| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trash.Gen, Umleitung über andere Seiten, Formatieren nutzlosWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.12.2010, 23:51
| #1 |
| |  Trash.Gen, Umleitung über andere Seiten, Formatieren nutzlos Hallo, vor zwei Tagen erschien auf einmal beim Online-Banking so ein Eingabefeld für TANS und ich hatte auf einmal so ein HDD-Repair-Symbol auf dem Desktop + ein Pop-Up, das aussah wie von Windows, dass mein PC in Gefahr sei. Weil es so täuschend echt aussah, klickte ich Idiot es auch noch an. Gleichzeitig fing mein Laptop an, rumzuspinnen, der Internet Explorer funktionierte nicht mehr, ständig meldete Windows, Hostprozesse würden beendet werden, oder es würde nach Problemlösungen gesucht usw. Außerdem wurde ich ständig über andere Seiten geleitet wie brawsing-check oder ask.com und sowas. Am besten war, als ich Antivir und Antimalware drüber laufen ließ und die ständig neues Zeug fanden, u.a. Trash.Gen oder so, und jedesmal, wenn ich mit dem Internet verbunden war, wurde Zeug nachgezogen. Nachdem mein Desktop auch noch anfing, sich zu verändern (anderes Layout), dachte ich, okay, geht nicht mehr. Also mit den 3 DVDs von Vista von DVD gebootet und alles formatiert. Am liebsten hätte ich in dem Bootmenü formatiert und gleich alles geplättet, aber das geht ja leider nicht (meines Wissens), weil das ganze Zeug aufm Laptop total abgespeckt ist. Ich wollte erst "Reparieren" auswählen (wenn man F8 drückt nach dem Neustart des Laptops), aber da war nicht mal mein Benutzerkonto angezeigt und wenn ich meinen Benutzernamen und Kennwort eingeben wollte, sagte er: Nicht gefunden. Egal. Die 3 DVDs durchlaufen lassen, dann sollte ich ein Kennwort festlegen + Benutzernamen. Tat ich. Dann ist er erstmal abgestürzt. Warum auch immer. Ging dann auch nicht mehr aus. Irgendwie hab ichs geschafft, ihn auszukriegen (alles eingefroren) und als ich mein Kennwort dann eingab, wollte er schon mein Benutzerkonto laden, dann fiel ihm allerdings jedes Mal ein, dass das Kennwort ja doch ungültig sei. Also hab ich noch mal die 3 DVDs laufen lassen und alles noch mal installiert. Das Modem hab ich vorsichtshalber aus der Steckdose gezogen, damit er nicht gleich online geht (oder wer weiß, was da so alles abläuft, vllt. Aberglaube). Dann hab ich eScan von ner externen Festplatte (die ich auch tausend Mal überprüft hab mittlerweile) drüberlaufen lassen. Er fand irgendwas von "User Account Control (Fake)" und hat das gelöscht. Hab mit Anti-Malware, Spybot, Windows Defender, McNorton Security Scan und eScan alles durchsucht, nichts gefunden. Dann hab ich mich getraut, mich mit dem Inet zu verbinden. Bei Google wieder die Umleitung über bescheuerte andere Seiten. Daraufhin begann ich, diesen Beitrag hier zu verfassen. Mittendrin Bluescreen, Neustart. Und mein Puls bei 180. Was ist denn da los? Was soll ich machen? Das ist mein einziger tauglicher PC, leider. Kann ich den nun in die Tonne kloppen? Wenn ich hochfahre, geht jetzt immer von Acer "Install eRecovery Management" auf, das bei 10/20 eingefroren ist und nicht mehr weiterlädt. AUtomatische Updates findet er leider nicht. Und ich trau mich nicht ins Internet nach dem Formatieren, weil das die Wurzel allen Übels zu sein scheint. Kaum öffne ich den Internet Explorer und gehe auf Google, wird wieder gespackt und umgeleitet. Kann das Modem infiziert sein? Mein Plan sieht nun so aus, alles noch mal zu plätten. Geht ja scheinbar nicht anders. Sollte ich mir irgendwas runterladen und auf die externe Platte ziehen, um es ohne Internetverbindung zu installieren? Sorry der Roman, aber ich weiß ja nicht, was relevant sein könnte. Von was soll ich Logs posten? Danke!! Nesrah PS: Wisst ihr, was noch lustig ist? Ich kann Windows Update nicht zusammenschreiben. Sobald es irgendwo zusammengeschrieben ist, kommt "Website kann nicht angezeigt werden". Egal, ob ich das zusammengeschrieben bei Google eingebe oder hier...ist das normal? Geändert von Nesrah (14.12.2010 um 00:18 Uhr) |
|
14.12.2010, 03:14
| #2 |
| | Trash.Gen, Umleitung über andere Seiten, Formatieren nutzlos Hab mittlerweile noch mal formatiert.
