Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen in AppData

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2010, 05:36   #1
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Hallo!

Ich habe nun seit einigen Tagen bei Avira die Meldung, dass ein Trojaner gefunden wurde. Ich habe auch schon mehrere Versuche unternommen, ihn zu löschen, bzw. die beiden. Es sind zwei gleichnamige, aber in verschiedenen Datein. Ich habe auch schon den Thread hier gelesen, in dem es um den Gleichen / ähnlichen TR geht, aber ich kenne mich mit der Technik nicht so gut aus und brauche immer alles "Für Frauen erklärt". ... Na ja ich habe mein System dann mal mit Malwarebytes und OLT gescannt und hier sind die Ergebnisse (ich habe leider vergessen Malwarebytes vorher auf neue Updates zu suchen und habe dann noch mal gescannt, aber dabei wurde nichts gefunden - Wobei mir auffällt, dass nur im IE gesucht wird und ich die meisten Probleme eigentlich bei FF bemerke - Sollte ich noch mal einen großen Scan durchführen?) :


Malwarebytes' Anti-Malware 1.46
www*malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

15.10.2010 05:58:57
mbam-log-2010-10-15 (05-58-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 117288
Laufzeit: 10 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und die beiden von OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.10.2010 06:17:13 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 39,52 Gb Free Space | 33,96% Space Free | Partition Type: NTFS
Drive E: | 115,05 Gb Total Space | 110,77 Gb Free Space | 96,28% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Vidalia Bundle\Tor\tor.exe ()
PRC - C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Programme\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Programme\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LckFldService) -- C:\Windows\System32\LckFldService.exe File not found
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (jnv4_mib) -- C:\Users\***\AppData\Local\Temp\jnv4_mib.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.lovin-girls.bplaced.de/Forum/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {2cb97724-d789-4f43-8888-a763cbb8df6f}:3.0.2564.27062
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:4.2.4
FF - prefs.js..keyword.URL: "hxxp://www.ask.com/web?o=101447&l=dis&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "222.18.54.37"
FF - prefs.js..network.proxy.gopher: "222.18.54.37"
FF - prefs.js..network.proxy.http: "222.18.54.37"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "222.18.54.37"
FF - prefs.js..network.proxy.ssl: "222.18.54.37"
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 16:42:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.24 01:42:16 | 000,000,000 | ---D | M]
 
