Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden

Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden


Plagegeister aller Art und deren Bekämpfung: Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.03.2012, 20:53   #1
rivkah
 
Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden - Standard

Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden


Hallo,
ich habe mir diverse Trojaner eingefangen. Meine Online- Bank hat mich darauf gebracht, da ließ sich die Startseite nicht mehr vollständig laden und nach dem Login kam nicht meine Kontoseite sondern nur eine weiße. Ich hab mich mit diversen Scannern mal auf die Suche gemacht und auch einige Trojaner gefunden, die hab ich schon gelöscht-Neustart-neuer Scan:sauber-manuelle Suche:sauber. Ich hatte allerdings weiter Probleme mit der Online-Bank Seite; Firefox ist extrem langsam, hängt sich oft auf.Wenn ich dann beende und versuche neu zu starten kommt immer die Meldung, dass das Programm gerade noch verwendet wird. Desweiteren funktioniert mein Drucker nicht mehr und wenn ich auf den Windows User Ordner klicke, poppt ein Installationsfenster auf und versucht etwas zu installieren.
Ich habe jetzt noch einen EsetScan gemacht, der hat folgendes entdeckt:

C:\Users\Rebekka\AppData\Roaming\Sun\{6C7F4AFA-6826-4E93-BEA6-C57F44B93611}\UpgradeHelper.exe a variant of Win32/Kryptik.ACPZ trojan
Operating memory a variant of Win32/Gataka.A trojan

Damit bin ich überfordert. Bitte um Hilfe.Vielen Dank im Voraus.


Defogger: Da kam finished, aber kein OK, nur das Anfangsfenster mit Disable/Reenable-das ist jetzt noch offen. Warnmeldung kam keine.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:41 on 16/03/2012 (Rebekka)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_24
Run by Rebekka at 16:26:04 on 2012-03-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2012.951 [GMT 1:00]
.
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Program Files\Rising\RAV\RavMonD.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\System Control Manager\MSIService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\RSD\popwndexe.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\java\jre6\bin\java.exe
C:\Users\Rebekka\Desktop\Defogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://global.nytimes.com/?iht
uDefault_Page_URL = hxxp://www.msi.com.tw
mDefault_Page_URL = hxxp://www.msi.com.tw
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LicenseValidator] c:\users\rebekka\appdata\roaming\identities\{b567fb2c-f497-48b6-a9fc-8646e2e5b9b0}\LicenseValidator.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [Skytel] Skytel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RavTRAY] "c:\program files\rising\rav\RSTRAY.EXE" -system
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5FC69EB0-6B5A-4BB6-9711-93CAA4F8145A} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rebekka\appdata\roaming\mozilla\firefox\profiles\gsyu7wrg.default\
FF - prefs.js: browser.startup.homepage - hxxp://global.nytimes.com/?iht
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [2011-4-29 173336]
R1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [2011-4-29 23576]
R1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2011-4-29 31896]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090625.001\IDSvix86.sys [2009-6-30 272432]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-9-17 159744]
R2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2011-6-2 17336]
R2 RsMgrSvc;Rsd Service;c:\program files\rising\rsd\RsMgrSvc.exe [2011-4-29 150168]
R2 RsRavMon;Rav Service;c:\program files\rising\rav\RavMonD.exe [2011-4-29 264448]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-17 54784]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-9-17 380416]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-9-17 3658752]
S3 PKWCap;PKWCap service;c:\windows\system32\drivers\PKWCap.sys [2008-9-17 995328]
.
=============== Created Last 30 ================
.
2012-03-16 14:17:17 -------- d-----w- c:\users\rebekka\appdata\roaming\f-secure
2012-03-16 14:16:43 -------- d-----w- c:\programdata\F-Secure
2012-03-16 11:37:56 -------- d-----w- c:\program files\ESET
2012-03-16 09:13:04 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f71e041a-d4f5-4f89-8740-33195d11637b}\mpengine.dll
2012-03-15 12:17:33 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-14 22:54:13 -------- d-----w- c:\windows\pss
2012-03-14 22:08:14 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-03-14 22:08:14 598528 ----a-w- c:\windows\system32\ztv7z.dll
2012-03-14 22:08:13 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-03-14 22:08:13 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-03-14 22:08:13 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-03-14 22:08:13 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-03-14 22:08:13 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-03-14 22:08:08 -------- d-----w- c:\users\rebekka\appdata\roaming\Simply Super Software
2012-03-14 22:08:08 -------- d-----w- c:\programdata\Simply Super Software
2012-03-14 22:08:08 -------- d-----w- c:\program files\Trojan Remover
2012-03-14 15:26:29 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:26:14 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 15:26:14 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-07 21:16:59 -------- d-----w- c:\users\rebekka\appdata\roaming\Google Inc
2012-03-03 18:32:15 -------- d-----w- c:\users\rebekka\appdata\roaming\TeamViewer
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-24 23:17:15 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2009-08-20 08:43:42 9819136 ----a-w- c:\program files\openofficeorg31.msi
2009-03-26 10:36:32 451928 ----a-w- c:\program files\setup.exe
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
.
============= FINISH: 16:29:06,63 ===============


