| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Firewall ist aussgeschaltetWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
05.01.2010, 19:00
| #1 |
 |  Firewall ist aussgeschaltet Hallo, ich habe ein Problem mit der Firewall nämlich wenn ich mein PC(LAPTOTP) neu starte ist meine Firewall immer deaktiviert und es kommt auch eine Meldung. Mein anderes Antiviren Programm (Bluewin Security) ist aber eingeschaltet. Wieso ist meine Firewall eig aus und wie kann ich es Permanent eingeschaltet haben? |
|
06.01.2010, 11:31
| #2 |
| /// Helfer-Team    | Firewall ist aussgeschaltet Hallo und Herzlich Willkommen!
__________________ - Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe: 1. lade Dir HijackThis 2.0.2 von *von hier* herunter HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen" 2. ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen:: → Klicke unter Start auf Arbeitsplatz. → Klicke im Menü Extras auf Ordneroptionen. → Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen → Geschützte und Systemdateien ausblenden → Haken entfernen → Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen. → Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein. 3. Für XP und Win2000 (ansonsten auslassen) → lade Dir das filelist.zip auf deinen Desktop herunter → entpacke die Zip-Datei auf deinen Desktop → starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen → kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread ** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen! 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 5. Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post: → vor dein log schreibst du:[code] hier kommt dein logfile rein → dahinter:[/code] ** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow |
|
06.01.2010, 12:01
| #3 |
| | Firewall ist aussgeschaltet Schritt 1
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:00:02, on 06.01.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Prevx\prevx.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Users\David\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Windows\PLFSetI.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Bluewin Security\Common\FSM32.EXE C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ANYCOM\Bluetooth-USB\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guildwiki.de/wiki/Hauptseite R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Bluewin Security\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Bluewin Security\NRS\iescript\baselitmus.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bluewin Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bluewin Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie_ctx.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Bluetooth-USB\btsendto_ie.htm O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dynageoviewer.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6A250EB2-C942-40C9-8010-CEC49AE5F15E}: NameServer = 195.186.1.111,195.186.4.111 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bluewin Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bluewin Security\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bluewin Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bluewin Security\ORSP Client\fsorsp.exe O23 - Service: Google Update Service (gupdate1c9f1cd98326900) (gupdate1c9f1cd98326900) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 14913 bytes Geändert von Lachern (06.01.2010 um 12:09 Uhr) |
|
06.01.2010, 12:08
| #4 |
| | Firewall ist aussgeschaltet extras finde ich nicht auf meinem computer ich habe windows vista. |
|
06.01.2010, 19:36
| #5 |
| | Firewall ist aussgeschaltet Schritt 4 Und habe es gefunden mit dem ''computer'' Ordneroptionen. Acer Crystal Eye Webcam 2.0.8 SuYin 30.09.2008 2.95MB 2.0.8 Acer eAudio Management CyberLink Corp. 30.09.2008 2.17MB 3.0.3007 Acer eDataSecurity Management Egis Inc. 17.04.2008 62.7MB 3.0.3060 Acer Empowering Technology Acer Incorporated 17.04.2008 140.7MB 3.0.3006 Acer ePower Management Acer Incorporated 17.04.2008 9.63MB 3.0.3008 Acer eRecovery Management Acer Incorporated 30.09.2008 27.5MB 3.0.3013 Acer eSettings Management Acer Incorporated 30.09.2008 27.4MB 3.0.3007 Acer GameZone Console 2.0.1.1 Oberon Media, Inc. 17.04.2008 38.5MB Acer GridVista 30.09.2008 1.51MB 2.72.317 Acer Mobility Center Plug-In Acer Inc. 17.04.2008 4.13MB 3.0.3000 Acer ScreenSaver Acer Incorporated 30.09.2008 1.12.0506 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 30.09.2008 14.0MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 09.08.2009 10.0.32.18 Adobe Reader 8.1.0 Adobe Systems Incorporated 17.04.2008 87.9MB 8.1.0 Adobe Shockwave Player Adobe Systems, Inc. 11.10.2008 7.27MB 11 Agatha Christie Death on the Nile Oberon Media 30.09.2008 160.8MB Agere Systems HDA Modem Agere Systems 17.04.2008 Alice Greenfingers Oberon Media 30.09.2008 13.3MB ANYCOM Bluetooth Software 6.1.0.4700 ANYCOM Technologies 05.12.2008 38.4MB 6.1.0.4700 Apple Mobile Device Support Apple Inc. 29.01.2009 37.1MB 2.1.2.7 Apple Software Update Apple Inc. 29.01.2009 2.16MB 2.1.1.116 Augentraining 24.12.2008 15.6MB Azada Oberon Media 30.09.2008 61.8MB Backspin Billiards Oberon Media 30.09.2008 9.09MB Big Kahuna Reef Oberon Media 30.09.2008 11.4MB Bricks of Egypt Oberon Media 30.09.2008 6.73MB Broadcom Gigabit Integrated Controller Broadcom Corporation 17.04.2008 1.01MB 11.11.03 Cake Mania Oberon Media 30.09.2008 17.5MB CCleaner Piriform 05.01.2010 2.71MB 2.27 Chicken Invaders 3 Oberon Media 30.09.2008 53.4MB Chuzzle Oberon Media 30.09.2008 10.3MB Corel Paint Shop Pro Photo X2 Corel Corporation 30.08.2009 380.8MB 12.50.0000 Dawn of War - Dark Crusade THQ 03.10.2008 4'268.4MB 1.00.0000 Die Sims™ 3 Electronic Arts 20.12.2009 5'642.8MB 1.8.25 Diner Dash Flo on the Go Oberon Media 30.09.2008 17.2MB Dr.Brain GehirnJogging 27.12.2008 16.8MB EA Download Manager Electronic Arts, Inc. 10.09.2009 7.97MB 5.1.0.4 eSobi v2 esobi Inc. 17.04.2008 17.0MB 2.0.3.000189 Frontlines: Fuel of War THQ 08.10.2009 11'232.1MB 1.0.1 Gehirn Sport 24.12.2008 22.0MB Google Chrome Google Inc. 19.06.2009 59.5MB 3.0.195.27 Google Earth Google 19.08.2009 32.0MB 5.0.11733.9347 Google Earth Plug-in Google 23.09.2009 34.0MB 5.1.3509.4636 Google Toolbar for Internet Explorer Google Inc. 27.11.2009 3.96MB Google Updater Google Inc. 21.03.2009 3.36MB 2.4.1536.6592 GUILD WARS 01.10.2008 3'089.8MB GW Team Builder 1.2.1 Robert Mischke (aka Xanon) 13.03.2009 4.35MB GW-Value GW-Tactics 26.06.2009 8.62MB 1.1.0.000 HijackThis 2.0.2 TrendMicro 27.10.2009 0.39MB 2.0.2 Hotel Gigant 2 Nobilis 02.12.2008 1'997.9MB 1.00 HP Update Hewlett-Packard 27.10.2008 3.76MB 4.000.012.001 Intel(R) PROSet/Wireless WiFi-Software Intel(R) Corporation 09.10.2009 78.4MB 12.02.0000 Intel® Matrix Storage Manager Intel Corporation 30.09.2008 37.3MB Internet Security 27.10.2009 569.5MB Java(TM) 6 Update 13 Sun Microsystems, Inc. 13.02.2009 94.5MB 6.0.130 Jewel Quest Solitaire Oberon Media 30.09.2008 27.0MB JMicron JMB38X Flash Media Controller JMicron Technology Corp. 17.04.2008 2.26MB 1.00.10.04 Kick N Rush Oberon Media 30.09.2008 43.3MB Launch Manager 30.09.2008 2.66MB LOST PLANET COLONIES CAPCOM CO.,LTD. 05.06.2009 3'993.3MB 1.00.129 Mahjong Escape Ancient China Oberon Media 30.09.2008 13.6MB Mahjongg Artifacts Oberon Media 30.09.2008 15.9MB Malwarebytes' Anti-Malware Malwarebytes Corporation 19.10.2009 3.99MB Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 13.08.2009 37.0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.08.2009 37.0MB Microsoft Age of Empires Gold 03.10.2008 214.6MB Microsoft Games for Windows - LIVE Microsoft Corporation 15.12.2009 8.31MB 3.2.217.0 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 20.11.2009 32.3MB 3.1.99.0 Microsoft IntelliPoint 6.2 Microsoft 01.10.2008 16.8MB 6.20.182.0 Microsoft Office Home and Student 2007 Microsoft Corporation 09.08.2009 298.1MB 12.0.6425.1000 Microsoft Office Live Add-in 1.4 Microsoft Corporation 09.10.2009 0.49MB 2.0.3008.0 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 16.10.2009 41.3MB 12.0.6425.1000 Microsoft Rise Of Nations Microsoft 22.11.2008 1'534.5MB Microsoft Silverlight Microsoft Corporation 09.09.2009 3.14MB 3.0.40818.