__________________Brachte natürlich nichts. dann mit Anti-Malware Quickscan, mit OTL gescannt und mit GMER. Anbei einfach mal die Logs ,vllt. erbarmt sich ja jemand. Anti-Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Datenbank Version: 5309
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
14.12.2010 02:23:22
mbam-log-2010-12-14 (02-23-22).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131663
Laufzeit: 4 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL Extras logfile created on: 14.12.2010 02:25:13 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\looo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,38 Gb Total Space | 204,14 Gb Free Space | 90,18% Space Free | Partition Type: NTFS
Drive D: | 222,90 Gb Total Space | 112,70 Gb Free Space | 50,56% Space Free | Partition Type: NTFS
Computer Name: LOOO-PC | User Name: looo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E73116BE-1C5C-4D34-BD1E-3FC4EE342D9D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEAF83DA-A36D-4B2F-8857-A58F21F96726}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AF93532-80D1-4B3A-AE11-DCB1F89DD597}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37FBB3EF-501B-4346-9C30-F0717C3AE00C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3FAA9224-B6FF-4D08-AA44-7F8B0211C6C1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43DDBAE3-5B57-4078-A5FD-B241BC9A25FB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5EC3488B-7C81-49DE-9FE8-DA4E63800D9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7D43BDC8-22AD-45B3-A8E7-C341360B2B4C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{84852F32-3AC6-45A9-8579-8D8A33FEDFD9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A10788DF-B6A0-4E94-8F33-F74C811A9AD4}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A62F828F-0C0F-47E0-B834-CD14FC5BFB00}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{ADDF9CCF-F4EB-4BFC-A87E-5D23B099B28D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AE17C580-2866-417E-8DB8-87E8C3BDCDC6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{CDF5D316-4602-461C-A6D8-D2AC15326B9E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FA2686A9-B7B4-421B-AB8A-400B4EADA0A2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}" = Womens Murder Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.3
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Acer Acer Bio Protection 6.0.00.15" = Acer Bio Protection
AAV 6.0.00.15
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.12.2010 21:20:00 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:20:00 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:20:00 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:20:00 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:20:01 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:20:01 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:20:01 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:20:01 | Computer Name = looo-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.12.2010 21:25:59 | Computer Name = looo-PC | Source = SPP | ID = 16387
Description =
Error - 13.12.2010 21:25:59 | Computer Name = looo-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 02.02.2009 08:30:37 | Computer Name = WIN-T7QR819NU4P | Source = DCOM | ID = 10010
Description =
Error - 13.12.2010 20:36:52 | Computer Name = WIN-T7QR819NU4P | Source = HTTP | ID = 15016
Description =
Error - 13.12.2010 20:43:13 | Computer Name = looo-PC | Source = HTTP | ID = 15016
Description =
Error - 13.12.2010 21:16:38 | Computer Name = looo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.12.2010 um 02:14:42 unerwartet heruntergefahren.
Error - 13.12.2010 21:16:49 | Computer Name = looo-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 14.12.2010 02:25:13 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\looo\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 226,38 Gb Total Space | 204,14 Gb Free Space | 90,18% Space Free | Partition Type: NTFS Drive D: | 222,90 Gb Total Space | 112,70 Gb Free Space | 50,56% Space Free | Partition Type: NTFS Computer Name: LOOO-PC | User Name: looo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.14 02:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\looo\Desktop\OTL.exe PRC - [2010.12.14 01:48:23 | 003,485,696 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2010.12.14 01:48:15 | 003,520,512 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe PRC - [2010.12.14 01:48:07 | 003,719,680 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2010.12.14 01:47:14 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\looo\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.02.02 12:44:41 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2008.09.26 20:00:32 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe PRC - [2008.09.26 19:23:58 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe PRC - [2008.09.23 13:48:18 | 000,792,184 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe PRC - [2008.09.23 13:48:18 | 000,781,288 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcupdmgr.exe PRC - [2008.09.23 13:48:18 | 000,641,208 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2008.09.23 13:48:18 | 000,377,064 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcupdui.exe PRC - [2008.09.22 13:19:14 | 000,025,416 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSK\msksrver.exe PRC - [2008.09.18 10:43:58 | 000,198,432 | ---- | M] () -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe PRC - [2008.09.12 16:54:58 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe PRC - [2008.09.12 10:19:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe PRC - [2008.09.10 00:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.07.31 15:32:56 | 000,311,296 | ---- | M] (Acer Inc.) -- C:\Windows\acerTemp\HidChk.exe PRC - [2008.07.31 13:42:28 | 020,150,000 | ---- | M] (Acer Incorporated) -- C:\ACER\Preload\Autorun\APP\eRecovery Management\ery.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.06.30 17:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.05.26 05:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.05.07 09:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.25 21:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008.04.25 21:36:20 | 000,028,672 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008.04.25 21:36:02 | 000,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008.01.21 03:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe PRC - [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.04.24 18:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (SafeList) ========== MOD - [2010.12.14 02:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\looo\Desktop\OTL.exe MOD - [2008.09.18 10:44:00 | 000,012,576 | ---- | M] () -- C:\Programme\McAfee\SiteAdvisor\sahook.dll MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.14 01:48:15 | 003,520,512 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.02.02 12:44:41 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331) SRV - [2008.09.26 21:43:06 | 000,363,024 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2008.09.26 20:00:32 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2008.09.26 19:23:58 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2008.09.23 13:48:18 | 000,792,184 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2008.09.22 13:19:14 | 000,025,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2008.09.18 10:43:58 | 000,198,432 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2008.09.12 16:54:58 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2008.09.12 10:19:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008.09.10 00:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.26 05:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.04.25 21:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008.04.25 21:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbstor.sys -- (USBSTOR) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.12.14 01:48:11 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.12.05 11:24:00 | 007,538,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.26 20:01:12 | 000,212,968 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2008.09.26 20:01:12 | 000,079,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2008.09.26 20:01:12 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2008.09.26 20:01:12 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2008.09.26 20:00:40 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008.09.24 22:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.08.26 13:51:36 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2008.07.29 17:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk) DRV - [2008.07.29 17:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2008.07.29 17:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.05.26 05:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.05.19 17:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.05.07 12:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.04.04 10:26:56 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.02.29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008.01.30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.02 14:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_8930 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_8930 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_8930 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_8930 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.12.14 02:22:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.11.30 23:18:17 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.12.14 02:16:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.12.14 02:11:14 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\Malwarebytes [2010.12.14 02:11:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.14 02:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.14 02:11:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.14 02:11:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.14 02:10:11 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\looo\Desktop\mbam-setup.exe [2010.12.14 02:09:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\looo\Desktop\OTL.exe [2010.12.14 02:04:25 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\Adobe [2010.12.14 02:04:20 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\Google [2010.12.14 01:53:36 | 000,000,000 | ---D | C] -- C:\Windows\acerTemp [2010.12.14 01:53:11 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies [2010.12.14 01:53:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2010.12.14 01:53:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard [2010.12.14 01:52:51 | 000,000,000 | ---D | C] -- C:\Programme\Acer Inc [2010.12.14 01:52:38 | 000,054,784 | ---- | C] (ITE Tech. Inc. ) -- C:\Windows\System32\drivers\itecir.sys [2010.12.14 01:52:38 | 000,000,000 | ---D | C] -- C:\Windows\ITECIR [2010.12.14 01:52:19 | 000,000,000 | ---D | C] -- C:\Programme\Launch Manager [2010.12.14 01:51:39 | 000,352,256 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE [2010.12.14 01:51:32 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\InstallShield [2010.12.14 01:49:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX [2010.12.14 01:49:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR [2010.12.14 01:49:45 | 000,000,000 | ---D | C] -- C:\Programme\WIDCOMM [2010.12.14 01:48:36 | 000,114,688 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll [2010.12.14 01:48:24 | 000,023,040 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe [2010.12.14 01:48:11 | 000,331,776 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll [2010.12.14 01:48:11 | 000,043,184 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys [2010.12.14 01:48:11 | 000,016,384 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll [2010.12.14 01:48:06 | 000,192,512 | ---- | C] (Arachnoid Biometric Identification Group.) -- C:\Windows\System32\BioOne.dll [2010.12.14 01:48:05 | 000,189,952 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\System32\PBAGUI.dll [2010.12.14 01:48:04 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\Validity [2010.12.14 01:48:02 | 000,000,000 | ---D | C] -- C:\Users\looo\Documents\Eigene Google Gadgets [2010.12.14 01:47:58 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2010.12.14 01:47:56 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Local\Google [2010.12.14 01:47:44 | 000,000,000 | ---D | C] -- C:\Programme\Validity Sensors, Inc [2010.12.14 01:47:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer [2010.12.14 01:47:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.12.14 01:46:55 | 000,000,000 | R--D | C] -- C:\Users\looo\Searches [2010.12.14 01:46:46 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\Identities [2010.12.14 01:46:44 | 000,000,000 | R--D | C] -- C:\Users\looo\Contacts [2010.12.14 01:46:09 | 000,114,688 | ---- | C] (Abstract Software) -- C:\Users\Public\Desktop\Internet-Erlebniswelt.exe [2010.12.14 01:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010.12.14 01:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.12.14 01:44:20 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Local\VirtualStore [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Vorlagen [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\AppData\Local\Verlauf [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\AppData\Local\Temporary Internet Files [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Startmenü [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\SendTo [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Recent [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Netzwerkumgebung [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Lokale Einstellungen [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Documents\Eigene Videos [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Documents\Eigene Musik [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Eigene Dateien [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Documents\Eigene Bilder [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Druckumgebung [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Cookies [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\AppData\Local\Anwendungsdaten [2010.12.14 01:44:16 | 000,000,000 | -HSD | C] -- C:\Users\looo\Anwendungsdaten [2010.12.14 01:44:15 | 000,000,000 | --SD | C] -- C:\Users\looo\AppData\Roaming\Microsoft [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Videos [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Saved Games [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Pictures [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Music [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Links [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Favorites [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Downloads [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Documents [2010.12.14 01:44:15 | 000,000,000 | R--D | C] -- C:\Users\looo\Desktop [2010.12.14 01:44:15 | 000,000,000 | -H-D | C] -- C:\Users\looo\AppData [2010.12.14 01:44:15 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Local\Temp [2010.12.14 01:44:15 | 000,000,000 | ---D | C] -- C:\Users\looo\Roaming [2010.12.14 01:44:15 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Local\Microsoft [2010.12.14 01:44:15 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\Media Center Programs [2010.12.14 01:44:15 | 000,000,000 | ---D | C] -- C:\Users\looo\AppData\Roaming\Acer GameZone Console [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\Programme [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.12.14 01:43:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.12.14 01:39:49 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe [2010.12.14 01:39:44 | 000,000,000 | ---D | C] -- C:\Windows\Options [2010.12.14 01:37:31 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2009.02.02 19:35:44 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.12.14 02:24:50 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.14 02:24:50 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.14 02:24:50 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.14 02:24:50 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.14 02:18:54 | 000,005,149 | ---- | M] () -- C:\Windows\System32\Config.MPF [2010.12.14 02:16:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.14 02:16:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.14 02:16:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.14 02:16:35 | 317,251,471 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.12.14 02:16:09 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys [2010.12.14 02:11:10 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.14 02:10:36 | 000,304,156 | ---- | M] () -- C:\Users\looo\Desktop\Ständige Google Weiterleitung zu Gomeo usw, - Trojaner-Board.mht [2010.12.14 02:10:27 | 000,296,448 | ---- | M] () -- C:\Users\looo\Desktop\uxh7dj11.exe [2010.12.14 02:10:11 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\looo\Desktop\mbam-setup.exe [2010.12.14 02:09:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\looo\Desktop\OTL.exe [2010.12.14 01:52:52 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI [2010.12.14 01:52:28 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI [2010.12.14 01:52:21 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI [2010.12.14 01:49:49 | 000,000,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2010.12.14 01:48:36 | 000,118,784 | ---- | M] () -- C:\Windows\System32\VMC3KAPI.dll [2010.12.14 01:48:36 | 000,114,688 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll [2010.12.14 01:48:24 | 000,023,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe [2010.12.14 01:48:11 | 000,331,776 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll [2010.12.14 01:48:11 | 000,043,184 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys [2010.12.14 01:48:11 | 000,016,384 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll [2010.12.14 01:48:06 | 000,192,512 | ---- | M] (Arachnoid Biometric Identification Group.) -- C:\Windows\System32\BioOne.dll [2010.12.14 01:48:05 | 000,189,952 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\PBAGUI.dll [2010.12.14 01:46:05 | 000,000,594 | ---- | M] () -- C:\Users\Public\Desktop\Acer Store.lnk [2010.12.14 01:43:02 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf [2010.12.14 01:36:39 | 