[2009.05.26 18:02:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.15 03:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions
[2009.09.04 21:03:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.27 05:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{2cb97724-d789-4f43-8888-a763cbb8df6f}
[2010.08.16 18:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.03.23 22:38:53 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009.02.18 21:37:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.06.13 18:01:06 | 000,000,000 | ---D | M] (Red Cats (blue flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\05xg1xwj.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}
[2010.10.12 23:58:05 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\05xg1xwj.default\searchplugins\icqplugin.xml
[2010.09.01 01:22:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.09.04 21:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.24 01:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.01 01:22:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.05.26 18:02:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.04 16:42:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.04 16:42:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.04 16:42:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.04 16:42:45 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.04 16:42:45 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programme\Neopets\Toolbar\toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programme\Neopets\Toolbar\toolbar.dll (Velocity Services, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Programme\Neopets\Toolbar\toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [TOSCDSPD]  File not found
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\thinspiration\1_____.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\thinspiration\1_____.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.15 06:14:58 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.10.15 05:47:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.10.15 05:46:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.15 05:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.15 05:46:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.15 05:46:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.14 03:03:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 23:58:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 23:57:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 23:55:44 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 23:55:39 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 23:55:38 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 23:55:23 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 23:55:18 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.13 23:55:06 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 23:55:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.10.13 23:55:01 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.13 23:55:01 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.10.13 23:54:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 23:54:59 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.13 23:54:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 23:54:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.10.13 23:54:58 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.13 23:54:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.13 23:52:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.10.05 00:23:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.20 21:00:33 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.15 06:15:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.10.15 06:02:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.15 05:46:15 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.15 05:35:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 05:35:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 03:39:02 | 000,029,981 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.10.15 03:35:25 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.15 03:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.15 03:35:08 | 2136,952,832 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.14 21:04:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.14 21:04:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.14 21:04:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.14 21:04:18 | 000,046,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.14 07:00:43 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.10.14 06:57:06 | 000,286,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.13 23:52:51 | 000,000,809 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.10.01 05:58:43 | 000,146,833 | -H-- | M] () -- C:\Users\***\Desktop\mxfilerelatedcache.mxc2
[2010.10.01 05:55:11 | 000,007,168 | -H-- | M] () -- C:\Users\***\Desktop\photothumb.db
[2010.09.20 11:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.15 05:46:15 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.13 23:52:51 | 000,000,809 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.07.23 23:01:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.20 18:30:04 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.01.06 22:18:01 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.01.06 22:17:49 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.08.25 19:49:30 | 000,000,032 | ---- | C] () -- C:\Windows\System32\Mlkf.dll
[2008.06.29 18:40:52 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.05.16 13:37:21 | 000,000,295 | ---- | C] () -- C:\Windows\{DD1A721B-F49D-4F26-A7B3-2C00655022D8}_WiseFW.ini
[2008.05.09 15:14:21 | 000,065,024 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.25 15:27:02 | 000,000,016 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.04.25 15:27:02 | 000,000,016 | -H-- | C] () -- C:\Users\***\AppData\Local\mxfilerelatedcache.mxc2
[2008.04.12 18:53:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.04.11 20:59:41 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.04.10 20:26:14 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.04.10 20:26:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.04.10 20:26:14 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.04.10 20:26:14 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.04.10 20:23:00 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.18 17:58:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.01.28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.01.28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.01.28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.01.28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.01.28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.10.2010 06:17:13 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 39,52 Gb Free Space | 33,96% Space Free | Partition Type: NTFS
Drive E: | 115,05 Gb Total Space | 110,77 Gb Free Space | 96,28% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{236B9DA2-4B1F-4113-B3AF-0CE0D5F34149}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F2F62D8-BA95-4E04-A705-6C1A92BE08CD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{682CD9EA-DF6E-4B9F-8E1E-FB042FABD270}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{748377DF-3CB6-4A7C-989B-A4FE39DC94F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90C62EB8-1699-4E67-BA09-1462F5A0F117}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{95C965D2-B679-409F-AABD-26B2D0936E5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9E929A0F-40BF-4697-8FC1-092D5E6A48DA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C40C550B-EFE3-4DED-BA1E-9F0EB65CDDA6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CACEAC30-845C-4506-B86B-7ACF88A57124}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8D8D12F-8D3F-4FE8-8B19-DD0C6157C5B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F482EDAC-36BA-41D5-9671-183389680500}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101FBEF9-89F4-4CDB-9E5E-69C116BA9383}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B315582-1077-463C-B0D6-F5145268299E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2DCEB9AE-2D3B-4B85-82B9-901AC5A9281B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{30A583A7-44DA-4FF4-9AFC-B431A53CA787}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{325277CC-D9F0-49C4-A93C-A1DC8E6904B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{341F03A4-6C93-4FE1-BE55-F9D3F6398F89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{496AF55C-A855-4571-98AF-15EDE5CA24CD}" = protocol=6 | dir=in | app=c:\program files\mirabyte\superhtml web studio 8.5\shtml85trial.exe | 
"{732D9234-9A76-4CB7-98F4-C9828D7C66BB}" = protocol=17 | dir=in | app=c:\program files\mirabyte\superhtml web studio 8.5\shtml85trial.exe | 
"{809F1786-D5C4-4356-9D00-1036E2F88AD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F6FEB97-2F87-4228-AB3B-294ACD683008}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1CD698D-162E-4097-9D76-1C7C42EF6192}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B5E9C55F-044C-455B-BE96-A84F0E7FA311}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF60E2FB-FCF6-4A7A-A4D1-11BD60D7CF5B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CD6FC9D9-3FD0-4EC3-B16E-76A559E256A7}" = protocol=6 | dir=out | app=system | 
"{D0B01393-7A79-4045-99F5-EB58F26C69A9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{D274B7F4-70A1-4A0A-B596-A30A690B50C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D3946C52-9458-400C-8D01-52A175D7B558}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F515C81D-94A4-4B8F-89BA-10A571ABFAFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{22BAEE9B-7196-43CF-BC29-ACAEE7CEEC26}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3DB1B0B5-BE21-4699-A219-70FE238DD168}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{74C6A72B-4A02-442F-83C7-52DBF25EE1BB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{98DDBB70-60BB-4F3D-89FE-405207FCEDBA}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{9F5BD085-E063-4FE9-9748-5F76EC4759C4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{E04D0ABC-B0A9-484B-9F20-AC2618ECBB02}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{293594B5-A362-449B-999F-C4B002919DF8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{2E6580F5-E0E3-46AB-BD51-65E6395CD879}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{4E647988-3243-46E0-AF3F-79D1668E0189}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{8FA6D318-D732-4CE0-A066-14340D1E4121}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{9D3841D6-D6E9-4B9C-A3D0-7627978ADD6D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{A3D73208-6C2C-4B5A-93FC-BFC1D3FEEACE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risiko II
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40C4952C-D505-477A-AA90-224C2A011FC2}" = Barbie Pferdeabenteuer - Im Reitercamp
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1A721B-F49D-4F26-A7B3-2C00655022D8}" = SuperHTML Web Studio (Testversion)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB1F228C-8D68-41A7-BEA2-D667DDB8B8B7}" = Phase 5 HTML-Editor
"{FEDA2A34-795B-4670-ABEA-17E4ADCB2245}_is1" = Star-Script Ultimate v2.9
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Fahren Lernen_is1" = Fahren Lernen 1.0
"FileZilla Client" = FileZilla Client 3.1.6
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Folder Access 2.1 Free Version" = Folder Access 2.1 Free Version
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gamers.IRC" = Gamers.IRC 5.25
"Google Desktop" = Google Desktop
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.5
"Neopets" = Neopets 
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PhotoFiltre" = PhotoFiltre
"PhotoScape" = PhotoScape
"Picasa2" = Picasa 2
"Privoxy" = Privoxy 3.0.6
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tor" = Tor 0.2.0.31
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Uninstall_is1" = Uninstall 1.0.0.1
"Vidalia" = Vidalia 0.1.9
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"37d7d3b18581cbe7" = Omnipresent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.04.2010 12:31:01 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.04.2010 16:50:00 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2010 11:17:54 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2010 14:03:18 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2010 12:25:12 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.04.2010 12:27:04 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.0.3725 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 14f4  Anfangszeit: 01cae626285788d5  Zeitpunkt der Beendigung:
 34
 
Error - 29.04.2010 08:06:49 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2010 13:09:33 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2010 08:04:46 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.05.2010 06:51:23 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.10.2010 06:01:16 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.10.2010 06:01:16 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.10.2010 17:43:46 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 13.10.2010 01:02:50 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 13.10.2010 01:04:23 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 13.10.2010 17:26:22 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 13.10.2010 22:09:15 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 14.10.2010 00:57:24 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 14.10.2010 12:22:00 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 14.10.2010 21:35:22 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---



Liebe Grüße
Maybe

Geändert von Maybe (15.10.2010 um 05:42 Uhr)

Alt 15.10.2010, 20:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Hallo und

Zitat:
Datenbank Version: 4052
Mach mal bitte einen Vollscan mit aktuellen Signaturen!
__________________

__________________

Alt 17.10.2010, 21:13   #3
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Aktuellen Signaturen?