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.01.2009 1.74MB 3.1.0000 Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 18.04.2009 0.61MB 1.0.1215.0 Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 18.04.2009 1.45MB 1.0.1215.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 11.08.2009 0.25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.04.2008 0.41MB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 04.01.2010 0.19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.01.2010 0.58MB 9.0.30729 Microsoft Works Microsoft Corporation 11.12.2009 282.6MB 08.05.0822 Microsoft WSE 3.0 Runtime Microsoft Corp. 05.06.2009 0.92MB 3.0.5305.0 Move Networks Media Player for Internet Explorer 12.08.2009 1.09MB MSXML 4.0 SP2 (KB936181) Microsoft Corporation 01.10.2008 1.27MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 01.10.2008 1.27MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1.28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1.35MB 4.20.9876.0 MSXML4 Parser Microsoft Game Studios 22.11.2008 76.00KB 1.0.0 Mumble and Murmur Mumble 15.07.2009 28.7MB 1.1.8 Mystery Case Files - Huntsville Oberon Media 30.09.2008 24.4MB Mystery Solitaire - Secret Island Oberon Media 30.09.2008 19.9MB NTI Backup Now 5 NewTech Infosystems 17.04.2008 28.6MB 5.1.2.503 NTI Media Maker 8 NewTech Infosystems 17.04.2008 181.5MB 8.0.2.6322 NVIDIA Drivers NVIDIA Corporation 13.03.2009 NVIDIA PhysX v8.09.04 NVIDIA Corporation 13.03.2009 130.4MB 8.09.04 Orion Convesoft 17.04.2008 12.2MB 2.0.1 paw·ned² v1.2 JN-GAMES Software 26.06.2009 11.1MB Picasa 3 Google, Inc. 05.07.2009 53.7MB 3.1 PowerDirector CyberLink Corp. 17.04.2008 4.00KB 6.5.2713 Prevx Prevx 17.12.2009 5.94MB 3.0.5.40 PunkBuster Services Even Balance, Inc. 08.10.2009 0.986 QuickTime Apple Inc. 29.01.2009 74.4MB 7.60.92.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17.04.2008 21.5MB 6.0.1.5612 Rise and Fall Midway Games 01.10.2008 2'489.4MB 1.00.0000 Rise Of Legends Microsoft Game Studios 30.09.2008 2'447.1MB 1.00.0000 Rise of Nations Thrones and Patriots 22.11.2008 1'534.5MB Roblox for David ROBLOX Corporation 14.04.2009 27.0MB RollerCoaster Tycoon 3 03.04.2009 726.7MB 1.00.000 SAMSUNG Mobile USB Modem 1.0 Software 12.11.2008 Samsung PC Studio 3 USB Driver Installer Samsung Electronics Co., Ltd. 12.11.2008 1.72MB 1.00.0000 SecondLife (remove only) 14.09.2009 82.5MB SimCity 4 Deluxe 15.04.2009 1'194.8MB Skype™ 4.0 Skype Technologies S.A. 19.06.2009 32.6MB 4.0.227 Stronghold 2 Deluxe Firefly Studios 04.06.2009 979.7MB 1.40.100 Synaptics Pointing Device Driver Synaptics 17.04.2008 14.0MB 10.2.4.0 TeamSpeak 2 RC2 Dominating Bytes Design 14.02.2009 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 02.01.2010 24.8MB Turbo Pizza Oberon Media 30.09.2008 175.4MB Ventrilo Client Flagship Industries, Inc. 31.05.2009 4.43MB 3.0.5 War Rock GamersFirst 16.10.2009 1'827.6MB 1.00.0000 Windows Live Essentials Microsoft Corporation 01.10.2009 144.2MB 14.0.8089.0726 Windows Live Favorites für Windows Live Toolbar Microsoft Corporation 01.10.2008 1.80MB 03.01.0146 Windows Live ID-Anmelde-Assistent Microsoft Corporation 09.10.2009 4.69MB 6.500.3146.0 Windows Live Sync Microsoft Corporation 01.10.2009 2.79MB 14.0.8089.726 Windows Live-Uploadtool Microsoft Corporation 07.01.2009 0.22MB 14.0.8014.1029 WinZip 12.1 WinZip Computing, S.L. 25.09.2009 15.9MB 12.1.8519 Yahoo! Install Manager 15.06.2009 27.0MB Yahoo! Toolbar 30.09.2008 2.65MB Yahoo! Widgets Yahoo! Inc. 15.06.2009 23.3MB 4.5.2.0 Zattoo 3.3.4 Beta Zattoo Inc. 23.06.2009 17.9MB 3.3.4 Beta Zuma Deluxe Oberon Media 30.09.2008 11.2MB |
|
06.01.2010, 20:36
| #6 |
| | Firewall ist aussgeschaltet ich weiss gerade nicht was passiert ist GMER war fertig ich klickte auf save und dann auf ok weil ich dachte wenns gespeichert ist ist es besser. Danach wollte ich ins internet explorer rein aber es ging nicht ich versuche also meine dateien wieder rückgängig machen also nicht mehr öffentlich.Daraufhin wollte ich durch google chrom rein und mein computer stürzte ab als es wieder heraufstarte kamm das: Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 2055
Zusatzinformationen zum Problem:
BCCode: f4
BCP1: 00000003
BCP2: 89FFD5C8
BCP3: 89FFD714
BCP4: 82A5E650
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini010610-01.dmp
C:\Users\David\AppData\Local\temp\WER-58703-0.sysdata.xml
C:\Users\David\AppData\Local\temp\WERFC67.tmp.version.txt
Lesen Sie unsere Datenschutzrichtlinie:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0407
|
|
06.01.2010, 20:38
| #7 |
| | Firewall ist aussgeschaltet und das ist der Log von gmer: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 20:27:25
Windows 6.0.6002 Service Pack 2
Running: download[1].exe; Driver: C:\Users\David\AppData\Local\Temp\pwrcapod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x90FCC1CC]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwCreateThread [0x90F65E8C]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwLoadDriver [0x90F661BC]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x90F65BCC]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x90FCC51A]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwOpenSection [0x90F665EE]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x90FCC3F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x90FCC292]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwRenameKey [0x90F6788C]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x90FCC18E]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x90F6643E]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwSuspendProcess [0x90F65A4C]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwSuspendThread [0x90F65EC0]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x90F66042]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwTerminateProcess [0x90F659A6]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwTerminateThread [0x90F65B06]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x90F65F86]
SSDT \??\C:\Program Files\Bluewin Security\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x90F65EA6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 191 828E48D4 4 Bytes [CC, C1, FC, 90] {INT 3 ; SAR ESP, 0x90}
.text ntkrnlpa.exe!KeSetEvent + 221 828E4964 4 Bytes [8C, 5E, F6, 90] {MOV WORD [ESI-0xa], DS; NOP }
