|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen in AppDataWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.10.2010, 05:36 | #1 |
| TR/Crypt.XPACK.Gen in AppData Hallo! Ich habe nun seit einigen Tagen bei Avira die Meldung, dass ein Trojaner gefunden wurde. Ich habe auch schon mehrere Versuche unternommen, ihn zu löschen, bzw. die beiden. Es sind zwei gleichnamige, aber in verschiedenen Datein. Ich habe auch schon den Thread hier gelesen, in dem es um den Gleichen / ähnlichen TR geht, aber ich kenne mich mit der Technik nicht so gut aus und brauche immer alles "Für Frauen erklärt". ... Na ja ich habe mein System dann mal mit Malwarebytes und OLT gescannt und hier sind die Ergebnisse (ich habe leider vergessen Malwarebytes vorher auf neue Updates zu suchen und habe dann noch mal gescannt, aber dabei wurde nichts gefunden - Wobei mir auffällt, dass nur im IE gesucht wird und ich die meisten Probleme eigentlich bei FF bemerke - Sollte ich noch mal einen großen Scan durchführen?) : Malwarebytes' Anti-Malware 1.46 www*malwarebytes.org Datenbank Version: 4052 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 15.10.2010 05:58:57 mbam-log-2010-10-15 (05-58-57).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 117288 Laufzeit: 10 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und die beiden von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.10.2010 06:17:13 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,37 Gb Total Space | 39,52 Gb Free Space | 33,96% Space Free | Partition Type: NTFS Drive E: | 115,05 Gb Total Space | 110,77 Gb Free Space | 96,28% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Vidalia Bundle\Tor\tor.exe () PRC - C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe () PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony) PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.) PRC - C:\Programme\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LckFldService) -- C:\Windows\System32\LckFldService.exe File not found SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (jnv4_mib) -- C:\Users\***\AppData\Local\Temp\jnv4_mib.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking) DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.lovin-girls.bplaced.de/Forum/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {2cb97724-d789-4f43-8888-a763cbb8df6f}:3.0.2564.27062 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1 FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:4.2.4 FF - prefs.js..keyword.URL: "hxxp://www.ask.com/web?o=101447&l=dis&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "222.18.54.37" FF - prefs.js..network.proxy.gopher: "222.18.54.37" FF - prefs.js..network.proxy.http: "222.18.54.37" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "222.18.54.37" FF - prefs.js..network.proxy.ssl: "222.18.54.37" FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 16:42:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.24 01:42:16 | 000,000,000 | ---D | M] [2009.05.26 18:02:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.15 03:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions [2009.09.04 21:03:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.12.27 05:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f} [2010.08.16 18:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.03.23 22:38:53 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2009.02.18 21:37:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.06.13 18:01:06 | 000,000,000 | ---D | M] (Red Cats (blue flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{ff356687-aa08-463d-a46c-11c451824939} [2010.10.12 23:58:05 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\05xg1xwj.default\searchplugins\icqplugin.xml [2010.09.01 01:22:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.04 21:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.24 01:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.01 01:22:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2009.05.26 18:02:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.04 16:42:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.04 16:42:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.04 16:42:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.04 16:42:45 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.04 16:42:45 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Programme\McAfee\MSK\mcapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programme\Neopets\Toolbar\toolbar.dll (Velocity Services, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programme\Neopets\Toolbar\toolbar.dll (Velocity Services, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programme\Neopets\Toolbar\toolbar.dll (Velocity Services, Inc.) O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [TOSCDSPD] File not found O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\Pictures\thinspiration\1_____.jpg O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\thinspiration\1_____.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.15 06:14:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.15 05:47:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.15 05:46:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.15 05:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.15 05:46:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.15 05:46:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.14 03:03:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.13 23:58:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 23:57:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.13 23:55:44 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 23:55:39 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 23:55:38 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 23:55:23 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 23:55:18 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 23:55:06 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 23:55:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.10.13 23:55:01 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 23:55:01 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.10.13 23:54:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 23:54:59 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 23:54:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 23:54:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.10.13 23:54:58 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 23:54:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.13 23:52:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.10.05 00:23:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.20 21:00:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.15 06:15:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.15 06:02:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.15 05:46:15 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.15 05:35:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.15 05:35:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.15 03:39:02 | 000,029,981 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010.10.15 03:35:25 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.15 03:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.15 03:35:08 | 2136,952,832 | -HS- | M] () -- C:\hiberfil.sys [2010.10.14 21:04:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.14 21:04:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.14 21:04:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.14 21:04:18 | 000,046,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.14 07:00:43 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.10.14 06:57:06 | 000,286,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 23:52:51 | 000,000,809 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.10.01 05:58:43 | 000,146,833 | -H-- | M] () -- C:\Users\***\Desktop\mxfilerelatedcache.mxc2 [2010.10.01 05:55:11 | 000,007,168 | -H-- | M] () -- C:\Users\***\Desktop\photothumb.db [2010.09.20 11:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.15 05:46:15 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.13 23:52:51 | 000,000,809 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.07.23 23:01:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.20 18:30:04 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.01.06 22:18:01 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.01.06 22:17:49 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.08.25 19:49:30 | 000,000,032 | ---- | C] () -- C:\Windows\System32\Mlkf.dll [2008.06.29 18:40:52 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2008.05.16 13:37:21 | 000,000,295 | ---- | C] () -- C:\Windows\{DD1A721B-F49D-4F26-A7B3-2C00655022D8}_WiseFW.ini [2008.05.09 15:14:21 | 000,065,024 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.25 15:27:02 | 000,000,016 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.04.25 15:27:02 | 000,000,016 | -H-- | C] () -- C:\Users\***\AppData\Local\mxfilerelatedcache.mxc2 [2008.04.12 