Gmer:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-16 19:51:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2250BH_G2 rev.00000009
Running: bhllslvu.exe; Driver: C:\Users\Rebekka\AppData\Local\Temp\uxdiqfog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwAlpcSendWaitReceivePort [0x8D3599F7]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwAssignProcessToJobObject [0x8D359952]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateKey [0x8D359AFF]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateMutant [0x8D3599D6]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateSection [0x8D359D30]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateSymbolicLinkObject [0x8D359ADE]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateThread [0x8D359763]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDebugActiveProcess [0x8D3598CE]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDeleteKey [0x8D359B41]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDeleteValueKey [0x8D359B20]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDeviceIoControlFile [0x8D359973]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwDuplicateObject [0x8D359A9C]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwLoadDriver [0x8D359721]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwLockVirtualMemory [0x8D35988C]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwOpenKey [0x8D359BC5]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwOpenProcess [0x8D359A39]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwOpenSection [0x8D3597A5]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwProtectVirtualMemory [0x8D35986B]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQueryDirectoryFile [0x8D3599B5]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQuerySystemInformation [0x8D359A7B]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQueryValueKey [0x8D359931]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwQueueApcThread [0x8D35984A]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwRenameKey [0x8D359B62]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwRequestWaitReplyPort [0x8D359910]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwRestoreKey [0x8D359BA4]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetContextThread [0x8D359808]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetInformationProcess [0x8D359A5A]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetSecurityObject [0x8D359B83]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetSystemInformation [0x8D3598AD]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetSystemTime [0x8D359994]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSuspendProcess [0x8D359829]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSuspendThread [0x8D3597E7]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSystemDebugControl [0x8D3598EF]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwTerminateProcess [0x8D359700]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwTerminateThread [0x8D3597C6]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwUnmapViewOfSection [0x8D359A18]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwWriteVirtualMemory [0x8D359742]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateThreadEx [0x8D359784]
SSDT \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwCreateUserProcess [0x8D359ABD]

Code \??\C:\Windows\system32\drivers\HOOKHELP.sys ZwSetValueKey [0x8D35B0A2]
Code \??\C:\Windows\system32\drivers\HOOKHELP.sys ObReferenceObjectByHandle