.text ntkrnlpa.exe!KeSetEvent + 37D 828E4AC0 4 Bytes [BC, 61, F6, 90]
.text ntkrnlpa.exe!KeSetEvent + 3AD 828E4AF0 4 Bytes [CC, 5B, F6, 90]
.text ntkrnlpa.exe!KeSetEvent + 3F1 828E4B34 4 Bytes [1A, C5, FC, 90] {SBB AL, CH; CLD ; NOP }
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EC04340, 0x3EB4E7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 001B000C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 001B100C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 001B200C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 001B300C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 001B400C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 001B800C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 001B600C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 001B900C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 001B700C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 001B500C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 001BB00C
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[124] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 001BA00C
.text C:\Windows\system32\wininit.exe[688] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0023000C
.text C:\Windows\system32\wininit.exe[688] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0023100C
.text C:\Windows\system32\wininit.exe[688] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0023200C
.text C:\Windows\system32\wininit.exe[688] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0023300C
.text C:\Windows\system32\wininit.exe[688] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0023400C
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0023800C
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0023600C
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0023900C
.text C:\Windows\system32\wininit.exe[688] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0023700C
.text C:\Windows\system32\wininit.exe[688] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0023500C
.text C:\Windows\system32\wininit.exe[688] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0023A00C
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0019000C
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0019100C
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0019200C
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0019300C
.text C:\Windows\system32\lsass.exe[744] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0019400C
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0019800C
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0019600C
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0019900C
.text C:\Windows\system32\lsass.exe[744] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0019700C
.text C:\Windows\system32\lsass.exe[744] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0019500C
.text C:\Windows\system32\lsass.exe[744] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0019B00C
.text C:\Windows\system32\lsass.exe[744] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0019A00C
.text C:\Windows\system32\lsm.exe[752] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 000D000C
.text C:\Windows\system32\lsm.exe[752] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 000D100C
.text C:\Windows\system32\lsm.exe[752] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 000D200C
.text C:\Windows\system32\lsm.exe[752] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 000D300C
.text C:\Windows\system32\lsm.exe[752] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 000D400C
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 000D800C
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 000D600C
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 000D900C
.text C:\Windows\system32\lsm.exe[752] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 000D700C
.text C:\Windows\system32\lsm.exe[752] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 000D500C
.text C:\Windows\system32\lsm.exe[752] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 000DA00C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 011A000C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 011A100C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 011A200C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 011A300C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 011A400C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 011A800C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 011A600C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 011A900C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 011A700C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 011A500C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 011AB00C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[920] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 011AA00C
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 002A000C
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 002A100C
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 002A200C
.text C:\Windows\system32\nvvsvc.exe[988] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 003E000C
.text C:\Windows\system32\nvvsvc.exe[988] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 003E100C
.text C:\Windows\system32\nvvsvc.exe[988] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 003E200C
.text C:\Windows\system32\nvvsvc.exe[988] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 003E300C
.text C:\Windows\system32\nvvsvc.exe[988] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 003E400C
.text C:\Windows\system32\nvvsvc.exe[988] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 003E500C
.text C:\Windows\system32\nvvsvc.exe[988] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 003EB00C
.text C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 003E800C
.text C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 003E600C
.text C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 003E900C
.text C:\Windows\system32\nvvsvc.exe[988] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 003E700C
.text C:\Windows\system32\nvvsvc.exe[988] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 003EA00C
.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0027000C
.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0027100C
.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0027200C
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 013B000C
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 013B100C
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 013B200C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0043000C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0043100C
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0043200C
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00DB000C
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 00DB100C
.text C:\Windows\System32\svchost.exe[1136] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 00DB200C
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 012D000C
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 012D100C
.text C:\Windows\system32\svchost.exe[1152] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 012D200C