Habe jetzt einen Vollscan gemacht, aber ich fürchte ohne vorher zu updaten, ich Honk. >.< Jedenfalls ginge es NOCH aktueller, wie ich eben festgestellt habe.

Na ja, hier der Vollscan:


Malwarebytes' Anti-Malware 1.46
wwwmalwarebytes.org

Datenbank Version: 4826

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17.10.2010 22:09:34
mbam-log-2010-10-17 (22-09-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 311053
Laufzeit: 2 Stunde(n), 29 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Kann ich gar nicht verstehen. Ich bin mir sicher, dass hier noch was rumgeistert an TR.

PS: Übrigens spinnt Google bei mir seit dem der TR da ist auch ein wenig. Ich kriege nur noch auf englisch alles, selbst wenn ich es umstelle. o.O Und wie gesagt, Firefox ist lahm und hakt oft... Deshalb glaube ich nicht, dass alles okay ist.
__________________

Geändert von Maybe (17.10.2010 um 21:26 Uhr)

Alt 18.10.2010, 07:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!

Zitat:
Datenbank Version: 4826
Wir sind bei eigentlich bei Version 4861
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.10.2010, 03:30   #5
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Ich habe jetzt gestern noch mal gescannt ber wieder keinen fund. Dabei hat Avira Antivir während des Scans einen TR gemeldet eben in AppData. Genau genommen hier: C:\Users\+++\AppData\Local\Temp\EADB02B.exe

Und das ist der Scann von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4885

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

20.10.2010 01:33:35
mbam-log-2010-10-20 (01-33-35).txt


Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 311920
Laufzeit: 2 Stunde(n), 23 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




Alt 21.10.2010, 09:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Zitat:
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
Wieso bist Du eigentlich noch bei SP1/IE7?

Bitte jetzt mal CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> TR/Crypt.XPACK.Gen in AppData

Alt 21.10.2010, 21:08   #7
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Ich bennutze den IE gar nicht, benutze Firefox und damit habe ich auch ein paar Probleme, vermute dass der auch nicht ganz sauber ist.

Und okay mache ich mal!

Alt 21.10.2010, 21:11   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Zitat:
Ich bennutze den IE gar nicht,
Und wie Du den nutzt. Nur weil Du kein offenes IE-Fenster hast, heißt das nicht, dass der nicht tief und fest im System verankert ist. Windows ohne IE geht im Grunde nicht, deswegen musst Du auch den ständig aktuell halten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.10.2010, 04:05   #9
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Das mit CClean ist kein Problem, das habe ich sogar noch aufm PC. Aber das cofi... das habe ich angemacht (vorher alles aus, auch avira den guard aus) und dann meinte der er scannt 10 min. - und nach 30 minuten habe ich mal nachgesehen und festgestellt, dass der sich komplett weggehängt hatte. :/ wollte den pc nämlich ausmachen, weil ich weg musste.

ist das normal, dass cofi so lange braucht (länger als 30 min.) und wieso hat sich da aufgehängt, bin ich da vorher ausversehen an die Maus gekommen? Hängt sich das dann auf? werde es später noch einmal versuchen!

Alt 23.10.2010, 16:44   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Das kann vereinzelt vorkommen. Starte den Rechner neu, lösch die alte cofi.exe, lad CF neu runter als cofi und führ es nochmal aus nach Anleitung. CCleaner musst Du nicht nochmal anwenden.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2010, 20:23   #11
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Habe Cofi neu installiert und er hat auch gescannt. Aber ca nach 5 Minuten kam folgendes (der Bildschirm war komplett blau mit weißer Schrift):

A Problem has been detected and windows has to shut down in order to protect your computer

(oder so ähnlich, den Rest konnte ich nicht lesen, danach hat er Neustart gemacht...)

Was ist das bzw. was hat das nun zu bedeuten?

Alt 27.10.2010, 08:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Lassen wir CF erstmal weg und probier es später nochmal.

Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.10.2010, 22:19   #13
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



GMER Log:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-29 23:14:37
Windows 6.0.6001 Service Pack 1
Running: 6zwltg0c.exe; Driver: C:\Users\Michelle\AppData\Local\Temp\uwldapod.sys


---- System - GMER 1.0.15 ----

SSDT            D55CE1CC                                                                                           ZwCreateThread
SSDT            D55CE1B8                                                                                           ZwOpenProcess
SSDT            D55CE1BD                                                                                           ZwOpenThread
SSDT            D55CE1C7                                                                                           ZwTerminateProcess

INT 0x52        ?                                                                                                  C470E7D0
INT 0x62        ?                                                                                                  C2BC92D0
INT 0x71        ?                                                                                                  C4AD5A50
INT 0x72        ?                                                                                                  C470ECD0
INT 0x82        ?                                                                                                  C470E550
INT 0x92        ?                                                                                                  C2BC9A50
INT 0xA2        ?                                                                                                  C2BC9550
INT 0xB1        ?                                                                                                  C2BC9CD0
INT 0xB2        ?                                                                                                  C2BC97D0
INT 0xB3        ?                                                                                                  C2BC9050