000,298,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010.12.14 02:16:18 | 317,251,471 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.12.14 02:11:10 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.14 02:10:32 | 000,304,156 | ---- | C] () -- C:\Users\looo\Desktop\Ständige Google Weiterleitung zu Gomeo usw, - Trojaner-Board.mht [2010.12.14 02:10:16 | 000,296,448 | ---- | C] () -- C:\Users\looo\Desktop\uxh7dj11.exe [2010.12.14 01:52:52 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI [2010.12.14 01:52:28 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI [2010.12.14 01:52:21 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI [2010.12.14 01:51:39 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.12.14 01:51:39 | 000,222,382 | ---- | C] () -- C:\Windows\Acer Crystal Eye webcam.ico [2010.12.14 01:51:39 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.12.14 01:51:39 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe [2010.12.14 01:51:39 | 000,004,838 | ---- | C] () -- C:\Windows\Suyin.reg [2010.12.14 01:51:39 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2010.12.14 01:49:49 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2010.12.14 01:48:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2010.12.14 01:46:05 | 000,000,594 | ---- | C] () -- C:\Users\Public\Desktop\Acer Store.lnk [2010.12.14 01:44:15 | 000,001,850 | ---- | C] () -- C:\Users\looo\Desktop\Cyberlink PowerDirector.lnk [2010.12.14 01:41:44 | 3218,042,880 | -HS- | C] () -- C:\hiberfil.sys [2009.02.02 19:33:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.02.02 13:14:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2009.02.02 13:14:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2009.02.02 12:43:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2009.02.02 12:23:31 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.11.14 16:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.02.02 13:00:43 | 000,000,000 | ---D | M] -- C:\Users\looo\AppData\Roaming\Acer GameZone Console [2010.12.14 01:48:04 | 000,000,000 | ---D | M] -- C:\Users\looo\AppData\Roaming\Validity [2009.02.02 13:23:39 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2009.02.02 13:23:39 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2010.12.14 01:40:50 | 000,012,304 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008.01.21 03:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2009.02.02 19:36:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.12.14 02:16:09 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys [2010.12.14 02:16:09 | 3531,636,736 | -HS- | M] () -- C:\pagefile.sys [2009.02.02 12:23:48 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2006.11.02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2008.12.05 00:19:40 | 000,308,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 03:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 03:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2008.05.08 22:59:33 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Update\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Windows Update\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > |
|
14.12.2010, 03:15
| #3 |
| | Trash.Gen, Umleitung über andere Seiten, Formatieren nutzlos Und zuletzt GMER:
__________________Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-14 02:51:57
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.PB4O
Running: uxh7dj11.exe; Driver: C:\Users\looo\AppData\Local\Temp\kgtdapog.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile [0x907142CE]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess [0x90714268]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx [0x9071427C]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection [0x9071430C]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey [0x9071434F]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenProcess [0x90714240]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenThread [0x90714254]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory [0x907142E2]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwReplaceKey [0x90714377]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey [0x90714363]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetContextThread [0x907142BA]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess [0x907142A6]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess [0x9071433B]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection [0x90714322]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution [0x907142F8]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateUserProcess [0x90714292]
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 81E2A18C 5 Bytes JMP 907142FC \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 81FC417C 5 Bytes JMP 90714353 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateUserProcess 81FCBDCA 5 Bytes JMP 90714296 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwTerminateProcess 81FE5F80 5 Bytes JMP 9071433F \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtOpenThread 820051DC 5 Bytes JMP 90714258 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtOpenProcess 82014B18 5 Bytes JMP 90714244 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 8202774E 7 Bytes JMP 90714310 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82027DA5 5 Bytes JMP 90714326 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtCreateFile 82029FB6 5 Bytes JMP 907142D2 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtSetInformationProcess 82037674 5 Bytes JMP 907142AA \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 820398CE 7 Bytes JMP 907142E6 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRestoreKey 82058452 5 Bytes JMP 90714367 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwReplaceKey 8205949E 5 Bytes JMP 9071437B \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcess 820971C1 5 Bytes JMP 9071426C \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8209720C 7 Bytes JMP 90714280 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwSetContextThread 82097CCB 5 Bytes JMP 907142BE \SystemRoot\system32\drivers\mfehidk.sys
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DC0D340, 0x3ECED7, 0xE8000020]
? System32\Drivers\Mpfp.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\drivers\mfehidk.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\drivers\mfebopk.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\drivers\mfeavfk.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\drivers\mfesmfk.sys Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 0111007F
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 01110F39
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 01110F03
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 01110F14
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 01110F68
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 01110FC0
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 01110F79
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 01110FA5
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 01110053
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 01110F8A
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 0111002C
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 01110064
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 01110EF2
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 01110000
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 01110FE5
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 01110011
.text C:\Windows\system32\svchost.exe[536] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 01110090
.text C:\Windows\system32\svchost.exe[536] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00DF0064
.text C:\Windows\system32\svchost.exe[536] msvcrt.dll!system 76B68B63 5 Bytes JMP 00DF0FE3
.text C:\Windows\system32\svchost.exe[536] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 00DF002E
.text C:\Windows\system32\svchost.exe[536] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[536] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 00DF0053
.text C:\Windows\system32\svchost.exe[536] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 00DF0011
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 01100025
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 0110000A
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 01100FEF
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 01100F83
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 01100F68
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 01100FB9
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 01100FD4
.text C:\Windows\system32\svchost.exe[536] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 01100FA8
.text C:\Windows\system32\svchost.exe[536] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\svchost.exe[536] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 00DA0025
.text C:\Windows\system32\svchost.exe[536] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 00DA0014
.text C:\Windows\system32\svchost.exe[536] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 00DA0036
.text C:\Windows\system32\svchost.exe[536] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 00D90FEF
.text C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 00560076