18:53:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.04.11 20:59:41 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.04.10 20:26:14 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2008.04.10 20:26:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2008.04.10 20:26:14 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2008.04.10 20:26:14 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.04.10 20:23:00 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.01.28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll [2008.01.28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll [2008.01.28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll [2008.01.28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll [2008.01.28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll [2008.01.28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.10.2010 06:17:13 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,37 Gb Total Space | 39,52 Gb Free Space | 33,96% Space Free | Partition Type: NTFS Drive E: | 115,05 Gb Total Space | 110,77 Gb Free Space | 96,28% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{236B9DA2-4B1F-4113-B3AF-0CE0D5F34149}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4F2F62D8-BA95-4E04-A705-6C1A92BE08CD}" = rport=10243 | protocol=6 | dir=out | app=system | "{682CD9EA-DF6E-4B9F-8E1E-FB042FABD270}" = lport=2869 | protocol=6 | dir=in | app=system | "{748377DF-3CB6-4A7C-989B-A4FE39DC94F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{90C62EB8-1699-4E67-BA09-1462F5A0F117}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{95C965D2-B679-409F-AABD-26B2D0936E5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9E929A0F-40BF-4697-8FC1-092D5E6A48DA}" = lport=10243 | protocol=6 | dir=in | app=system | "{C40C550B-EFE3-4DED-BA1E-9F0EB65CDDA6}" = lport=2869 | protocol=6 | dir=in | app=system | "{CACEAC30-845C-4506-B86B-7ACF88A57124}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E8D8D12F-8D3F-4FE8-8B19-DD0C6157C5B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F482EDAC-36BA-41D5-9671-183389680500}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{101FBEF9-89F4-4CDB-9E5E-69C116BA9383}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B315582-1077-463C-B0D6-F5145268299E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2DCEB9AE-2D3B-4B85-82B9-901AC5A9281B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{30A583A7-44DA-4FF4-9AFC-B431A53CA787}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{325277CC-D9F0-49C4-A93C-A1DC8E6904B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{341F03A4-6C93-4FE1-BE55-F9D3F6398F89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{496AF55C-A855-4571-98AF-15EDE5CA24CD}" = protocol=6 | dir=in | app=c:\program files\mirabyte\superhtml web studio 8.5\shtml85trial.exe | "{732D9234-9A76-4CB7-98F4-C9828D7C66BB}" = protocol=17 | dir=in | app=c:\program files\mirabyte\superhtml web studio 8.5\shtml85trial.exe | "{809F1786-D5C4-4356-9D00-1036E2F88AD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8F6FEB97-2F87-4228-AB3B-294ACD683008}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B1CD698D-162E-4097-9D76-1C7C42EF6192}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B5E9C55F-044C-455B-BE96-A84F0E7FA311}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BF60E2FB-FCF6-4A7A-A4D1-11BD60D7CF5B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{CD6FC9D9-3FD0-4EC3-B16E-76A559E256A7}" = protocol=6 | dir=out | app=system | "{D0B01393-7A79-4045-99F5-EB58F26C69A9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{D274B7F4-70A1-4A0A-B596-A30A690B50C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D3946C52-9458-400C-8D01-52A175D7B558}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F515C81D-94A4-4B8F-89BA-10A571ABFAFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{22BAEE9B-7196-43CF-BC29-ACAEE7CEEC26}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{3DB1B0B5-BE21-4699-A219-70FE238DD168}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{74C6A72B-4A02-442F-83C7-52DBF25EE1BB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{98DDBB70-60BB-4F3D-89FE-405207FCEDBA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{9F5BD085-E063-4FE9-9748-5F76EC4759C4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{E04D0ABC-B0A9-484B-9F20-AC2618ECBB02}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{293594B5-A362-449B-999F-C4B002919DF8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{2E6580F5-E0E3-46AB-BD51-65E6395CD879}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{4E647988-3243-46E0-AF3F-79D1668E0189}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{8FA6D318-D732-4CE0-A066-14340D1E4121}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{9D3841D6-D6E9-4B9C-A3D0-7627978ADD6D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{A3D73208-6C2C-4B5A-93FC-BFC1D3FEEACE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar) "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risiko II "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar) "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar) "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40C4952C-D505-477A-AA90-224C2A011FC2}" = Barbie Pferdeabenteuer - Im Reitercamp "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password "{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher "{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD1A721B-F49D-4F26-A7B3-2C00655022D8}" = SuperHTML Web Studio (Testversion) "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB1F228C-8D68-41A7-BEA2-D667DDB8B8B7}" = Phase 5 HTML-Editor "{FEDA2A34-795B-4670-ABEA-17E4ADCB2245}_is1" = Star-Script Ultimate v2.9 "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EADM" = EA Download Manager "Fahren Lernen_is1" = Fahren Lernen 1.0 "FileZilla Client" = FileZilla Client 3.1.6 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Folder Access 2.1 Free Version" = Folder Access 2.1 Free Version "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Gamers.IRC" = Gamers.IRC 5.25 "Google Desktop" = Google Desktop "Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQToolbar" = ICQ Toolbar "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder "InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "LogMeIn Hamachi" = LogMeIn Hamachi "MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D) "MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "MSC" = McAfee SecurityCenter "myphotobook" = myphotobook 3.5 "Neopets" = Neopets "Notepad++" = Notepad++ "OpenAL" = OpenAL "PhotoFiltre" = PhotoFiltre "PhotoScape" = PhotoScape "Picasa2" = Picasa 2 "Privoxy" = Privoxy 3.0.6 "RealPlayer 6.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tor" = Tor 0.2.0.31 "TS3 Install Helper Monkey" = TS3 Install Helper Monkey "Uninstall_is1" = Uninstall 1.0.0.1 "Vidalia" = Vidalia 0.1.9 "VLC media player" = VideoLAN VLC media player 0.8.6f "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "37d7d3b18581cbe7" = Omnipresent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.04.2010 12:31:01 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 23.04.2010 16:50:00 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 25.04.2010 11:17:54 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 26.04.2010 14:03:18 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 27.04.2010 12:25:12 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 27.04.2010 12:27:04 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.0.3725 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 14f4 Anfangszeit: 01cae626285788d5 Zeitpunkt der Beendigung: 34 Error - 29.04.2010 08:06:49 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 30.04.2010 13:09:33 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 01.05.2010 08:04:46 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 03.05.2010 06:51:23 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 12.10.2010 06:01:16 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 12.10.2010 06:01:16 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 12.10.2010 17:43:46 | Computer Name = *** | Source = HTTP | ID = 15016 Description = Error - 13.10.2010 01:02:50 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 13.10.2010 01:04:23 | Computer Name = *** | Source = HTTP | ID = 15016 Description = Error - 13.10.2010 17:26:22 | Computer Name = *** | Source = HTTP | ID = 15016 Description = Error - 13.10.2010 22:09:15 | Computer Name = *** | Source = DCOM | ID = 10010 Description = Error - 14.10.2010 00:57:24 | Computer Name = *** | Source = HTTP | ID = 15016 Description = Error - 14.10.2010 12:22:00 | Computer Name = *** | Source = HTTP | ID = 15016 Description = Error - 14.10.2010 21:35:22 | Computer Name = *** | Source = HTTP | ID = 15016 Description = < End of report > Liebe Grüße Maybe Geändert von Maybe (15.10.2010 um 05:42 Uhr) |
15.10.2010, 20:55 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Hallo und
__________________Zitat:
__________________ |
17.10.2010, 21:13 | #3 |
| TR/Crypt.XPACK.Gen in AppData Aktuellen Signaturen?