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 181 820B3904 4 Bytes [F7, 99, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 191 820B3914 4 Bytes [52, 99, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1E9 820B396C 4 Bytes [FF, 9A, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820B3978 4 Bytes [D6, 99, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 820B3998 4 Bytes [30, 9D, 35, 8D]
.text ...
PAGE ntkrnlpa.exe!ZwSetValueKey 821E53C2 5 Bytes JMP 8D35B0A6 \??\C:\Windows\system32\drivers\HOOKHELP.sys
PAGE ntkrnlpa.exe!ObReferenceObjectByHandle 82234F40 5 Bytes JMP 8D35B078 \??\C:\Windows\system32\drivers\HOOKHELP.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 008E1642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 008E152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 008E1758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[2576] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 008E1871
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 00A61642
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 00A6152C
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 00A61758
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 00A61871
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogParamW 764072A2 5 Bytes JMP 6F02DEA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!GetAsyncKeyState 7640863C 5 Bytes JMP 6EF48F27 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetWindowsHookExW 764087AD 5 Bytes JMP 6F029AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CallNextHookEx 76408E3B 5 Bytes JMP 6F01D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!UnhookWindowsHookEx 764098DB 5 Bytes JMP 6EF94686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!EnableWindow 7640CD8B 5 Bytes JMP 6F02DD2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6F02DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!GetKeyState 76418CB1 5 Bytes JMP 6F02D2DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!IsDialogMessageW 76420745 5 Bytes JMP 6EF55A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogParamA 764217AA 5 Bytes JMP 6F12601B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!IsDialogMessage 76421847 5 Bytes JMP 6F1258B7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogIndirectParamA 764226F1 5 Bytes JMP 6F126052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateDialogIndirectParamW 76429A62 5 Bytes JMP 6F126089 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetKeyboardState 76430987 5 Bytes JMP 6F125C26 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6EF55505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6F1253AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SendInput 76432F75 5 Bytes JMP 6F1267E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!EndDialog 7643326E 5 Bytes JMP 6EF57EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetCursorPos 76446FB2 5 Bytes JMP 6F126837 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6F12534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6F125412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6F1252E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6F125276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6F125214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6F1251B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!keybd_event 7645D972 5 Bytes JMP 6F126B67 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] SHELL32.dll!SHRestricted + D95 767A89A8 4 Bytes [4D, 30, 64, 6D]
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] SHELL32.dll!SHRestricted + D9D 767A89B0 8 Bytes [57, 2F, 64, 6D, 9C, 5B, 63, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!OleLoadFromStream 778C1E80 5 Bytes JMP 6F125717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!CoCreateInstance 778F9F3E 5 Bytes JMP 6F02DB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] WS2_32.dll!closesocket 7630330C 5 Bytes JMP 033E8F70
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] WS2_32.dll!connect 763040D9 5 Bytes JMP 033E8CE0
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] WS2_32.dll!getpeername 7631A863 5 Bytes JMP 033E8F00
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01F81642
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01F8152C
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01F81758
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01F81871
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!CreateWindowExW 76411305 5 Bytes JMP 6F02DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamW 764310B0 5 Bytes JMP 6EF55505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamW 76432EF5 5 Bytes JMP 6F1253AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxParamA 76448152 5 Bytes JMP 6F12534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!DialogBoxIndirectParamA 7644847D 5 Bytes JMP 6F125412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectA 7645D4D9 5 Bytes JMP 6F1252E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxIndirectW 7645D5D3 5 Bytes JMP 6F125276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExA 7645D639 5 Bytes JMP 6F125214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] USER32.dll!MessageBoxExW 7645D65D 5 Bytes JMP 6F1251B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] WS2_32.dll!closesocket 7630330C 5 Bytes JMP 03538F70
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] WS2_32.dll!connect 763040D9 5 Bytes JMP 03538CE0
.text C:\Program Files\Internet Explorer\iexplore.exe[2820] WS2_32.dll!getpeername 7631A863 5 Bytes JMP 03538F00
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 057E1642
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 057E152C
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 057E1758
.text C:\Windows\system32\Dwm.exe[2876] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 057E1871
.text C:\Windows\system32\taskeng.exe[2916] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02CF1642
.text C:\Windows\system32\taskeng.exe[2916] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\taskeng.exe[2916] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02CF152C
.text C:\Windows\system32\taskeng.exe[2916] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02CF1758
.text C:\Windows\system32\taskeng.exe[2916] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02CF1871
.text C:\Windows\Explorer.EXE[2944] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 05CB1642
.text C:\Windows\Explorer.EXE[2944] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2944] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 05CB152C
.text C:\Windows\Explorer.EXE[2944] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 05CB1758
.text C:\Windows\Explorer.EXE[2944] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 05CB1871
.text C:\Windows\RtHDVCpl.exe[3140] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02801642