.text C:\Windows\system32\services.exe[628] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 00560F30
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 00560EFA
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 00560091
.text C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 00560040
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 0056000A
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 00560F66
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 00560025
.text C:\Windows\system32\services.exe[628] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 0056005B
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 00560F83
.text C:\Windows\system32\services.exe[628] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 00560F9E
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 00560F4B
.text C:\Windows\system32\services.exe[628] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 00560EE9
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 00560FD4
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 00560FEF
.text C:\Windows\system32\services.exe[628] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 00560FAF
.text C:\Windows\system32\services.exe[628] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 00560F15
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00500058
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 00500FC0
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00500000
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00500047
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00500073
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 00500FE5
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 00500011
.text C:\Windows\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00500036
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 004F0058
.text C:\Windows\system32\services.exe[628] msvcrt.dll!system 76B68B63 5 Bytes JMP 004F0047
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 004F0FD7
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 004F0000
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 004F002C
.text C:\Windows\system32\services.exe[628] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 004F0011
.text C:\Windows\system32\services.exe[628] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 004E0FEF
.text C:\Windows\system32\services.exe[628] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 004E0FB9
.text C:\Windows\system32\services.exe[628] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 004E0FD4
.text C:\Windows\system32\services.exe[628] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 004E0FA8
.text C:\Windows\system32\services.exe[628] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 008D0094
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 008D0F4E
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 008D00B6
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 008D0F1F
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 008D0F7A
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 008D0FCD
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 008D0054
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 008D0FAB
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 008D0065
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 008D0043
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 008D0FBC
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 008D0F5F
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 008D0EFA
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 008D0FDE
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 008D0014
.text C:\Windows\system32\lsass.exe[652] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 008D00A5
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 008A0FAC
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 008A003D
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 008A0000
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 008A004E
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 008A0F9B
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 008A0022
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 008A0011
.text C:\Windows\system32\lsass.exe[652] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 008A0FD1
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00190FBE
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!system 76B68B63 5 Bytes JMP 0019003F
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 0019001D
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00190FEF
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 0019002E
.text C:\Windows\system32\lsass.exe[652] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 0019000C
.text C:\Windows\system32\lsass.exe[652] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 0017000A
.text C:\Windows\system32\lsass.exe[652] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 00180000
.text C:\Windows\system32\lsass.exe[652] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 0018002C
.text C:\Windows\system32\lsass.exe[652] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 0018001B
.text C:\Windows\system32\lsass.exe[652] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 00180FDB
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 00560F4E
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 00560F5F
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 005600DB
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 005600CA
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 00560F9C
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 00560025
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 00560FAD
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 0056005B
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 00560F81
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 00560076
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 00560040
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 00560F70
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 005600EC
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 00560FE5
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 00560FD4
.text C:\Windows\system32\svchost.exe[876] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 005600B9
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00540FB2
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!system 76B68B63 5 Bytes JMP 0054003D
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 00540022
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00540000
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 00540FCD
.text C:\Windows\system32\svchost.exe[876] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 00540011
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00550F94
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 0055001B
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00550FE5
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00550036
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00550F83
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 0055000A
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 00550FD4
.text C:\Windows\system32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00550FAF
.text C:\Windows\system32\svchost.exe[876] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 004F0000
.text C:\Windows\system32\svchost.exe[876] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 004F0025
.text C:\Windows\system32\svchost.exe[876] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 004F0FEF
.text C:\Windows\system32\svchost.exe[876] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 004F0036
.text C:\Windows\system32\svchost.exe[876] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 00AE008E
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 00AE007D
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 00AE0F23
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 00AE00BA
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 00AE0047
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 00AE0FC0
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 00AE0036
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 00AE0F94
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 00AE0F5C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 00AE0F79
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 00AE0FA5
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 00AE006C
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 00AE0F08
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 00AE0FEF
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 00AE0000
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 00AE001B
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 00AE00A9
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 009C0FD4
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!system 76B68B63 5 Bytes JMP 009C0FE5
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 009C0044
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 009C000C
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 009C0055
.text C:\Windows\system32\svchost.exe[956] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 009C0029