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwCreateFile [0xCB28C99D]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwCreateProcess [0xCB28C937]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwCreateProcessEx [0xCB28C94B]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwMapViewOfSection [0xCB28C9DB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwNotifyChangeKey [0xCB28CA1E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwProtectVirtualMemory [0xCB28C9B1]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwReplaceKey [0xCB28CA46]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwRestoreKey [0xCB28CA32]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwSetContextThread [0xCB28C989]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwSetInformationProcess [0xCB28C975]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwUnmapViewOfSection [0xCB28C9F1]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwYieldExecution [0xCB28C9C7]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       ZwCreateUserProcess [0xCB28C961]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       NtCreateFile
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)       NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                      E20361C0 5 Bytes  JMP CB28C9CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                    E20C7B18 4 Bytes  [CC, E1, 5C, D5]
.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                    E20C7CE8 4 Bytes  [B8, E1, 5C, D5]
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                    E20C7D04 4 Bytes  [BD, E1, 5C, D5]
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                    E20C7F18 4 Bytes  [C7, E1, 5C, D5]
PAGE            ntkrnlpa.exe!ZwNotifyChangeKey                                                                     E21D01AD 5 Bytes  JMP CB28CA22 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateUserProcess                                                                   E21D7E06 5 Bytes  JMP CB28C965 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                    E223380E 7 Bytes  JMP CB28C9DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwUnmapViewOfSection                                                                  E2233E65 5 Bytes  JMP CB28C9F5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtCreateFile                                                                          E2236076 5 Bytes  JMP CB28C9A1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtSetInformationProcess                                                               E2243734 5 Bytes  JMP CB28C979 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwProtectVirtualMemory                                                                E224598E 7 Bytes  JMP CB28C9B5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwRestoreKey                                                                          E2264552 5 Bytes  JMP CB28CA36 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwReplaceKey                                                                          E226559E 5 Bytes  JMP CB28CA4A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcess                                                                       E22A331D 5 Bytes  JMP CB28C93B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                     E22A3368 7 Bytes  JMP CB28C94F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwSetContextThread                                                                    E22A3E23 5 Bytes  JMP CB28C98D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          section is writeable [0xC6756000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                          unknown last section [0xC679F000, 0x510, 0x40000040]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                             section is writeable [0xD9CE8300, 0x3ACC8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                             section is writeable [0xD9D2B300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!GetStartupInfoW                                  76D71929 5 Bytes  JMP 00010F43 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!GetStartupInfoA                                  76D719C9 5 Bytes  JMP 00010089 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateProcessW                                   76D71C01 5 Bytes  JMP 000100A4 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateProcessA                                   76D71C36 5 Bytes  JMP 00010F0D 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!VirtualProtect                                   76D71DD1 5 Bytes  JMP 00010F79 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateNamedPipeW                                 76D75C44 5 Bytes  JMP 00010FAF 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryExW                                   76D930C3 5 Bytes  JMP 00010047 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryW                                     76D9361F 5 Bytes  JMP 00010025 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!VirtualProtectEx                                 76D98D7E 5 Bytes  JMP 0001006E 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryExA                                   76D99469 5 Bytes  JMP 00010036 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!LoadLibraryA                                     76D99491 5 Bytes  JMP 00010F9E 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!CreatePipe                                       76DA0284 5 Bytes  JMP 00010F5E 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!GetProcAddress                                   76DBB8B6 5 Bytes  JMP 00010EFC 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateFileW                                      76DBCC4E 5 Bytes  JMP 00010FE5 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateFileA                                      76DBCF71 5 Bytes  JMP 00010000 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!CreateNamedPipeA                                 76E0430E 5 Bytes  JMP 00010FCA 
.text           C:\Windows\System32\svchost.exe[428] kernel32.dll!WinExec                                          76E054FF 5 Bytes  JMP 00010F28 
.text           C:\Windows\System32\svchost.exe[428] msvcrt.dll!_wsystem                                           76F38A47 5 Bytes  JMP 00050036 
.text           C:\Windows\System32\svchost.exe[428] msvcrt.dll!system                                             76F38B63 5 Bytes  JMP 0005001B 
.text           C:\Windows\System32\svchost.exe[428] msvcrt.dll!_creat                                             76F3C6F1 5 Bytes  JMP 00050FC6 
.text           C:\Windows\System32\svchost.exe[428] msvcrt.dll!_open                                              76F3DA7E 5 Bytes  JMP 00050FEF 
.text           C:\Windows\System32\svchost.exe[428] msvcrt.dll!_wcreat                                            76F3DC9E 5 Bytes  JMP 00050FB5 
.text           C:\Windows\System32\svchost.exe[428] msvcrt.dll!_wopen                                             76F3DE79 5 Bytes  JMP 00050000 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyExA                                  7696B5E7 5 Bytes  JMP 00060FA5 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyA                                    7696B8AE 5 Bytes  JMP 0006003D 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyA                                      76970BF5 5 Bytes  JMP 00060000 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyW                                    7697B83D 5 Bytes  JMP 00060FB6 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegCreateKeyExW                                  7697BCE1 5 Bytes  JMP 00060F8A 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyExA                                    7697D4E8 5 Bytes  JMP 00060011 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyW                                      76983CB0 5 Bytes  JMP 00060FDB 
.text           C:\Windows\System32\svchost.exe[428] ADVAPI32.dll!RegOpenKeyExW                                    7698F09D 5 Bytes  JMP 0006002C 
.text           C:\Windows\System32\svchost.exe[428] WS2_32.dll!socket                                             771136D1 5 Bytes  JMP 00600000 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!GetStartupInfoW                                          76D71929 5 Bytes  JMP 02F70F5E 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!GetStartupInfoA                                          76D719C9 5 Bytes  JMP 02F70F83 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!CreateProcessW                                           76D71C01 5 Bytes  JMP 02F70F28 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!CreateProcessA                                           76D71C36 5 Bytes  JMP 02F700C9 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!VirtualProtect                                           76D71DD1 5 Bytes  JMP 02F70082 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!CreateNamedPipeW                                         76D75C44 5 Bytes  JMP 02F70036 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryExW                                           76D930C3 5 Bytes  JMP 02F70F9E 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryW                                             76D9361F 5 Bytes  JMP 02F70FAF 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!VirtualProtectEx                                         76D98D7E 5 Bytes  JMP 02F7009D 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryExA                                           76D99469 5 Bytes  JMP 02F70051 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!LoadLibraryA                                             76D99491 5 Bytes  JMP 02F70FCA 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!CreatePipe                                               76DA0284 5 Bytes  JMP 02F700AE 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!GetProcAddress                                           76DBB8B6 5 Bytes  JMP 02F70F17 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!CreateFileW                                              76DBCC4E 5 Bytes  JMP 02F7000A 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!CreateFileA                                              76DBCF71 5 Bytes  JMP 02F70FEF 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!CreateNamedPipeA                                         76E0430E 5 Bytes  JMP 02F70025 
