 5 Bytes  JMP 75A2E8E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] ntdll.dll!LdrLoadDll                77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!GlobalAlloc            764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!CreateFileA            764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!FreeLibrary            764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!WriteFile              765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!ExitProcess            7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!WriteFileEx            7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!WinExec                7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\system32\svchost.exe[3080] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] ntdll.dll!RtlExitUserThread          77A3F608 5 Bytes  JMP 75A2E640 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] ntdll.dll!KiUserExceptionDispatcher  77A57048 5 Bytes  JMP 75A2A2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] ntdll.dll!LdrLoadDll                77A722AE 5 Bytes  JMP 75A2E840 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!CreateProcessA          764B2082 5 Bytes  JMP 75A2E5E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!ResumeThread            764F171F 5 Bytes  JMP 75A2E740 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!VirtualProtect          764F2C15 5 Bytes  JMP 75A2E780 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryExA          764F44AE 5 Bytes  JMP 75A2E6E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryExW          764F50C1 5 Bytes  JMP 75A2E700 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!GlobalAlloc            764FA16D 5 Bytes  JMP 75A2E6A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!GetProcAddress          764FCC84 5 Bytes  JMP 75A2E660 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryA            764FDC55 5 Bytes  JMP 75A2E6C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!CreateFileA            764FEA51 5 Bytes  JMP 75A2E5C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!LoadLibraryW            764FEF32 5 Bytes  JMP 75A2E720 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!FreeLibrary            764FEF57 5 Bytes  JMP 75A2F420 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!WriteFile              765053DE 5 Bytes  JMP 75A2E7E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!ExitProcess            7650BBD2 5 Bytes  JMP 75A2E620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!CreateProcessInternalA  7650C88C 5 Bytes  JMP 75A2E600 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!WriteFileEx            7651551D 5 Bytes  JMP 75A2E800 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!GetThreadContext        76518BC4 5 Bytes  JMP 75A2E680 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!WriteProcessMemory      7651958F 5 Bytes  JMP 75A2E820 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!WinExec                7653ED9E 5 Bytes  JMP 75A2E7C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!VirtualProtectEx        7653FD39 5 Bytes  JMP 75A2E7A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text          C:\windows\System32\svchost.exe[3340] kernel32.dll!SetThreadContext        765408B3 5 Bytes  JMP 75A2E760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                    Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                    Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                  fltmgr.sys

---- EOF - GMER 2.1 ----
Vielen Dank im Voraus!

aharonov 15.11.2013 22:28
Hallo,

das ist ein bekannter Fehlalarm, da sich Sophos und der Windows Defender nicht vertragen. Du solltest den Defender wie folgt deaktivieren.
Deine Logs sehen sauber aus.


Hinweis: Windows Defender deaktivieren

Da du einen anderen Virenscanner benutzt, solltest du den windowseigenen Scanner ausschalten:
  • Gehe in die Systemsteuerung und klicke auf Windows Defender.
  • Klicke Extras > Optionen.
  • Administratoroptionen > Haken entfernen bei Windows Defender verwenden.
  • Bestätige und schliesse alle offenen Fenster.

jakobh 15.11.2013 22:37
Sauber! Ihr seid die Geilsten.

aharonov 15.11.2013 22:56
Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131