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00AD003D
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 00AD0FC0
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00AD0000
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00AD0F9B
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00AD0F8A
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 00AD0011
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 00AD0FE5
.text C:\Windows\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00AD002C
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 009B0000
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 009B0FE5
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 009B001B
.text C:\Windows\system32\svchost.exe[956] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 009B0036
.text C:\Windows\system32\svchost.exe[956] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 0052000A
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 004E008C
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 004E0071
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 004E00B8
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 004E00A7
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 004E0F7C
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 004E0FCA
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 004E0F8D
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 004E0040
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 004E0F6B
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 004E0F9E
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 004E0FAF
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 004E0F46
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 004E0EFC
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 004E0000
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 004E0FEF
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 004E0011
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 004E0F2B
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 003C001B
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!system 76B68B63 5 Bytes JMP 003C0F90
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 003C0000
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 003C0FE3
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 003C0FAB
.text C:\Windows\System32\svchost.exe[1100] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 003C0FC6
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 003D0047
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 003D001B
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 003D0FEF
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 003D0036
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 003D0F94
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 003D0FCA
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 003D0000
.text C:\Windows\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 003D0FAF
.text C:\Windows\System32\svchost.exe[1100] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 001A0FEF
.text C:\Windows\System32\svchost.exe[1100] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 001A001B
.text C:\Windows\System32\svchost.exe[1100] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 001A000A
.text C:\Windows\System32\svchost.exe[1100] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 001A0040
.text C:\Windows\System32\svchost.exe[1100] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 00180FEF
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 00AF007B
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 00AF006A
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 00AF00BB
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 00AF00A0
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 00AF0F5D
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 00AF0FBC
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 00AF0F6E
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 00AF0F90
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 00AF0048
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 00AF0F7F
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 00AF0FAB
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 00AF0059
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 00AF00D6
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 00AF0FDE
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 00AF0FEF
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 00AF0FCD
.text C:\Windows\System32\svchost.exe[1140] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 00AF0F24
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00A90038
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!system 76B68B63 5 Bytes JMP 00A90027
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 00A90FC8
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00A90FEF
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 00A90FB7
.text C:\Windows\System32\svchost.exe[1140] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 00A9000C
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00AA0065
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 00AA002F
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00AA0FE5
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00AA004A
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00AA0076
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 00AA0FC3
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 00AA0FD4
.text C:\Windows\System32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00AA0014
.text C:\Windows\System32\svchost.exe[1140] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 00A30000
.text C:\Windows\System32\svchost.exe[1140] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 00A30FD4
.text C:\Windows\System32\svchost.exe[1140] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 00A30FE5
.text C:\Windows\System32\svchost.exe[1140] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 00A3001B
.text C:\Windows\System32\svchost.exe[1140] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 00560FEF
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 00B00F3E
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 00B00F4F
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 00B000CB
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 00B000BA
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 00B0005F
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 00B00FAF
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 00B0004E
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 00B0002C
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 00B00070
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 00B0003D
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 00B0001B
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 00B00F60
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 00B000DC
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 00B00000
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 00B00FEF
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 00B00FCA
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 00B00095
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00A20FBC
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!system 76B68B63 5 Bytes JMP 00A20047
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 00A20011
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00A20FE3
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 00A20036
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 00A20000
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00AB0065
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 00AB0040
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00AB0FEF
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00AB0FB9
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00AB0076
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 00AB0FD4
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 00AB0014
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00AB0025
.text C:\Windows\system32\svchost.exe[1392] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 009F0FEF
.text C:\Windows\system32\svchost.exe[1392] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 009F0FC3
.text C:\Windows\system32\svchost.exe[1392] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 009F0FD4
.text C:\Windows\system32\svchost.exe[1392] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 009F0FB2
.text C:\Windows\system32\svchost.exe[1392] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 00020000
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 00B100A7
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 00B10096
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 00B10F21
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 00B10F3C
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 00B10F7C
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 00B10FB9
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 00B10F8D
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 00B10036
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 00B10F6B
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 00B10F9E
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 00B10025