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0042000C
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0042100C
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0042200C
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0021000C
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0021100C
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0021200C
.text C:\Windows\system32\winlogon.exe[1404] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0086000C
.text C:\Windows\system32\winlogon.exe[1404] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0086100C
.text C:\Windows\system32\winlogon.exe[1404] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0086200C
.text C:\Windows\system32\winlogon.exe[1404] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0086300C
.text C:\Windows\system32\winlogon.exe[1404] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0086400C
.text C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0086800C
.text C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0086600C
.text C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0086900C
.text C:\Windows\system32\winlogon.exe[1404] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0086700C
.text C:\Windows\system32\winlogon.exe[1404] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0086500C
.text C:\Windows\system32\winlogon.exe[1404] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0086B00C
.text C:\Windows\system32\winlogon.exe[1404] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0086A00C
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00FE000C
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 00FE100C
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 00FE200C
.text C:\Windows\system32\WLANExt.exe[1600] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0190000C
.text C:\Windows\system32\WLANExt.exe[1600] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0190100C
.text C:\Windows\system32\WLANExt.exe[1600] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0190200C
.text C:\Windows\system32\WLANExt.exe[1600] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0190300C
.text C:\Windows\system32\WLANExt.exe[1600] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0190400C
.text C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0190800C
.text C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0190600C
.text C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0190900C
.text C:\Windows\system32\WLANExt.exe[1600] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0190700C
.text C:\Windows\system32\WLANExt.exe[1600] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0190500C
.text C:\Windows\system32\WLANExt.exe[1600] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0190B00C
.text C:\Windows\system32\WLANExt.exe[1600] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0190A00C
.text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 003F000C
.text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 003F100C
.text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 003F200C
.text C:\Windows\system32\Dwm.exe[1816] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0013000C
.text C:\Windows\system32\Dwm.exe[1816] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0013100C
.text C:\Windows\system32\Dwm.exe[1816] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0013200C
.text C:\Windows\system32\Dwm.exe[1816] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0013300C
.text C:\Windows\system32\Dwm.exe[1816] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0013400C
.text C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0013800C
.text C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0013600C
.text C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0013900C
.text C:\Windows\system32\Dwm.exe[1816] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0013700C
.text C:\Windows\system32\Dwm.exe[1816] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0013500C
.text C:\Windows\system32\Dwm.exe[1816] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0013B00C
.text C:\Windows\system32\Dwm.exe[1816] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0013A00C
.text C:\Windows\system32\agrsmsvc.exe[1924] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 000B000C
.text C:\Windows\system32\agrsmsvc.exe[1924] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 000B100C
.text C:\Windows\system32\agrsmsvc.exe[1924] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 000B200C
.text C:\Windows\system32\agrsmsvc.exe[1924] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 000B300C
.text C:\Windows\system32\agrsmsvc.exe[1924] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 000B400C
.text C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 000B800C
.text C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 000B600C
.text C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 000B900C
.text C:\Windows\system32\agrsmsvc.exe[1924] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 000B700C
.text C:\Windows\system32\agrsmsvc.exe[1924] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 000B500C
.text C:\Windows\system32\agrsmsvc.exe[1924] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 000BB00C
.text C:\Windows\system32\agrsmsvc.exe[1924] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 000BA00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0017000C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0017100C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0017200C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0017300C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0017400C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0017800C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0017600C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0017900C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0017700C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0017500C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0017B00C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0017A00C
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0021000C
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0021100C
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0021200C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0036000C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0036100C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0036200C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0036300C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0036400C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0036800C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0036600C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0036900C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0036700C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0036500C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0036B00C