.text           C:\Windows\Explorer.EXE[680] kernel32.dll!WinExec                                                  76E054FF 5 Bytes  JMP 02F70F4D 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExA                                          7696B5E7 5 Bytes  JMP 02F600A2 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyA                                            7696B8AE 5 Bytes  JMP 02F60062 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyA                                              76970BF5 5 Bytes  JMP 02F6000A 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyW                                            7697B83D 5 Bytes  JMP 02F60087 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExW                                          7697BCE1 1 Byte  [E9]
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegCreateKeyExW                                          7697BCE1 5 Bytes  JMP 02F60FE5 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyExA                                            7697D4E8 5 Bytes  JMP 02F60036 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyW                                              76983CB0 5 Bytes  JMP 02F60025 
.text           C:\Windows\Explorer.EXE[680] ADVAPI32.dll!RegOpenKeyExW                                            7698F09D 5 Bytes  JMP 02F60051 
.text           C:\Windows\Explorer.EXE[680] msvcrt.dll!_wsystem                                                   76F38A47 5 Bytes  JMP 02F8005A 
.text           C:\Windows\Explorer.EXE[680] msvcrt.dll!system                                                     76F38B63 5 Bytes  JMP 02F80049 
.text           C:\Windows\Explorer.EXE[680] msvcrt.dll!_creat                                                     76F3C6F1 5 Bytes  JMP 02F8002E 
.text           C:\Windows\Explorer.EXE[680] msvcrt.dll!_open                                                      76F3DA7E 5 Bytes  JMP 02F80000 
.text           C:\Windows\Explorer.EXE[680] msvcrt.dll!_wcreat                                                    76F3DC9E 5 Bytes  JMP 02F80FD9 
.text           C:\Windows\Explorer.EXE[680] msvcrt.dll!_wopen                                                     76F3DE79 5 Bytes  JMP 02F8001D 
.text           C:\Windows\Explorer.EXE[680] WS2_32.dll!socket                                                     771136D1 5 Bytes  JMP 02F90000 
.text           C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenA                                             77680A4D 5 Bytes  JMP 03890FEF 
.text           C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenUrlA                                          77682713 5 Bytes  JMP 0389000A 
.text           C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenW                                             776830C8 5 Bytes  JMP 03890FD4 
.text           C:\Windows\Explorer.EXE[680] WININET.dll!InternetOpenUrlW                                          776D84F1 5 Bytes  JMP 03890FB9 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 00180F0E 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 00180F29 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 00180ED8 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 00180EE9 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 00180F66 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 0018000A 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 00180040 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 00180F94 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 00180F55 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 00180F83 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 0018001B 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 00180F3A 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 00180EC7 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 00180FD4 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 00180FEF 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 00180FC3 
.text           C:\Windows\system32\services.exe[688] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 00180065 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00170054 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 00170FA8 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 00170FEF 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 0017002F 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 00170065 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 00170FD4 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 0017000A 
.text           C:\Windows\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 00170FC3 
.text           C:\Windows\system32\services.exe[688] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 001E0036 
.text           C:\Windows\system32\services.exe[688] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 001E0025 
.text           C:\Windows\system32\services.exe[688] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 001E0FC6 
.text           C:\Windows\system32\services.exe[688] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 001E0000 
.text           C:\Windows\system32\services.exe[688] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 001E0FB5 
.text           C:\Windows\system32\services.exe[688] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 001E0FD7 
.text           C:\Windows\system32\services.exe[688] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 001F0FEF 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!GetStartupInfoW                                    76D71929 5 Bytes  JMP 000900DA 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!GetStartupInfoA                                    76D719C9 5 Bytes  JMP 000900C9 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateProcessW                                     76D71C01 5 Bytes  JMP 00090106 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateProcessA                                     76D71C36 5 Bytes  JMP 00090F79 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!VirtualProtect                                     76D71DD1 5 Bytes  JMP 00090082 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeW                                   76D75C44 5 Bytes  JMP 00090FD4 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryExW                                     76D930C3 5 Bytes  JMP 00090FA8 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryW                                       76D9361F 5 Bytes  JMP 0009005B 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!VirtualProtectEx                                   76D98D7E 5 Bytes  JMP 0009009D 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryExA                                     76D99469 5 Bytes  JMP 00090FB9 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!LoadLibraryA                                       76D99491 5 Bytes  JMP 0009004A 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!CreatePipe                                         76DA0284 5 Bytes  JMP 000900AE 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!GetProcAddress                                     76DBB8B6 5 Bytes  JMP 00090117 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateFileW                                        76DBCC4E 5 Bytes  JMP 00090FEF 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateFileA                                        76DBCF71 5 Bytes  JMP 00090000 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!CreateNamedPipeA                                   76E0430E 5 Bytes  JMP 0009002F 
.text           C:\Windows\system32\lsass.exe[748] kernel32.dll!WinExec                                            76E054FF 5 Bytes  JMP 000900F5 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExA                                    7696B5E7 5 Bytes  JMP 00080040 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyA                                      7696B8AE 5 Bytes  JMP 0008002F 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyA                                        76970BF5 5 Bytes  JMP 00080000 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyW                                      7697B83D 5 Bytes  JMP 00080FA8 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegCreateKeyExW                                    7697BCE1 5 Bytes  JMP 00080F83 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExA                                      7697D4E8 5 Bytes  JMP 00080FDE 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyW                                        76983CB0 5 Bytes  JMP 00080FEF 
.text           C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!RegOpenKeyExW                                      7698F09D 5 Bytes  JMP 00080FC3 
.text           C:\Windows\system32\lsass.exe[748] msvcrt.dll!_wsystem                                             76F38A47 5 Bytes  JMP 000A0F89 