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 00B1007B
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 00B100DD
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 00B10FDE
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 00B10FEF
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 00B1000A
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 00B100B8
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00510069
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!system 76B68B63 5 Bytes JMP 00510058
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 00510FEF
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00510000
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 00510FDE
.text C:\Windows\system32\svchost.exe[1664] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 0051001D
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00560047
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 00560FA5
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00560000
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00560036
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00560F94
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 00560FCA
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 00560FE5
.text C:\Windows\system32\svchost.exe[1664] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 0056001B
.text C:\Windows\system32\svchost.exe[1664] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 00500FEF
.text C:\Windows\system32\svchost.exe[1664] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 0050000A
.text C:\Windows\system32\svchost.exe[1664] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 00500FD4
.text C:\Windows\system32\svchost.exe[1664] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 00500025
.text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 004B0000
.text C:\Windows\Explorer.EXE[1956] ntdll.dll!NtProtectVirtualMemory 77238968 5 Bytes JMP 01BF000A
.text C:\Windows\Explorer.EXE[1956] ntdll.dll!NtWriteVirtualMemory 772392A8 5 Bytes JMP 0220000A
.text C:\Windows\Explorer.EXE[1956] ntdll.dll!KiUserExceptionDispatcher 772399E8 5 Bytes JMP 01BE000A
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 0245009A
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 02450F54
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 02450F1E
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 024500B5
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 0245005A
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 02450FD1
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 02450F80
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 02450FAC
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 02450F6F
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 02450F9B
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 0245003D
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 02450075
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 02450F0D
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 0245001B
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 0245000A
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 0245002C
.text C:\Windows\Explorer.EXE[1956] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 02450F39
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 02440FC0
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 02440FD1
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 02440000
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 02440058
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 02440F9B
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 0244002C
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 0244001B
.text C:\Windows\Explorer.EXE[1956] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 0244003D
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_wsystem 76B68A47 3 Bytes JMP 02420F9C
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_wsystem + 4 76B68A4B 1 Byte [8B]
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!system 76B68B63 3 Bytes JMP 02420FAD
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!system + 4 76B68B67 1 Byte [8B]
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_creat 76B6C6F1 3 Bytes JMP 02420FD2
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_creat + 4 76B6C6F5 1 Byte [8B]
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 0242000C
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_wcreat 76B6DC9E 3 Bytes JMP 0242001D
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_wcreat + 4 76B6DCA2 1 Byte [8B]
.text C:\Windows\Explorer.EXE[1956] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 02420FE3
.text C:\Windows\Explorer.EXE[1956] SHELL32.dll!InitNetworkAddressControl + 2939 75E90064 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[1956] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 02400FE5
.text C:\Windows\Explorer.EXE[1956] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 02410FE5
.text C:\Windows\Explorer.EXE[1956] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 02410FC3
.text C:\Windows\Explorer.EXE[1956] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 02410FD4
.text C:\Windows\Explorer.EXE[1956] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 02410014
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 004A0F48
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 004A0F63
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 004A00B3
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 004A0F12
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 004A0062
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 004A0025
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 004A0051
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 004A0F9E
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 004A007D
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 004A0036
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 004A0FAF
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 004A008E
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 004A00C4
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 004A000A
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 004A0FEF
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 004A0FDE
.text C:\Windows\System32\svchost.exe[2052] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 004A0F2D
.text C:\Windows\System32\svchost.exe[2052] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 0048005F
.text C:\Windows\System32\svchost.exe[2052] msvcrt.dll!system 76B68B63 5 Bytes JMP 0048004E
.text C:\Windows\System32\svchost.exe[2052] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 00480018
.text C:\Windows\System32\svchost.exe[2052] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00480FEF
.text C:\Windows\System32\svchost.exe[2052] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 00480029
.text C:\Windows\System32\svchost.exe[2052] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 00480FDE
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00490F9E
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 0049002C
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00490000
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00490FAF
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 0049005B
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 00490FE5
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 0049001B
.text C:\Windows\System32\svchost.exe[2052] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00490FC0
.text C:\Windows\System32\svchost.exe[2052] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 00020000
.text C:\Windows\System32\svchost.exe[2052] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 0002001B
.text C:\Windows\System32\svchost.exe[2052] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 00020FE5
.text C:\Windows\System32\svchost.exe[2052] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 00020FCA
.text C:\Windows\System32\svchost.exe[2052] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 004D0000
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 004D0F46
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 004D008C
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 004D00C2
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 004D0F35
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 004D0F6B
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 004D001E
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 004D0F7C
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 004D0FA8
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 004D0060
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 004D0F8D
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 004D002F
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 004D007B
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 004D00D3
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 004D0FDE
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 004D0FEF
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 004D0FCD
.text C:\Windows\system32\svchost.exe[2640] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 004D00A7
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 004B0F8B
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!system 76B68B63 5 Bytes JMP 004B0F9C