.text C:\Program Files\ANYCOM\Bluetooth-USB\bin\btwdins.exe[1976] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0036A00C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 007B000C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 007B100C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 007B200C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 007B300C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 007B400C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 007B800C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 007B600C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 007B900C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 007B700C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 007B500C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 007BB00C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1996] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 007BA00C
.text C:\Program Files\Prevx\prevx.exe[2024] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00E1000C
.text C:\Program Files\Prevx\prevx.exe[2024] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 00E1100C
.text C:\Program Files\Prevx\prevx.exe[2024] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 00E1200C
.text C:\Program Files\Prevx\prevx.exe[2024] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 00E1300C
.text C:\Program Files\Prevx\prevx.exe[2024] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 00E1400C
.text C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 00E1800C
.text C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 00E1600C
.text C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 00E1900C
.text C:\Program Files\Prevx\prevx.exe[2024] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 00E1700C
.text C:\Program Files\Prevx\prevx.exe[2024] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 00E1500C
.text C:\Program Files\Prevx\prevx.exe[2024] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 00E1B00C
.text C:\Program Files\Prevx\prevx.exe[2024] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 00E1A00C
.text C:\Windows\system32\rundll32.exe[2272] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0014000C
.text C:\Windows\system32\rundll32.exe[2272] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0014100C
.text C:\Windows\system32\rundll32.exe[2272] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0014200C
.text C:\Windows\system32\rundll32.exe[2272] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0014300C
.text C:\Windows\system32\rundll32.exe[2272] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0014400C
.text C:\Windows\system32\rundll32.exe[2272] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0014500C
.text C:\Windows\system32\rundll32.exe[2272] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0014B00C
.text C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0014800C
.text C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0014600C
.text C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0014900C
.text C:\Windows\system32\rundll32.exe[2272] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0014700C
.text C:\Windows\system32\rundll32.exe[2272] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0014A00C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 003B000C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 003B100C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 003B200C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 003B300C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 003B400C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 003B500C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 003BB00C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 003B800C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 003B600C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 003B900C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 003B700C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2396] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 003BA00C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00B9000C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 00B9100C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 00B9200C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 00B9300C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 00B9400C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 00B9500C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 00B9A00C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 00B9800C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 00B9600C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 00B9900C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2512] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 00B9700C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0092000C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0092100C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0092200C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0092300C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0092400C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0092A00C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0092500C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] USER32.dll!DdeConnect
|
|
06.01.2010, 20:38
| #8 |
| | Firewall ist aussgeschaltet es gibt 2 teile da eines auf einmal zu lang wäre Code:
ATTFilter 76339A1F 5 Bytes JMP 0092B00C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0092800C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0092600C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0092900C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2604] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0092700C
.text C:\Windows\ehome\ehmsas.exe[2640] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0006000C
.text C:\Windows\ehome\ehmsas.exe[2640] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0006100C
.text C:\Windows\ehome\ehmsas.exe[2640] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0006200C
.text C:\Windows\ehome\ehmsas.exe[2640] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0006300C
.text C:\Windows\ehome\ehmsas.exe[2640] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0006400C
.text C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0006800C
.text C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0006600C
.text C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0006900C
.text C:\Windows\ehome\ehmsas.exe[2640] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0006700C
.text C:\Windows\ehome\ehmsas.exe[2640] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0006500C
.text C:\Windows\ehome\ehmsas.exe[2640] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0006B00C
.text C:\Windows\ehome\ehmsas.exe[2640] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0006A00C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 01DD000C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 01DD100C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 01DD200C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 01DD300C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 01DD400C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 01DD800C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 01DD600C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 01DD900C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 01DD700C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 01DD500C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 01DDB00C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2812] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 01DDA00C