__________________Habe jetzt einen Vollscan gemacht, aber ich fürchte ohne vorher zu updaten, ich Honk. >.< Jedenfalls ginge es NOCH aktueller, wie ich eben festgestellt habe. Na ja, hier der Vollscan: Malwarebytes' Anti-Malware 1.46 wwwmalwarebytes.org Datenbank Version: 4826 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 17.10.2010 22:09:34 mbam-log-2010-10-17 (22-09-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 311053 Laufzeit: 2 Stunde(n), 29 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Kann ich gar nicht verstehen. Ich bin mir sicher, dass hier noch was rumgeistert an TR. PS: Übrigens spinnt Google bei mir seit dem der TR da ist auch ein wenig. Ich kriege nur noch auf englisch alles, selbst wenn ich es umstelle. o.O Und wie gesagt, Firefox ist lahm und hakt oft... Deshalb glaube ich nicht, dass alles okay ist. Geändert von Maybe (17.10.2010 um 21:26 Uhr) |
18.10.2010, 07:50 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.10.2010, 03:30 | #5 |
| TR/Crypt.XPACK.Gen in AppData Ich habe jetzt gestern noch mal gescannt ber wieder keinen fund. Dabei hat Avira Antivir während des Scans einen TR gemeldet eben in AppData. Genau genommen hier: C:\Users\+++\AppData\Local\Temp\EADB02B.exe Und das ist der Scann von Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4885 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 20.10.2010 01:33:35 mbam-log-2010-10-20 (01-33-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 311920 Laufzeit: 2 Stunde(n), 23 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
21.10.2010, 09:34 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppDataZitat:
Bitte jetzt mal CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> TR/Crypt.XPACK.Gen in AppData |
21.10.2010, 21:08 | #7 |
| TR/Crypt.XPACK.Gen in AppData Ich bennutze den IE gar nicht, benutze Firefox und damit habe ich auch ein paar Probleme, vermute dass der auch nicht ganz sauber ist. Und okay mache ich mal! |
21.10.2010, 21:11 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppDataZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
22.10.2010, 04:05 | #9 |
| TR/Crypt.XPACK.Gen in AppData Das mit CClean ist kein Problem, das habe ich sogar noch aufm PC. Aber das cofi... das habe ich angemacht (vorher alles aus, auch avira den guard aus) und dann meinte der er scannt 10 min. - und nach 30 minuten habe ich mal nachgesehen und festgestellt, dass der sich komplett weggehängt hatte. :/ wollte den pc nämlich ausmachen, weil ich weg musste. ist das normal, dass cofi so lange braucht (länger als 30 min.) und wieso hat sich da aufgehängt, bin ich da vorher ausversehen an die Maus gekommen? Hängt sich das dann auf? werde es später noch einmal versuchen! |
23.10.2010, 16:44 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Das kann vereinzelt vorkommen. Starte den Rechner neu, lösch die alte cofi.exe, lad CF neu runter als cofi und führ es nochmal aus nach Anleitung. CCleaner musst Du nicht nochmal anwenden.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.10.2010, 20:23 | #11 |
| TR/Crypt.XPACK.Gen in AppData Habe Cofi neu installiert und er hat auch gescannt. Aber ca nach 5 Minuten kam folgendes (der Bildschirm war komplett blau mit weißer Schrift): A Problem has been detected and windows has to shut down in order to protect your computer (oder so ähnlich, den Rest konnte ich nicht lesen, danach hat er Neustart gemacht...) Was ist das bzw. was hat das nun zu bedeuten? |
27.10.2010, 08:18 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Lassen wir CF erstmal weg und probier es später nochmal. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.10.2010, 22:19 | #13 |
| TR/Crypt.XPACK.Gen in AppData GMER Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover Rootkit scan 2010-10-29 23:14:37 Windows 6.0.6001 Service Pack 1 Running: 6zwltg0c.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\uwldapod.sys ---- System - GMER 1.0.15 ---- SSDT D55CE1CC ZwCreateThread SSDT D55CE1B8 ZwOpenProcess SSDT D55CE1BD ZwOpenThread SSDT D55CE1C7 ZwTerminateProcess INT 0x52 ? C470E7D0 INT 0x62 ? C2BC92D0 INT 0x71 ? C4AD5A50 INT 0x72 ? C470ECD0 INT 0x82 ? C470E550 INT 0x92 ? C2BC9A50 INT 0xA2 ? C2BC9550 INT 0xB1 ? C2BC9CD0 INT 0xB2 ? C2BC97D0 INT 0xB3 ? C2BC9050 Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xCB28C99D] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xCB28C937] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xCB28C94B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xCB28C9DB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xCB28CA1E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xCB28C9B1] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xCB28CA46] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xCB28CA32] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xCB28C989] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xCB28C975] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xCB28C9F1] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xCB28C9C7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0xCB28C961] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution E20361C0 5 Bytes JMP CB28C9CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) .text ntkrnlpa.exe!KeSetTimerEx + 454 E20C7B18 4 Bytes [CC, E1, 5C, D5] .text ntkrnlpa.exe!KeSetTimerEx + 624 E20C7CE8 4 Bytes [B8, E1, 5C, D5] .text ntkrnlpa.exe!KeSetTimerEx + 640 E20C7D04 4 Bytes [BD, E1, 5C, D5] .text ntkrnlpa.exe!KeSetTimerEx + 854 E20C7F18 4 Bytes [C7, E1, 5C, D5] PAGE ntkrnlpa.exe!ZwNotifyChangeKey E21D01AD 5 Bytes JMP CB28CA22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateUserProcess E21D7E06 5 Bytes JMP CB28C965 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection E223380E 7 Bytes JMP CB28C9DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection E2233E65 5 Bytes JMP CB28C9F5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile E2236076 5 Bytes JMP CB28C9A1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess E2243734 5 Bytes JMP CB28C979 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory E224598E 7 Bytes JMP CB28C9B5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey E2264552 5 Bytes JMP CB28CA36 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey E226559E 5 Bytes JMP CB28CA4A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess E22A331D 5 Bytes JMP CB28C93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx E22A3368 7 Bytes JMP CB28C94F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread E22A3E23 5 Bytes JMP CB28C98D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0xC6756000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0xC679F000, 0x510, 0x40000040] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xD9CE8300, 0x3ACC8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xD9D2B300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\svchost.exe[428] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 00010F43 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 00010089 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 000100A4 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00010F0D .text C:\Windows\System32\svchost.exe[428] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00010F79 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 00010FAF .text C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 00010047 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 00010025 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 0001006E .text C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 00010036 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 00010F9E .text C:\Windows\System32\svchost.exe[428] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 00010F5E .text C:\Windows\System32\svchost.exe[428] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 00010EFC .text C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 00010FE5 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00010000 .text C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 00010FCA .text C:\Windows\System32\svchost.exe[428] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 00010F28 .text C:\Windows\System32\svchost.exe[428] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 00050036 .text C:\Windows\System32\svchost.exe[428] msvcrt.dll!system 76F38B63 5 Bytes JMP 0005001B .text C:\Windows\System32\svchost.exe[428] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 00050FC6 .text C:\Windows\System32\svchost.exe[428] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 00050FEF .text C:\Windows\System32\svchost.exe[428] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 00050FB5 .text C:\Windows\System32\svchost.exe[428] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 00050000 .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00060FA5 .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 0006003D .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00060000 .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00060FB6 .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00060F8A .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00060011 .