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 004B000C
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 004B0FEF
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 004B0FB7
.text C:\Windows\system32\svchost.exe[2640] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 004B0FD2
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 004C0FA8
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 004C0FCA
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 004C0FEF
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 004C0FB9
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 004C0065
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 004C0025
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 004C000A
.text C:\Windows\system32\svchost.exe[2640] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 004C0036
.text C:\Windows\system32\svchost.exe[2640] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 00490000
.text C:\Windows\system32\svchost.exe[2640] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 00490FD4
.text C:\Windows\system32\svchost.exe[2640] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 00490FE5
.text C:\Windows\system32\svchost.exe[2640] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 00490FC3
.text C:\Windows\system32\svchost.exe[2640] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[5332] ntdll.dll!NtProtectVirtualMemory 77238968 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[5332] ntdll.dll!NtWriteVirtualMemory 772392A8 5 Bytes JMP 0098000A
.text C:\Windows\system32\svchost.exe[5332] ntdll.dll!KiUserExceptionDispatcher 772399E8 5 Bytes JMP 0055000A
.text C:\Windows\system32\svchost.exe[5332] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00080F95
.text C:\Windows\system32\svchost.exe[5332] msvcrt.dll!system 76B68B63 5 Bytes JMP 00080020
.text C:\Windows\system32\svchost.exe[5332] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 00080FC1
.text C:\Windows\system32\svchost.exe[5332] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00080FE3
.text C:\Windows\system32\svchost.exe[5332] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 00080FB0
.text C:\Windows\system32\svchost.exe[5332] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 00080FD2
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00090033
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 00090FAC
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00090FEF
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00090F91
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00090F76
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 00090011
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 00090000
.text C:\Windows\system32\svchost.exe[5332] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00090022
.text C:\Windows\system32\svchost.exe[5332] ole32.dll!CoCreateInstance 76C0E188 5 Bytes JMP 00AA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!GetStartupInfoW 77311929 5 Bytes JMP 000600C7
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!GetStartupInfoA 773119C9 5 Bytes JMP 00060F81
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!CreateProcessW 77311C01 5 Bytes JMP 00060F4B
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!CreateProcessA 77311C36 5 Bytes JMP 00060F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!VirtualProtect 77311DD1 5 Bytes JMP 00060091
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!CreateNamedPipeW 77315C44 5 Bytes JMP 00060FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!LoadLibraryExW 773330C3 5 Bytes JMP 00060080
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!LoadLibraryW 7733361F 5 Bytes JMP 0006006F
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!VirtualProtectEx 77338D7E 5 Bytes JMP 00060F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!LoadLibraryExA 77339469 5 Bytes JMP 00060FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!LoadLibraryA 77339491 5 Bytes JMP 00060054
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!CreatePipe 77340284 5 Bytes JMP 000600B6
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!GetProcAddress 7735B8B6 5 Bytes JMP 000600F3
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!CreateFileW 7735CC4E 5 Bytes JMP 0006000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!CreateFileA 7735CF71 5 Bytes JMP 00060FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!CreateNamedPipeA 773A41F6 5 Bytes JMP 0006002F
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] kernel32.dll!WinExec 773A53E7 5 Bytes JMP 000600D8
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegCreateKeyExA 7712B5E7 5 Bytes JMP 00080FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegCreateKeyA 7712B8AE 5 Bytes JMP 00080047
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegOpenKeyA 77130BF5 5 Bytes JMP 00080000
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegCreateKeyW 7713B83D 5 Bytes JMP 00080062
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegCreateKeyExW 7713BCE1 5 Bytes JMP 00080087
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegOpenKeyExA 7713D4E8 5 Bytes JMP 0008002C
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegOpenKeyW 77143CB0 5 Bytes JMP 0008001B
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] ADVAPI32.dll!RegOpenKeyExW 7714F09D 5 Bytes JMP 00080FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] msvcrt.dll!_wsystem 76B68A47 5 Bytes JMP 00090050
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] msvcrt.dll!system 76B68B63 5 Bytes JMP 00090FCF
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] msvcrt.dll!_creat 76B6C6F1 5 Bytes JMP 0009002E
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] msvcrt.dll!_open 76B6DA7E 5 Bytes JMP 00090000
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] msvcrt.dll!_wcreat 76B6DC9E 5 Bytes JMP 0009003F
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] msvcrt.dll!_wopen 76B6DE79 5 Bytes JMP 00090011
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] WS2_32.dll!socket 75CF36D1 5 Bytes JMP 000B0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] WININET.dll!InternetOpenA 75DA03DD 5 Bytes JMP 00100FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] WININET.dll!InternetOpenUrlA 75DA20A3 5 Bytes JMP 0010001B
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] WININET.dll!InternetOpenW 75DA2A58 5 Bytes JMP 0010000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6136] WININET.dll!InternetOpenUrlW 75DEAF79 5 Bytes JMP 00100036
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS545050B9A300_________________PB4OC60F#4&2b7926f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???1?=???????=???=??us??7.15.11.7927?0???????????1???(???(????L??1??????????????pci\ven_10de&dev_064a&subsys_01451025???? 0??1???&?????'?'??NVIDIA GeForce 9700M GT?? ??nvd3dum?nvwgf2um?????????????L??????PS????8??1???'??????????nvcod135.dll,NVCoInstaller???????????????'???????????'????$??1???????????????s????4??1?????????????d-V??nvd3dum.dll?nvwgf2um.dll?????????????'???????????'???1???????????e???????o??? ???????'???????'??AT&F<cr>??????N??1???i??????????\???{9A516B97-E7C1-451B-9165-C5035994A3F5}?t\n???????????'?????6?(???????1???(???????????????.??????????kW???????????'???????????'???????????c???d???????????'?????8?'??? ???????(???????'???????????'???????????????????????n???????????????????'?????????7?'???????????(?????????(?(???????????o??????me???????.???\???????????????????p?????????mob???????????(???????????(???????????g???????d??R&T0000=1280,1024,*,*,*,BNQ*,NONE?R&T0001=1152,864,*,*,*,BNQ*,NONE???(???????????'?????s?'??? ???????(???????(???????????(???????????r???????????_???????????)???????????+?????
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 976772912 (+255): rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
LG, Nesrah PS: Windows Update zusammengschrieben musste ich an zwei Stellen in en LOGS so ändern dass es auseinandergeschrieben ist. |
|
15.12.2010, 06:40
| #4 |
| | Trash.Gen, Umleitung über andere Seiten, Formatieren nutzlos Hatte gehofft, jemand würde helfen, vor allem da der Virus (oder was das ist) auch nach dem Formatieren von C und d wieder sofort da ist und da immer extra hingewiesen wird, man solle Combofix usw nur ausführen, wenn geraten. Ich probiers dann trotzdem mal mit CF und allem, noch mehr kann ich mir das System ja nicht zerschießen. Surfen kann ich ja nun eh nicht mehr, keine Seite mehr aufrufen, wo ich Passwörter eingeben muss, also quasi nix machen. Und solang ich online bin, kommen ständig Fehlermeldungen und irgendwas stürzt ab. Ich versuch jetzt alles, was geht, und in der Zeit sollte keiner unter meinem Fenster entlangfahren oder -gehen, evtl. regnet es Laptops oder Modems :d |
|
| Themen zu Trash.Gen, Umleitung über andere Seiten, Formatieren nutzlos |
| acer, antivir, automatische updates, bluescreen, bootmenü, defender, desktop, e-banking, eingefroren, escan, explorer, externe platte, fake, festplatte, formatieren, google, infiziert, internet, internet explorer, laptop, neustart, neustart., nicht angezeigt, ohne internetverbindung, pop-up, prozesse, security, security scan, seite, seiten, umleitung, updates, verbindung, vista, warum, was soll ich machen, website kann nicht angezeigt werden |
Linear-Darstellung