.text C:\Windows\RtHDVCpl.exe[3140] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\RtHDVCpl.exe[3140] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0280152C
.text C:\Windows\RtHDVCpl.exe[3140] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02801758
.text C:\Windows\RtHDVCpl.exe[3140] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02801871
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 029E1642
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 029E152C
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 029E1758
.text C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe[3156] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 029E1871
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01CB1642
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01CB152C
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01CB1758
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3280] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01CB1871
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01D41642
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01D4152C
.text C:\Windows\System32\hkcmd.exe[3352] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01D41758
.text C:\Windows\System32\hkcmd.exe[3352] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01D41871
.text C:\Windows\System32\igfxpers.exe[3364] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01A61642
.text C:\Windows\System32\igfxpers.exe[3364] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\System32\igfxpers.exe[3364] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01A6152C
.text C:\Windows\System32\igfxpers.exe[3364] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01A61758
.text C:\Windows\System32\igfxpers.exe[3364] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01A61871
.text C:\Windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01B31642
.text C:\Windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\igfxsrvc.exe[3396] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01B3152C
.text C:\Windows\system32\igfxsrvc.exe[3396] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01B31758
.text C:\Windows\system32\igfxsrvc.exe[3396] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01B31871
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 05F91642
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 05F9152C
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 05F91758
.text C:\Program Files\Rising\Rav\RsTray.exe[3404] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 05F91871
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01BB1642
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01BB152C
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01BB1758
.text C:\Program Files\Rising\RSD\popwndexe.exe[3452] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01BB1871
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 06301642
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0630152C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 06301758
.text C:\Program Files\Windows Sidebar\sidebar.exe[3464] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 06301871
.text C:\Windows\ehome\ehtray.exe[3492] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02AB1642
.text C:\Windows\ehome\ehtray.exe[3492] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\ehome\ehtray.exe[3492] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02AB152C
.text C:\Windows\ehome\ehtray.exe[3492] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02AB1758
.text C:\Windows\ehome\ehtray.exe[3492] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02AB1871
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02BD1642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02BD152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02BD1758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3588] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02BD1871
.text C:\Windows\system32\wbem\unsecapp.exe[3616] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 00A21642
.text C:\Windows\system32\wbem\unsecapp.exe[3616] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\wbem\unsecapp.exe[3616] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 00A2152C
.text C:\Windows\system32\wbem\unsecapp.exe[3616] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 00A21758
.text C:\Windows\system32\wbem\unsecapp.exe[3616] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 00A21871
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 025D1642
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\ehome\ehmsas.exe[3692] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 025D152C
.text C:\Windows\ehome\ehmsas.exe[3692] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 025D1758
.text C:\Windows\ehome\ehmsas.exe[3692] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 025D1871
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02B11642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 02B1152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02B11758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3716] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02B11871
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 028F1642
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 028F152C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 028F1758
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[3956] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 028F1871
.text C:\Windows\system32\conime.exe[5368] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 00681642
.text C:\Windows\system32\conime.exe[5368] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\system32\conime.exe[5368] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0068152C
.text C:\Windows\system32\conime.exe[5368] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 00681758
.text C:\Windows\system32\conime.exe[5368] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 00681871
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 02341642
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 0234152C
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 02341758
.text C:\Program Files\Windows Defender\MSASCui.exe[21836] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 02341871
.text C:\Windows\System32\mobsync.exe[32108] kernel32.dll!CreateProcessW 764A1BF3 5 Bytes JMP 01A01642
.text C:\Windows\System32\mobsync.exe[32108] kernel32.dll!CreateProcessA 764A1C28 1 Byte [E9]
.text C:\Windows\System32\mobsync.exe[32108] kernel32.dll!CreateProcessA 764A1C28 5 Bytes JMP 01A0152C
.text C:\Windows\System32\mobsync.exe[32108] ADVAPI32.dll!CreateProcessAsUserA 7665CEB9 5 Bytes JMP 01A01758
.text C:\Windows\System32\mobsync.exe[32108] ADVAPI32.dll!CreateProcessAsUserW 76671EE9 5 Bytes JMP 01A01871