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00060FDB .text C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 0006002C .text C:\Windows\System32\svchost.exe[428] WS2_32.dll!socket 771136D1 5 Bytes JMP 00600000 .text C:\Windows\Explorer.EXE[680] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 02F70F5E .text C:\Windows\Explorer.EXE[680] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 02F70F83 .text C:\Windows\Explorer.EXE[680] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 02F70F28 .text C:\Windows\Explorer.EXE[680] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 02F700C9 .text C:\Windows\Explorer.EXE[680] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 02F70082 .text C:\Windows\Explorer.EXE[680] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 02F70036 .text C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 02F70F9E .text C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 02F70FAF .text C:\Windows\Explorer.EXE[680] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 02F7009D .text C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 02F70051 .text C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 02F70FCA .text C:\Windows\Explorer.EXE[680] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 02F700AE .text C:\Windows\Explorer.EXE[680] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 02F70F17 .text C:\Windows\Explorer.EXE[680] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 02F7000A .text C:\Windows\Explorer.EXE[680] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 02F70FEF .text C:\Windows\Explorer.EXE[680] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 02F70025 .text C:\Windows\Explorer.EXE[680] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 02F70F4D .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 02F600A2 .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 02F60062 .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 02F6000A .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 02F60087 .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 1 Byte [E9] .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 02F60FE5 .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 02F60036 .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 02F60025 .text C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 02F60051 .text C:\Windows\Explorer.EXE[680] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 02F8005A .text C:\Windows\Explorer.EXE[680] msvcrt.dll!system 76F38B63 5 Bytes JMP 02F80049 .text C:\Windows\Explorer.EXE[680] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 02F8002E .text C:\Windows\Explorer.EXE[680] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 02F80000 .text C:\Windows\Explorer.EXE[680] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 02F80FD9 .text C:\Windows\Explorer.EXE[680] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 02F8001D .text C:\Windows\Explorer.EXE[680] WS2_32.dll!socket 771136D1 5 Bytes JMP 02F90000 .text C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenA 77680A4D 5 Bytes JMP 03890FEF .text C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenUrlA 77682713 5 Bytes JMP 0389000A .text C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenW 776830C8 5 Bytes JMP 03890FD4 .text C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenUrlW 776D84F1 5 Bytes JMP 03890FB9 .text C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 00180F0E .text C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 00180F29 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 00180ED8 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00180EE9 .text C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00180F66 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 0018000A .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 00180040 .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 00180F94 .text C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 00180F55 .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 00180F83 .text C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 0018001B .text C:\Windows\system32\services.exe[688] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 00180F3A .text C:\Windows\system32\services.exe[688] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 00180EC7 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 00180FD4 .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00180FEF .text C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 00180FC3 .text C:\Windows\system32\services.exe[688] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 00180065 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00170054 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 00170FA8 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00170FEF .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 0017002F .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00170065 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00170FD4 .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 0017000A .text C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 00170FC3 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 001E0036 .text C:\Windows\system32\services.exe[688] msvcrt.dll!system 76F38B63 5 Bytes JMP 001E0025 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 001E0FC6 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 001E0000 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 001E0FB5 .text C:\Windows\system32\services.exe[688] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 001E0FD7 .text C:\Windows\system32\services.exe[688] WS2_32.dll!socket 771136D1 5 Bytes JMP 001F0FEF .text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 000900DA .text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 000900C9 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 00090106 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00090F79 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00090082 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 00090FD4 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 00090FA8 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 0009005B .text C:\Windows\system32\lsass.exe[748] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 0009009D .text C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 00090FB9 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 0009004A .text C:\Windows\system32\lsass.exe[748] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 000900AE .text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 00090117 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 00090FEF .text C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00090000 .text C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 0009002F .text C:\Windows\system32\lsass.exe[748] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 000900F5 .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00080040 .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 0008002F .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00080000 .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00080FA8 .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00080F83 .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00080FDE .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00080FEF .text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 00080FC3 .text C:\Windows\system32\lsass.exe[748] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 000A0F89 .text C:\Windows\system32\lsass.exe[748] msvcrt.dll!system 76F38B63 5 Bytes JMP 000A0F9A .text C:\Windows\system32\lsass.exe[748] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 000A0FC6 .text C:\Windows\system32\lsass.exe[748] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 000A0FE3 .text C:\Windows\system32\lsass.exe[748] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 000A0FB5 .text C:\Windows\system32\lsass.exe[748] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 000A0000 .text C:\Windows\system32\lsass.exe[748] WS2_32.dll!socket 771136D1 5 Bytes JMP 00CD0000 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 00150F30 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 00150F41 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 00150EE9 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00150EFA .text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00150051 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 00150FCA .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 00150F79 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 00150FA5 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 00150062 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 00150F94 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 0015002C .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 00150F52 .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 0015009B .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 0015000A .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00150FEF .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 0015001B .text C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 00150F1F .text C:\Windows\system32\svchost.exe[896] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 001A0038 .text C:\Windows\system32\svchost.exe[896] msvcrt.dll!system 76F38B63 5 Bytes JMP 001A0027 .text C:\Windows\system32\svchost.exe[896] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 001A0016 .text C:\Windows\system32\svchost.exe[896] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 001A0FEF .text C:\Windows\system32\svchost.exe[896] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 001A0FB7 .text C:\Windows\system32\svchost.exe[896] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 001A0FD2 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00140F94 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 0014002C .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00140FEF .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00140FA5 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 0014005B .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 0014000A .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00140FD4 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 0014001B .text C:\Windows\system32\svchost.exe[896] WS2_32.dll!socket 771136D1 5 Bytes JMP 001B0000 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 006F0F37 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 006F007D .