.text C:\Windows\Explorer.EXE[2928] ntdll.dll!NtWriteFile 77635644 5 Bytes JMP 6B835C30 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Windows\Explorer.EXE[2928] kernel32.dll!LoadLibraryExW + 5 75EF910E 1 Byte [E1]
.text C:\Windows\Explorer.EXE[2928] kernel32.dll!CreateThread 75F1C90E 5 Bytes JMP 6B8352E0 C:\Windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0030800C
.text C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0030600C
.text C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0030900C
.text C:\Windows\Explorer.EXE[2928] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0030700C
.text C:\Windows\Explorer.EXE[2928] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0030500C
.text C:\Windows\Explorer.EXE[2928] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0030B00C
.text C:\Windows\Explorer.EXE[2928] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 768EB364 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Windows\Explorer.EXE[2928] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0030A00C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 008C000C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 008C100C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 008C200C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 008C300C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 008C400C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 008C500C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 008CB00C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 008C800C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 008C600C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 008C900C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 008C700C
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2968] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 008CA00C
.text C:\Windows\system32\PnkBstrA.exe[3080] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0028000C
.text C:\Windows\system32\PnkBstrA.exe[3080] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0028100C
.text C:\Windows\system32\PnkBstrA.exe[3080] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0028200C
.text C:\Windows\system32\PnkBstrA.exe[3080] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0028300C
.text C:\Windows\system32\PnkBstrA.exe[3080] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0028400C
.text C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0028800C
.text C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0028600C
.text C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0028900C
.text C:\Windows\system32\PnkBstrA.exe[3080] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0028700C
.text C:\Windows\system32\PnkBstrA.exe[3080] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0028500C
.text C:\Windows\system32\PnkBstrA.exe[3080] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0028B00C
.text C:\Windows\system32\PnkBstrA.exe[3080] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0028A00C
.text C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 002C000C
.text C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 002C100C
.text C:\Windows\system32\svchost.exe[3120] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 002C200C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0016000C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0016100C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0016200C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0016300C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0016400C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0016800C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0016600C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0016900C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0016700C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0016500C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0016B00C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3140] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0016A00C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0092000C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0092100C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0092200C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0092300C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0092400C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0092800C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0092600C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0092900C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0092700C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0092500C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0092B00C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3160] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0092A00C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 00C5000C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 00C5100C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 00C5200C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 00C5300C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 00C5400C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 00C5800C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 00C5600C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 00C5900C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 00C5700C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 00C5500C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 00C5B00C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3196] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 00C5A00C
.text C:\Windows\system32\svchost.exe[3252] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0043000C
.text C:\Windows\system32\svchost.exe[3252] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0043100C
.text C:\Windows\system32\svchost.exe[3252] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0043200C
.text C:\Windows\System32\svchost.exe[3300] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0016000C
.text C:\Windows\System32\svchost.exe[3300] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0016100C
.text C:\Windows\System32\svchost.exe[3300] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0016200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 009E000C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 009E100C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 009E200C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 009E300C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 009E400C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 009E800C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 009E600C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 009E900C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 009E700C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 009EA00C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 009E500C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3344] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 009EB00C