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs HOOKHELP.sys
Device \FileSystem\fastfat \FatCdrom HOOKHELP.sys
Device \FileSystem\RAW \Device\RawTape HOOKHELP.sys

AttachedDevice \Driver\tdx \Device\Tcp HookTdi.sys

Device \FileSystem\rdbss \Device\FsWrap HOOKHELP.sys

AttachedDevice \Driver\tdx \Device\Udp HookTdi.sys
AttachedDevice \Driver\tdx \Device\RawIp HookTdi.sys

Device \FileSystem\RAW \Device\RawDisk HOOKHELP.sys
Device \FileSystem\RAW \Device\RawCdRom HOOKHELP.sys
Device \FileSystem\fastfat \Fat HOOKHELP.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer HOOKHELP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer HOOKHELP.sys
Device \FileSystem\cdfs \Cdfs HOOKHELP.sys

---- EOF - GMER 1.0.15 ----

 

Themen zu Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden
32 bit, antivirus, bonjour, defender, desktop, excel, explorer, firefox, google, home, hängt, kaspersky, langsam, mozilla, plug-in, programm, rojaner gefunden, scan, starten, suche, super, svchost.exe, symantec, system, temp, trojaner, trojaner gefunden, udp, updates, vista 32 bit, windows


« Rechnersperrung Bundeskriminalamt | Achtung windowssyset wurde blockiert - bezahlen und runterladen (der nächste) »


Ähnliche Themen: Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden


  1. Win32/Kryptik.BDQK trojan entdeckt
    Log-Analyse und Auswertung - 30.06.2013 (8)
  2. Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  3. Bedrohung: Win32:Gataka-C [Trj] Fund Avast in Java cache
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (8)
  4. Nod32 meldet Variante von Win32/Gataka.B
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (35)
  5. S.M.A.R.T. HDD bzw. Win32/Kryptik.AGML
    Log-Analyse und Auswertung - 13.06.2012 (25)
  6. Explorer infiziert. Win32/Gataka.B Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (1)
  7. ESET findet: Kryptik.ACOM und Gataka.A
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (25)
  8. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  9. Win32:kryptik-HYI & Win32:fakeVimesB
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (11)
  10. Trojaner Win32/Gataka.A
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (3)
  11. syspck32.exe Win32/Rootkit.Kryptik.AF trojan
    Log-Analyse und Auswertung - 05.10.2010 (19)
  12. Variante von Win32/Kryptik.GYI Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (0)
  13. Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (7)
  14. Win32/Kryptik - Svchost.exe connected?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2010 (1)
  15. Win32/Kryptik.BDR trojan
    Plagegeister aller Art und deren Bekämpfung - 17.12.2009 (9)
  16. Variante von Win32/Kryptik.HY Trojaner - RECYCLER ?
    Plagegeister aller Art und deren Bekämpfung - 21.02.2009 (29)
  17. Win32:Trojan-gen, Win32:Rootkit-gen, Win32:Adware-gen gefunden!
    Log-Analyse und Auswertung - 14.07.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden - Hallo, ich habe mir diverse Trojaner eingefangen. Meine Online- Bank hat mich darauf gebracht, da ließ sich die Startseite nicht mehr vollständig laden und nach dem Login kam nicht meine - Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden...
Archiv
Du betrachtest: Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131