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 006F00B3 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 006F0F1C .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 006F0F6D .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 006F0FCA .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 006F0F7E .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 006F0047 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 006F0F52 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 006F0F9B .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 006F0036 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 006F006C .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 006F00C4 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 006F0FE5 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 006F0000 .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 006F001B .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 006F0098 .text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 00740FB7 .text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!system 76F38B63 5 Bytes JMP 0074004C .text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 00740FD2 .text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 00740FEF .text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 00740031 .text C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 0074000C .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 006E0051 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 006E0FAF .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 006E0FEF .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 006E0036 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 006E0062 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 006E0FD4 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 006E000A .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 006E001B .text C:\Windows\system32\svchost.exe[1004] WS2_32.dll!socket 771136D1 5 Bytes JMP 007D0000 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 006E0F44 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 006E0F55 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 006E0EF3 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 006E0F0E .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 006E0065 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 006E0000 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 006E004A .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 006E0F9E .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 006E0076 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 006E0F8D .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 006E0025 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 006E0F66 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 006E0EE2 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 006E0FD4 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 006E0FE5 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 006E0FB9 .text C:\Windows\System32\svchost.exe[1124] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 006E0F29 .text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 006F0F97 .text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!system 76F38B63 5 Bytes JMP 006F0022 .text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 006F0FCD .text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 006F0FEF .text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 006F0FB2 .text C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 006F0FDE .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00160FA8 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 0016002F .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00160FEF .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 0016004A .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00160F97 .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00160FCD .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00160FDE .text C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 0016001E .text C:\Windows\System32\svchost.exe[1124] WS2_32.dll!socket 771136D1 5 Bytes JMP 0074000A .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 009D0F3A .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 009D0080 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 009D0F0E .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 009D0F1F .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 009D0065 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 009D000A .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 009D0054 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 009D0039 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 009D0F70 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 009D0F97 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 009D0FA8 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 009D0F5F .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 009D0EF3 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 009D0FD4 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 009D0FE5 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 009D0FB9 .text C:\Windows\System32\svchost.exe[1180] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 009D009B .text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 009E0038 .text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!system 76F38B63 5 Bytes JMP 009E0FB7 .text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 009E001D .text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 009E0FEF .text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 009E0FC8 .text C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 009E0000 .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00870FB9 .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 00870FD4 .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00870FEF .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 0087005B .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00870F9E .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00870025 .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 0087000A .text C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 00870040 .text C:\Windows\System32\svchost.exe[1180] WS2_32.dll!socket 771136D1 5 Bytes JMP 00D80000 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 00A30F44 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 00A30080 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 00A300C0 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00A30F29 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00A30043 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 00A30F9E .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 00A30F5F .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 00A30F8D .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 00A30054 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 00A30F7C .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 00A30014 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 00A3006F .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 00A300D1 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 00A30FD4 .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00A30FEF .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 00A30FAF .text C:\Windows\system32\svchost.exe[1196] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 00A300AF .text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 00A40FA1 .text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!system 76F38B63 5 Bytes JMP 00A4002C .text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 00A40011 .text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 00A40000 .text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 00A40FBC .text C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 00A40FE3 .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00A2006C .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 00A20047 .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00A20FEF .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00A20FCA .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00A20FAF .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00A2001B .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00A2000A .text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 00A20036 .text C:\Windows\system32\svchost.exe[1196] WS2_32.dll!socket 771136D1 5 Bytes JMP 00A50FEF .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 00880F77 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 00880F88 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 008800F3 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00880F66 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00880FA3 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 00880FD4 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 0088007D .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 0088005B .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 00880098 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 0088006C .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 0088004A .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 008800A9 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 0088010E .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 00880FE5 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00880000 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 00880025 .text C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 008800D8 .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 0089002C .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!system 76F38B63 5 Bytes JMP 0089001B .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 00890FAB .