.text C:\Windows\system32\SearchIndexer.exe[3412] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0559000C
.text C:\Windows\system32\SearchIndexer.exe[3412] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0559100C
.text C:\Windows\system32\SearchIndexer.exe[3412] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0559200C
.text C:\Windows\system32\SearchIndexer.exe[3412] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0559300C
.text C:\Windows\system32\SearchIndexer.exe[3412] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0559400C
.text C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0559800C
.text C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0559600C
.text C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0559900C
.text C:\Windows\system32\SearchIndexer.exe[3412] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0559700C
.text C:\Windows\system32\SearchIndexer.exe[3412] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0559500C
.text C:\Windows\system32\SearchIndexer.exe[3412] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0559B00C
.text C:\Windows\system32\SearchIndexer.exe[3412] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0559A00C
.text C:\Windows\system32\taskeng.exe[3488] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0016000C
.text C:\Windows\system32\taskeng.exe[3488] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0016100C
.text C:\Windows\system32\taskeng.exe[3488] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0016200C
.text C:\Windows\system32\taskeng.exe[3488] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0016300C
.text C:\Windows\system32\taskeng.exe[3488] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0016400C
.text C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0016800C
.text C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0016600C
.text C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0016900C
.text C:\Windows\system32\taskeng.exe[3488] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0016700C
.text C:\Windows\system32\taskeng.exe[3488] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0016500C
.text C:\Windows\system32\taskeng.exe[3488] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0016B00C
.text C:\Windows\system32\taskeng.exe[3488] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0016A00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 006E000C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 006E100C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 006E200C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 006E300C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 006E400C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 006E800C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 006E600C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 006E900C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 006E700C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 006E500C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 006EB00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3916] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 006EA00C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 002C000C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 002C100C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 002C200C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 002C300C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 002C400C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 002C800C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 002C600C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 002C900C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 002C700C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 002CA00C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 002C500C
.text C:\Windows\system32\wbem\unsecapp.exe[3940] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 002CB00C
.text C:\Windows\system32\taskeng.exe[4220] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0016000C
.text C:\Windows\system32\taskeng.exe[4220] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0016100C
.text C:\Windows\system32\taskeng.exe[4220] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0016200C
.text C:\Windows\system32\taskeng.exe[4220] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0016300C
.text C:\Windows\system32\taskeng.exe[4220] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0016400C
.text C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0016800C
.text C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0016600C
.text C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0016900C
.text C:\Windows\system32\taskeng.exe[4220] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0016700C
.text C:\Windows\system32\taskeng.exe[4220] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0016500C
.text C:\Windows\system32\taskeng.exe[4220] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0016B00C
.text C:\Windows\system32\taskeng.exe[4220] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0016A00C
.text C:\Windows\system32\taskeng.exe[4276] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0009000C
.text C:\Windows\system32\taskeng.exe[4276] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0009100C
.text C:\Windows\system32\taskeng.exe[4276] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0009200C
.text C:\Windows\system32\taskeng.exe[4276] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0009300C
.text C:\Windows\system32\taskeng.exe[4276] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0009400C
.text C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0009800C
.text C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0009600C
.text C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0009900C
.text C:\Windows\system32\taskeng.exe[4276] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0009700C
.text C:\Windows\system32\taskeng.exe[4276] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0009500C
.text C:\Windows\system32\taskeng.exe[4276] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0009B00C
.text C:\Windows\system32\taskeng.exe[4276] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0009A00C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0006000C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0006100C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0006200C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0006300C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0006400C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0006800C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0006600C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0006900C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0006700C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0006A00C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0006500C