.text           C:\Windows\system32\lsass.exe[748] msvcrt.dll!system                                               76F38B63 5 Bytes  JMP 000A0F9A 
.text           C:\Windows\system32\lsass.exe[748] msvcrt.dll!_creat                                               76F3C6F1 5 Bytes  JMP 000A0FC6 
.text           C:\Windows\system32\lsass.exe[748] msvcrt.dll!_open                                                76F3DA7E 5 Bytes  JMP 000A0FE3 
.text           C:\Windows\system32\lsass.exe[748] msvcrt.dll!_wcreat                                              76F3DC9E 5 Bytes  JMP 000A0FB5 
.text           C:\Windows\system32\lsass.exe[748] msvcrt.dll!_wopen                                               76F3DE79 5 Bytes  JMP 000A0000 
.text           C:\Windows\system32\lsass.exe[748] WS2_32.dll!socket                                               771136D1 5 Bytes  JMP 00CD0000 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoW                                  76D71929 5 Bytes  JMP 00150F30 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!GetStartupInfoA                                  76D719C9 5 Bytes  JMP 00150F41 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW                                   76D71C01 5 Bytes  JMP 00150EE9 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA                                   76D71C36 5 Bytes  JMP 00150EFA 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect                                   76D71DD1 5 Bytes  JMP 00150051 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeW                                 76D75C44 5 Bytes  JMP 00150FCA 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExW                                   76D930C3 5 Bytes  JMP 00150F79 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryW                                     76D9361F 5 Bytes  JMP 00150FA5 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx                                 76D98D7E 5 Bytes  JMP 00150062 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryExA                                   76D99469 5 Bytes  JMP 00150F94 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!LoadLibraryA                                     76D99491 5 Bytes  JMP 0015002C 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!CreatePipe                                       76DA0284 5 Bytes  JMP 00150F52 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!GetProcAddress                                   76DBB8B6 5 Bytes  JMP 0015009B 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileW                                      76DBCC4E 5 Bytes  JMP 0015000A 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateFileA                                      76DBCF71 5 Bytes  JMP 00150FEF 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateNamedPipeA                                 76E0430E 5 Bytes  JMP 0015001B 
.text           C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec                                          76E054FF 5 Bytes  JMP 00150F1F 
.text           C:\Windows\system32\svchost.exe[896] msvcrt.dll!_wsystem                                           76F38A47 5 Bytes  JMP 001A0038 
.text           C:\Windows\system32\svchost.exe[896] msvcrt.dll!system                                             76F38B63 5 Bytes  JMP 001A0027 
.text           C:\Windows\system32\svchost.exe[896] msvcrt.dll!_creat                                             76F3C6F1 5 Bytes  JMP 001A0016 
.text           C:\Windows\system32\svchost.exe[896] msvcrt.dll!_open                                              76F3DA7E 5 Bytes  JMP 001A0FEF 
.text           C:\Windows\system32\svchost.exe[896] msvcrt.dll!_wcreat                                            76F3DC9E 5 Bytes  JMP 001A0FB7 
.text           C:\Windows\system32\svchost.exe[896] msvcrt.dll!_wopen                                             76F3DE79 5 Bytes  JMP 001A0FD2 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA                                  7696B5E7 5 Bytes  JMP 00140F94 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA                                    7696B8AE 5 Bytes  JMP 0014002C 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA                                      76970BF5 5 Bytes  JMP 00140FEF 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW                                    7697B83D 5 Bytes  JMP 00140FA5 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW                                  7697BCE1 5 Bytes  JMP 0014005B 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA                                    7697D4E8 5 Bytes  JMP 0014000A 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW                                      76983CB0 5 Bytes  JMP 00140FD4 
.text           C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW                                    7698F09D 5 Bytes  JMP 0014001B 
.text           C:\Windows\system32\svchost.exe[896] WS2_32.dll!socket                                             771136D1 5 Bytes  JMP 001B0000 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 006F0F37 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 006F007D 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 006F00B3 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 006F0F1C 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 006F0F6D 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 006F0FCA 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 006F0F7E 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 006F0047 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 006F0F52 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 006F0F9B 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 006F0036 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 006F006C 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 006F00C4 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 006F0FE5 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 006F0000 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 006F001B 
.text           C:\Windows\system32\svchost.exe[1004] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 006F0098 
.text           C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 00740FB7 
.text           C:\Windows\system32\svchost.exe[1004] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 0074004C 
.text           C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 00740FD2 
.text           C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 00740FEF 
.text           C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 00740031 
.text           C:\Windows\system32\svchost.exe[1004] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 0074000C 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 006E0051 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 006E0FAF 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 006E0FEF 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 006E0036 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 006E0062 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 006E0FD4 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 006E000A 
.text           C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 006E001B 
.text           C:\Windows\system32\svchost.exe[1004] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 007D0000 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 006E0F44 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 006E0F55 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 006E0EF3 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 006E0F0E 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 006E0065 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 006E0000 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 006E004A 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 006E0F9E 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 006E0076 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 006E0F8D 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 006E0025 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 006E0F66 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 006E0EE2 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 006E0FD4 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 006E0FE5 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 006E0FB9 
.text           C:\Windows\System32\svchost.exe[1124] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 006E0F29 
.text           C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 006F0F97 
.text           C:\Windows\System32\svchost.exe[1124] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 006F0022 
.text           C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 006F0FCD 
.text           C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 006F0FEF 
.text           C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 006F0FB2 
.text           C:\Windows\System32\svchost.exe[1124] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 006F0FDE 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00160FA8 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 0016002F 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 00160FEF 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 0016004A 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 00160F97 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 00160FCD 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 00160FDE 
.text           C:\Windows\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 0016001E 