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 00890FE3 .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 00890000 .text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 00890FC6 .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00870058 .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 00870033 .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00870000 .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00870FB6 .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 0087007D .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00870011 .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00870FDB .text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 00870022 .text C:\Windows\system32\svchost.exe[1356] WS2_32.dll!socket 771136D1 5 Bytes JMP 008A0FE5 .text C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenA 77680A4D 5 Bytes JMP 009C0000 .text C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenUrlA 77682713 5 Bytes JMP 009C0036 .text C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenW 776830C8 5 Bytes JMP 009C0011 .text C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenUrlW 776D84F1 5 Bytes JMP 009C0047 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 008A008E .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 008A0F48 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 008A00C4 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 008A0F23 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 008A0047 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 008A0FC7 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 008A0F6D .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 008A0F9B .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 008A0058 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 008A0F8A .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 008A0FB6 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 008A0069 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 008A0F12 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 008A0011 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 008A0000 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 008A0022 .text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 008A009F .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 008F0F97 .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!system 76F38B63 5 Bytes JMP 008F002C .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 008F0FBC .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 008F0FEF .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 008F0011 .text C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 008F0000 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00890F94 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 00890FA5 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00890000 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00890036 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00890051 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00890FDB .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00890011 .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 00890FB6 .text C:\Windows\system32\svchost.exe[1448] WS2_32.dll!socket 771136D1 5 Bytes JMP 00900FEF .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 018900BA .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 01890F7E .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 01890F23 .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 01890F3E .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 0189008E .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 01890025 .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 0189007D .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 01890051 .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 0189009F .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 0189006C .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 01890040 .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 01890F8F .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 018900D5 .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 01890FCA .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 01890FE5 .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 01890000 .text C:\Windows\system32\svchost.exe[1852] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 01890F59 .text C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 018A0FD9 .text C:\Windows\system32\svchost.exe[1852] msvcrt.dll!system 76F38B63 5 Bytes JMP 018A0064 .text C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 018A0038 .text C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 018A000C .text C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 018A0049 .text C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 018A001D .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 01840F8D .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 01840FAF .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 01840FE5 .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 01840F9E .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 01840040 .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 0184001B .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 01840000 .text C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 01840FC0 .text C:\Windows\system32\svchost.exe[1852] WS2_32.dll!socket 771136D1 5 Bytes JMP 018B0000 .text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2868] ntdll.dll!DbgBreakPoint 77537DFE 1 Byte [90] .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3412] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3412] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 008B0F74 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 008B00BA .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 008B0F3E .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 008B0F59 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 008B0098 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 008B0047 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 008B0FB4 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 008B007D .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 008B00A9 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 008B0FD1 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 008B0058 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 008B0F99 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 008B0F2D .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 008B0025 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 008B000A .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 008B0036 .text C:\Windows\system32\svchost.exe[3588] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 008B00CB .text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 00900FAD .text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!system 76F38B63 5 Bytes JMP 00900042 .text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 0090000C .text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 00900FEF .text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 00900031 .text C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 00900FD2 .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00650FA2 .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 0065003D .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 0065000A .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 0065004E .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00650069 .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 0065001B .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 00650FEF .text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 0065002C .text C:\Windows\system32\svchost.exe[3588] WS2_32.dll!socket 771136D1 5 Bytes JMP 00910000 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 008000F5 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 008000DA .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 00800F94 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00800121 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00800093 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 0080001B .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 00800078 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 00800FB9 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 008000A4 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 0080005B .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 00800036 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 008000C9 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 0080013C .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 00800FE5 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00800000 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 00800FD4 .text C:\Windows\system32\svchost.exe[3784] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 00800106 .text C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 0081003A .text C:\Windows\system32\svchost.exe[3784] msvcrt.dll!system 76F38B63 5 Bytes JMP 00810FAF .text C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 00810FD4 .text C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 0081000C .text C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 00810029 .text C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 00810FEF .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 007F0051 .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 007F0040 .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 007F0FEF .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 007F0FB9 .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 007F006C .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 007F0014 .