.text C:\Windows\system32\wbem\unsecapp.exe[4896] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0006B00C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 009A000C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 009A100C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 009A200C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 009A300C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 009A400C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 009A800C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 009A600C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 009A900C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 009A700C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 009A500C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 009AB00C
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[5100] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 009AA00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0023000C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0023100C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0023200C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0023300C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0023400C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0023500C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0023A00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0023800C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0023600C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0023900C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5648] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0023700C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0016000C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0016100C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0016200C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0016300C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0016400C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0016500C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0016A00C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0016800C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0016600C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0016900C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0016700C
.text C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO2J6REX\download[1].exe[8512] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0016B00C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ntdll.dll!NtCreateProcess 77634494 5 Bytes JMP 0028000C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ntdll.dll!NtCreateProcessEx 776344A4 5 Bytes JMP 0028100C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ntdll.dll!NtCreateUserProcess 77635804 5 Bytes JMP 0028200C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] kernel32.dll!LoadLibraryExW 75EF9109 5 Bytes JMP 0028300C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] kernel32.dll!TerminateThread 75F141F7 5 Bytes JMP 0028400C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 0028500C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] USER32.dll!DdeConnect 76339A1F 5 Bytes JMP 0028B00C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!CloseServiceHandle 765F82A5 5 Bytes JMP 0028800C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!OpenServiceW 765F8354 5 Bytes JMP 0028600C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!CreateServiceW 76619EB4 5 Bytes JMP 0028900C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ADVAPI32.dll!ControlService 76619FB8 5 Bytes JMP 0028700C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[11056] ole32.dll!CoCreateInstanceEx 761F9EE9 5 Bytes JMP 0028A00C
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73A8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73ABCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[2928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\system32\taskeng.exe[3488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001638396a55
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001638396a55@0015b97e0e12 0x9A 0x95 0xE5 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001638396a55 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001638396a55@0015b97e0e12 0x9A 0x95 0xE5 0x36 ...
---- EOF - GMER 1.0.15 ----
|
|
07.01.2010, 16:56
| #9 | |
| /// Helfer-Team | Firewall ist aussgeschaltetZitat:
|
|
07.01.2010, 17:38
| #10 | |
| | Firewall ist aussgeschaltetZitat:
|
|
08.01.2010, 19:30
| #11 |
| | Firewall ist aussgeschaltet und was nu? |
|
09.01.2010, 12:16
| #12 |
| /// Helfer-Team | Firewall ist aussgeschaltet 1 Firewall reicht schon aus, zwar hast v F-secure aktiviert oder?! also die Windows eigene FW soll deaktiviert bleiben, sonst dein System krascht Wichtig: Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! |
|
09.01.2010, 18:33
| #13 | |
| | Firewall ist aussgeschaltetZitat:
Meinst du die von meinem Bluewin Security(Anti Viren Software)? Und wieso ist mein compuer nach dem scan abgestürzt? |
|
10.01.2010, 10:09
| #14 | |
| /// Helfer-Team | Firewall ist aussgeschaltetZitat:
aber die Windows eigene Firewall soll deaktiviert bleiben! Windows Defender kannst abschalten oder mit HJT fixen Empfehlungen/Vorschläge: 1. ► BHO`s & Toolbars (im Logfile HijackThis 02 u. 03 aufgelistet): Immer mehr Programme bringen eine Toolbar mit.(wie z.B. Google, Yaho,Messenger, Winamp, Adobe Reader usw). Manche Zustimmung der User installiert, manche wieder ohne Wissen des Benutzers  Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...Man kann sie deinstallieren oder mit HJT fixen: alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter Yahoo! Toolbar
Google Toolbar
Wie lange dauert die Startvorgang? - Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben - Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen. "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK" it-academy.cc pqtuning.de Laden von Programmen beim Start von Windows Vista verhindern - Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart... - Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten` (Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.) - Falls Du mal brauchst, kannst manuell auch starten - Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*): Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
Gleich ein paar Vorschläge: Code:
ATTFilter O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
- (Nvidia "Erweiterungen" für die Anzeige/Einstellungen zuständig, kannst damit die Erweiterungbibliothek für Anzeigeeigenschaften des Nvidiagrafiktreibers
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
- Nvidia Erweiterungen, in den Einstellungen für die Anzeige ("Rechtsklick auf den Desktop-> Eigenschaften-> Einstellungen-> Erweitert->Grafikkarte")
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
- Überflüssige Dienste belasten nur den Prozessor und Arbeitsspeicher, daher solltest Du abschalten: Code:
ATTFilter O23 - Service: Google Update Service (gupdate1c9f1cd98326900) (gupdate1c9f1cd98326900) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
mit der rechten Maustaste auf den Dienstnamen klicken→ wähle `Eigenschaften`→ `Starttyp`→ Manuell, damit wird der Dienst ruhiggestellt. Den Dienst erst dann nur starten, wenn ein Programm ihn benötigt. Geändert von kira (10.01.2010 um 10:42 Uhr) |
|
| Themen zu Firewall ist aussgeschaltet |
| anderes, antiviren, deaktiviert, firewall, neu, permanent, problem, programm, security, starte |
Firewall ist aussgeschaltet
Linear-Darstellung