.text           C:\Windows\System32\svchost.exe[1124] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 0074000A 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 009D0F3A 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 009D0080 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 009D0F0E 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 009D0F1F 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 009D0065 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 009D000A 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 009D0054 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 009D0039 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 009D0F70 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 009D0F97 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 009D0FA8 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 009D0F5F 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 009D0EF3 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 009D0FD4 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 009D0FE5 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 009D0FB9 
.text           C:\Windows\System32\svchost.exe[1180] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 009D009B 
.text           C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 009E0038 
.text           C:\Windows\System32\svchost.exe[1180] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 009E0FB7 
.text           C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 009E001D 
.text           C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 009E0FEF 
.text           C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 009E0FC8 
.text           C:\Windows\System32\svchost.exe[1180] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 009E0000 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00870FB9 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 00870FD4 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 00870FEF 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 0087005B 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 00870F9E 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 00870025 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 0087000A 
.text           C:\Windows\System32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 00870040 
.text           C:\Windows\System32\svchost.exe[1180] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 00D80000 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 00A30F44 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 00A30080 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 00A300C0 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 00A30F29 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 00A30043 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 00A30F9E 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 00A30F5F 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 00A30F8D 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 00A30054 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 00A30F7C 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 00A30014 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 00A3006F 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 00A300D1 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 00A30FD4 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 00A30FEF 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 00A30FAF 
.text           C:\Windows\system32\svchost.exe[1196] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 00A300AF 
.text           C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 00A40FA1 
.text           C:\Windows\system32\svchost.exe[1196] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 00A4002C 
.text           C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 00A40011 
.text           C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 00A40000 
.text           C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 00A40FBC 
.text           C:\Windows\system32\svchost.exe[1196] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 00A40FE3 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00A2006C 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 00A20047 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 00A20FEF 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 00A20FCA 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 00A20FAF 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 00A2001B 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 00A2000A 
.text           C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 00A20036 
.text           C:\Windows\system32\svchost.exe[1196] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 00A50FEF 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 00880F77 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 00880F88 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 008800F3 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 00880F66 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 00880FA3 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 00880FD4 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 0088007D 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 0088005B 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 00880098 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 0088006C 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 0088004A 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 008800A9 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 0088010E 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 00880FE5 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 00880000 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 00880025 
.text           C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 008800D8 
.text           C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 0089002C 
.text           C:\Windows\system32\svchost.exe[1356] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 0089001B 
.text           C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 00890FAB 
.text           C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 00890FE3 
.text           C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 00890000 
.text           C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 00890FC6 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00870058 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 00870033 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 00870000 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 00870FB6 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 0087007D 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 00870011 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 00870FDB 
.text           C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 00870022 
.text           C:\Windows\system32\svchost.exe[1356] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 008A0FE5 
.text           C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenA                                    77680A4D 5 Bytes  JMP 009C0000 
.text           C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenUrlA                                 77682713 5 Bytes  JMP 009C0036 
.text           C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenW                                    776830C8 5 Bytes  JMP 009C0011 
.text           C:\Windows\system32\svchost.exe[1356] WinInet.dll!InternetOpenUrlW                                 776D84F1 5 Bytes  JMP 009C0047 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 008A008E 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 008A0F48 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 008A00C4 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 008A0F23 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 008A0047 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 008A0FC7 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 008A0F6D 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 008A0F9B 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 008A0058 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 008A0F8A 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 008A0FB6 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 008A0069 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 008A0F12 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 008A0011 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 008A0000 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 008A0022 
.text           C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 008A009F 
.text           C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 008F0F97 
.text           C:\Windows\system32\svchost.exe[1448] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 008F002C 
.text           C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 008F0FBC 
.text           C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 008F0FEF 
.text           C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 008F0011 
.text           C:\Windows\system32\svchost.exe[1448] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 008F0000 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00890F94 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 00890FA5 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 00890000 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 00890036 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 00890051 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 00890FDB 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 00890011 
.text           C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 00890FB6 