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 007F0FDE .text C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 007F002F .text C:\Windows\system32\svchost.exe[3784] WS2_32.dll!socket 771136D1 5 Bytes JMP 008B0FEF .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!GetStartupInfoW 76D71929 5 Bytes JMP 00010F4D .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!GetStartupInfoA 76D719C9 5 Bytes JMP 00010093 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateProcessW 76D71C01 5 Bytes JMP 000100B8 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateProcessA 76D71C36 5 Bytes JMP 00010F21 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!VirtualProtect 76D71DD1 5 Bytes JMP 00010F83 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateNamedPipeW 76D75C44 5 Bytes JMP 00010FC0 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryExW 76D930C3 5 Bytes JMP 00010F94 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryW 76D9361F 5 Bytes JMP 00010047 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!VirtualProtectEx 76D98D7E 5 Bytes JMP 00010F72 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryExA 76D99469 5 Bytes JMP 00010FA5 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryA 76D99491 5 Bytes JMP 00010036 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreatePipe 76DA0284 5 Bytes JMP 00010078 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!GetProcAddress 76DBB8B6 5 Bytes JMP 00010F10 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateFileW 76DBCC4E 5 Bytes JMP 00010000 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateFileA 76DBCF71 5 Bytes JMP 00010FE5 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateNamedPipeA 76E0430E 5 Bytes JMP 00010011 .text C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!WinExec 76E054FF 5 Bytes JMP 00010F3C .text C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_wsystem 76F38A47 5 Bytes JMP 00060053 .text C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!system 76F38B63 5 Bytes JMP 00060FC8 .text C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_creat 76F3C6F1 5 Bytes JMP 0006001D .text C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_open 76F3DA7E 5 Bytes JMP 00060FEF .text C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_wcreat 76F3DC9E 5 Bytes JMP 0006002E .text C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_wopen 76F3DE79 5 Bytes JMP 0006000C .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyExA 7696B5E7 5 Bytes JMP 00070058 .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyA 7696B8AE 5 Bytes JMP 0007002C .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyA 76970BF5 5 Bytes JMP 00070FE5 .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyW 7697B83D 5 Bytes JMP 00070047 .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyExW 7697BCE1 5 Bytes JMP 00070F9B .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyExA 7697D4E8 5 Bytes JMP 00070FD4 .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyW 76983CB0 5 Bytes JMP 0007000A .text C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyExW 7698F09D 5 Bytes JMP 0007001B .text C:\Windows\system32\wuauclt.exe[4528] WS2_32.dll!socket 771136D1 5 Bytes JMP 00090000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- Der OSAM kommt gleich danach, den Scan starte ich gleich mal. |
29.10.2010, 22:19 | #14 |
| TR/Crypt.XPACK.Gen in AppData OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:52:00 on 29.10.2010 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.0.19 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "McDefragTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "McQcTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Michelle\AppData\Local\Temp\catchme.sys (File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "jnv4_mib" (jnv4_mib) - ? - C:\Users\Michelle\AppData\Local\Temp\jnv4_mib.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {727A317F-21BE-47C3-B1B2-3F3ED1428DA7} "FtpOleHook Class" - "WeOnlyDo! Inc." - C:\Windows\system32\wodFtpDLX.OCX {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll <binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (HTTP value) "eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (HTTP value) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll <binary data> "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {CD292324-974F-4224-D074-CACA427AA030} "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Privoxy.lnk" - "The Privoxy team - www.privoxy.org" - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "EA Core" - "Electronic Arts" - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ6.5\ICQ.exe" silent "MsnMsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "TOSCDSPD" - ? - TOSCDSPD.EXE (File not found) "Vidalia" - ? - "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe "LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start "mcagent_exe" - "McAfee, Inc." - C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey "NDSTray.exe" - ? - NDSTray.exe (File not found) "Picasa Media Detector" - "Google Inc." - C:\Program Files\Picasa2\PicasaMediaDetector.exe "SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup "Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe "TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "Lavasoft Ad-Aware Service" (aawservice) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe "LckFldService" (LckFldService) - ? - C:\Windows\system32\LckFldService.exe (File not found) "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe "McAfee Network Agent" (McNASvc) - "McAfee, Inc." - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe "McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ===[ Logfile end ]=========================================[ Logfile end ]=== MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: Intel Corp. BIOS Manufacturer: INSYDE System Manufacturer: TOSHIBA System Product Name: Satellite L350 Logical Drives Mask: 0x00000034 Kernel Drivers (total 155): 0xE2005000 \SystemRoot\system32\ntkrnlpa.exe 0xE23BE000 \SystemRoot\system32\hal.dll 0xC5E0B000 \SystemRoot\system32\kdcom.dll 0xC5E13000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0xC5E73000 \SystemRoot\system32\PSHED.dll 0xC5E84000 \SystemRoot\system32\BOOTVID.dll 0xC5E8C000 \SystemRoot\system32\CLFS.SYS 0xC5ECD000 \SystemRoot\system32\CI.dll 0xC6005000 \SystemRoot\system32\drivers\Wdf01000.sys 0xC6081000 \SystemRoot\system32\drivers\WDFLDR.SYS 0xC608E000 \SystemRoot\system32\drivers\acpi.sys 0xC60D4000 \SystemRoot\system32\drivers\WMILIB.SYS 0xC60DD000 \SystemRoot\system32\drivers\msisadrv.sys 0xC60E5000 \SystemRoot\system32\drivers\pci.sys 0xC610C000 \SystemRoot\System32\drivers\partmgr.sys 0xC611B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0xC611E000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0xC6128000 \SystemRoot\system32\drivers\volmgr.sys 0xC6137000 \SystemRoot\System32\drivers\volmgrx.sys 0xC6181000 \SystemRoot\system32\drivers\intelide.sys 0xC6188000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0xC6196000 \SystemRoot\System32\drivers\mountmgr.sys 0xC620C000 \SystemRoot\system32\DRIVERS\iaStor.sys 0xC62D4000 \SystemRoot\system32\drivers\atapi.sys 0xC62DC000 \SystemRoot\system32\drivers\ataport.SYS 0xC62FA000 \SystemRoot\system32\drivers\msahci.sys 0xC6304000 \SystemRoot\system32\drivers\fltmgr.sys 0xC6336000 \SystemRoot\system32\drivers\fileinfo.sys 0xC6346000 \SystemRoot\System32\Drivers\PxHelp20.sys 0xC634F000 \SystemRoot\System32\Drivers\ksecdd.sys 0xC640F000 \SystemRoot\system32\drivers\ndis.sys 0xC651A000 \SystemRoot\system32\drivers\msrpc.sys 0xC6545000 \SystemRoot\system32\drivers\NETIO.SYS 0xC6600000 \SystemRoot\System32\Drivers\Ntfs.sys 0xC670F000 \SystemRoot\system32\drivers\volsnap.sys 0xC6748000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS 0xC674D000 \SystemRoot\system32\DRIVERS\tos_sps32.sys 0xC6798000 \SystemRoot\System32\Drivers\spldr.sys 0xC67A0000 \SystemRoot\System32\Drivers\mup.sys 0xC67AF000 \SystemRoot\System32\drivers\ecache.sys 0xC67D6000 \SystemRoot\system32\drivers\disk.sys 0xC657F000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0xC67E7000 \SystemRoot\system32\drivers\crcdisk.sys 0xC9CCF000 \SystemRoot\system32\DRIVERS\tunnel.sys 0xC9CDA000 \SystemRoot\system32\DRIVERS\tunmp.sys 0xC9CE3000 \SystemRoot\system32\DRIVERS\FwLnk.sys 0xC9CEB000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xC9CFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xCA40A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0xCAA41000 \SystemRoot\System32\drivers\dxgkrnl.sys 0xCAAE0000 \SystemRoot\System32\drivers\watchdog.sys 0xCAAED000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xCAAF8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xCAB36000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xCAB45000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xCAB57000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0xCAB74000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xCAB87000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xCAB92000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xCABC1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xCABC3000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xCABCE000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys 0xCABD2000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xC9CFE000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0xC9D2C000 \SystemRoot\system32\DRIVERS\storport.sys 0xCABEA000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xC9D6D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xCABF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xC9D84000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xC9DA7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xC9DB6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xC9DCA000 \SystemRoot\system32\DRIVERS\rassstp.sys 0xCA400000 \SystemRoot\system32\DRIVERS\hamachi.sys 0xC9DDF000 \SystemRoot\system32\DRIVERS\termdd.sys 0xCA405000 \SystemRoot\system32\DRIVERS\swenum.sys 0xC65A0000 \SystemRoot\system32\DRIVERS\ks.sys 0xC9DEF000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xC65CA000 \SystemRoot\system32\DRIVERS\umbus.sys 0xC63C0000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xCA000000 \SystemRoot\system32\drivers\RTKVHDA.sys 0xC61A6000 \SystemRoot\system32\drivers\portcls.sys 0xC65D7000 \SystemRoot\system32\drivers\drmk.sys 0xC5FAD000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0xCAC0C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0xCAD0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0xCADC4000 \SystemRoot\system32\drivers\modem.sys 0xCADD1000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xCADE2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xCADEB000 \SystemRoot\System32\Drivers\Null.SYS 0xCADF2000 \SystemRoot\System32\Drivers\Beep.SYS 0xCADF9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xCAC00000 \SystemRoot\System32\drivers\vga.sys 0xC61D3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0xCA1F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xC6400000 \SystemRoot\system32\drivers\rdpencdd.sys 0xC63F4000 \SystemRoot\System32\Drivers\Msfs.SYS 0xC5FEB000 \SystemRoot\System32\Drivers\Npfs.SYS 0xC6200000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xCAE04000 \SystemRoot\System32\drivers\tcpip.sys 0xCAEED000 \SystemRoot\System32\drivers\fwpkclnt.sys 0xCAF08000 \SystemRoot\system32\DRIVERS\tdx.sys 0xCAF1E000 \SystemRoot\system32\DRIVERS\smb.sys 0xCAF32000 \SystemRoot\system32\drivers\afd.sys 0xCAF7A000 \SystemRoot\System32\DRIVERS\netbt.sys 0xCAFAC000 \SystemRoot\system32\DRIVERS\pacer.sys 0xCAFC2000 \SystemRoot\system32\DRIVERS\rtlprot.sys 0xCAFCC000 \SystemRoot\system32\DRIVERS\netbios.sys 0xCAFDA000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xCAFED000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xCB201000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xCB23D000 \SystemRoot\system32\drivers\nsiproxy.sys 0xCB247000 \SystemRoot\System32\Drivers\dfsc.sys 0xCB25E000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xCB27A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xCB27C000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xCB293000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS 0xCB29C000 \SystemRoot\System32\Drivers\usbvideo.sys 0xCB2BD000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xCB2C6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xCB2D6000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xCB2DE000 \SystemRoot\system32\DRIVERS\RTL8187B.sys 0xCB32E000 \SystemRoot\System32\Drivers\crashdmp.sys 0xC9C00000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xD3090000 \SystemRoot\System32\win32k.sys 0xCB33B000 \SystemRoot\System32\drivers\Dxapi.sys 0xCB345000 \SystemRoot\system32\DRIVERS\monitor.sys 0xD32B0000 \SystemRoot\System32\TSDDD.dll 0xD32D0000 \SystemRoot\System32\cdd.dll 0xCB354000 \SystemRoot\system32\drivers\luafv.sys 0xCB36F000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xD8A0D000 \SystemRoot\system32\drivers\spsys.sys 0xD8ABC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xD8ACC000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xD8AF6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xD8B00000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xD8B13000 \SystemRoot\system32\drivers\HTTP.sys 0xD8B80000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xD8B9D000 \SystemRoot\system32\DRIVERS\bowser.sys 0xD8BB6000 \SystemRoot\System32\drivers\mpsdrv.sys 0xD8BCB000 \SystemRoot\system32\drivers\mrxdav.sys 0xCB383000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xCB3A2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xCB3DB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xDA20E000 \SystemRoot\System32\DRIVERS\srv2.sys 0xDA236000 \SystemRoot\System32\DRIVERS\srv.sys 0xDA284000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xDA29A000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xDA2DD000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xDA2E2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xDA2E6000 \SystemRoot\system32\drivers\peauth.sys 0xDA3C4000 \SystemRoot\System32\Drivers\secdrv.SYS 0xDA3CE000 \??\C:\Windows\system32\SVKP.sys 0xDA3CF000 \SystemRoot\System32\drivers\tcpipreg.sys 0xDA3DB000 \SystemRoot\system32\DRIVERS\xaudio.sys 0x77BC0000 \Windows\System32\ntdll.dll Processes (total 89): 0 System Idle Process 4 System 444 C:\Windows\System32\smss.exe 592 csrss.exe 636 C:\Windows\System32\wininit.exe 648 csrss.exe 680 C:\Windows\System32\services.exe 692 C:\Windows\System32\lsass.exe 704 C:\Windows\System32\lsm.exe 780 C:\Windows\System32\winlogon.exe 896 C:\Windows\System32\svchost.exe 960 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 1004 C:\Windows\System32\svchost.exe 1040 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1184 C:\Windows\System32\svchost.exe 1200 C:\Windows\System32\svchost.exe 1300 C:\Windows\System32\audiodg.exe 1336 C:\Windows\System32\SLsvc.exe 1376 C:\Windows\System32\svchost.exe 1480 C:\Windows\System32\svchost.exe 1676 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1856 C:\Windows\System32\spoolsv.exe 1880 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1892 C:\Windows\System32\svchost.exe 436 C:\Windows\System32\dwm.exe 888 C:\Windows\System32\taskeng.exe 1428 C:\Windows\explorer.exe 1720 C:\Windows\System32\taskeng.exe 880 C:\Program Files\Windows Defender\MSASCui.exe 2076 C:\Windows\System32\igfxtray.exe 2112 C:\Windows\System32\hkcmd.exe 2152 C:\Windows\System32\igfxpers.exe 2168 C:\Windows\RtHDVCpl.exe 2196 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2228 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe 2248 C:\Program Files\McAfee.com\Agent\mcagent.exe 2272 C:\Windows\System32\igfxsrvc.exe 2300 C:\Program Files\Picasa2\PicasaMediaDetector.exe 2340 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe 2352 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe 2368 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe 2408 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe 2444 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 2452 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2480 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe 2500 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2528 C:\Program Files\Windows Sidebar\sidebar.exe 2536 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe 2556 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2576 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe 2608 C:\Program Files\ICQ6.5\ICQ.exe 2744 C:\Program Files\Skype\Phone\Skype.exe 2752 C:\Program Files\Windows Media Player\wmpnscfg.exe 2764 C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe 2868 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe 2880 C:\Program Files\OpenOffice.org 3\program\soffice.exe 2944 C:\Program Files\OpenOffice.org 3\program\soffice.bin 3144 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 3172 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 3216 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 3308 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 3372 C:\Windows\System32\svchost.exe 3384 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 3416 C:\Windows\System32\svchost.exe 3436 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe 3524 C:\Windows\System32\TODDSrv.exe 3536 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 3560 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe 3632 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 3660 C:\Windows\System32\svchost.exe 3680 C:\Windows\System32\SearchIndexer.exe 3708 C:\Windows\System32\drivers\XAudio.exe 1240 C:\Program Files\Vidalia Bundle\Tor\tor.exe 3624 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 3064 C:\Program Files\Windows Media Player\wmpnetwk.exe 2084 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe 5284 C:\Program Files\Skype\Plugin Manager\skypePM.exe 5352 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 4948 C:\Program Files\Mozilla Firefox\firefox.exe 4324 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe 4476 C:\PROGRA~1\McAfee\MSC\mcuimgr.exe 5612 C:\Windows\System32\wuauclt.exe 6132 C:\Windows\servicing\TrustedInstaller.exe 3480 C:\Windows\System32\SearchProtocolHost.exe 5208 dllhost.exe 5432 dllhost.exe 5916 C:\Users\Michelle\Desktop\MBRCheck.exe 5776 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`75800000 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK2546GSX, Rev: LB013M Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Geändert von Maybe (29.10.2010 um 22:55 Uhr) |
30.10.2010, 21:01 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen in AppData Sieht an für sich ok aus. Probier bitte CF nochmal mit einer neuen cofi.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Crypt.XPACK.Gen in AppData |
acroiehelper.dll, ad-aware, antivir, avgntflt.sys, avira, bho, components, converter, corp./icp, desktop, druck, error, firefox, firefox.exe, flash player, google, home, home premium, iastor.sys, install.exe, intranet, local\temp, location, logfile, microsoft office word, mp3, nvstor.sys, object, oldtimer, otl logfile, otl.exe, phishing, picasa, plug-in, programdata, realtek, registry, rojaner gefunden, saver, sched.exe, searchplugins, security, shell32.dll, skype.exe, software, start menu, studio, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner gefunden, uleadburninghelper, updates, usb 2.0, vista, vlc media player, wireless lan, worm.p2p |