.text           C:\Windows\system32\svchost.exe[1448] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 00900FEF 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 018900BA 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 01890F7E 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 01890F23 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 01890F3E 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 0189008E 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 01890025 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 0189007D 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 01890051 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 0189009F 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 0189006C 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 01890040 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 01890F8F 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 018900D5 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 01890FCA 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 01890FE5 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 01890000 
.text           C:\Windows\system32\svchost.exe[1852] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 01890F59 
.text           C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 018A0FD9 
.text           C:\Windows\system32\svchost.exe[1852] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 018A0064 
.text           C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 018A0038 
.text           C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 018A000C 
.text           C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 018A0049 
.text           C:\Windows\system32\svchost.exe[1852] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 018A001D 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 01840F8D 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 01840FAF 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 01840FE5 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 01840F9E 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 01840040 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 0184001B 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 01840000 
.text           C:\Windows\system32\svchost.exe[1852] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 01840FC0 
.text           C:\Windows\system32\svchost.exe[1852] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 018B0000 
.text           C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2868] ntdll.dll!DbgBreakPoint  77537DFE 1 Byte  [90]
.text           c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3412] kernel32.dll!LoadLibraryW                    76D9361F 5 Bytes  JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text           c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[3412] kernel32.dll!LoadLibraryA                    76D99491 5 Bytes  JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 008B0F74 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 008B00BA 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 008B0F3E 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 008B0F59 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 008B0098 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 008B0047 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 008B0FB4 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 008B007D 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 008B00A9 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 008B0FD1 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 008B0058 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 008B0F99 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 008B0F2D 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 008B0025 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 008B000A 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 008B0036 
.text           C:\Windows\system32\svchost.exe[3588] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 008B00CB 
.text           C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 00900FAD 
.text           C:\Windows\system32\svchost.exe[3588] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 00900042 
.text           C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 0090000C 
.text           C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 00900FEF 
.text           C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 00900031 
.text           C:\Windows\system32\svchost.exe[3588] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 00900FD2 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00650FA2 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 0065003D 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 0065000A 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 0065004E 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 00650069 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 0065001B 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 00650FEF 
.text           C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 0065002C 
.text           C:\Windows\system32\svchost.exe[3588] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 00910000 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 008000F5 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 008000DA 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 00800F94 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 00800121 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 00800093 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 0080001B 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 00800078 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 00800FB9 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 008000A4 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 0080005B 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 00800036 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 008000C9 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 0080013C 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 00800FE5 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 00800000 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 00800FD4 
.text           C:\Windows\system32\svchost.exe[3784] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 00800106 
.text           C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 0081003A 
.text           C:\Windows\system32\svchost.exe[3784] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 00810FAF 
.text           C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 00810FD4 
.text           C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 0081000C 
.text           C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 00810029 
.text           C:\Windows\system32\svchost.exe[3784] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 00810FEF 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 007F0051 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 007F0040 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 007F0FEF 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 007F0FB9 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 007F006C 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 007F0014 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 007F0FDE 
.text           C:\Windows\system32\svchost.exe[3784] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 007F002F 
.text           C:\Windows\system32\svchost.exe[3784] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 008B0FEF 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!GetStartupInfoW                                 76D71929 5 Bytes  JMP 00010F4D 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!GetStartupInfoA                                 76D719C9 5 Bytes  JMP 00010093 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateProcessW                                  76D71C01 5 Bytes  JMP 000100B8 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateProcessA                                  76D71C36 5 Bytes  JMP 00010F21 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!VirtualProtect                                  76D71DD1 5 Bytes  JMP 00010F83 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateNamedPipeW                                76D75C44 5 Bytes  JMP 00010FC0 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryExW                                  76D930C3 5 Bytes  JMP 00010F94 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryW                                    76D9361F 5 Bytes  JMP 00010047 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!VirtualProtectEx                                76D98D7E 5 Bytes  JMP 00010F72 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryExA                                  76D99469 5 Bytes  JMP 00010FA5 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!LoadLibraryA                                    76D99491 5 Bytes  JMP 00010036 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreatePipe                                      76DA0284 5 Bytes  JMP 00010078 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!GetProcAddress                                  76DBB8B6 5 Bytes  JMP 00010F10 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateFileW                                     76DBCC4E 5 Bytes  JMP 00010000 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateFileA                                     76DBCF71 5 Bytes  JMP 00010FE5 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!CreateNamedPipeA                                76E0430E 5 Bytes  JMP 00010011 
.text           C:\Windows\system32\wuauclt.exe[4528] kernel32.dll!WinExec                                         76E054FF 5 Bytes  JMP 00010F3C 
.text           C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_wsystem                                          76F38A47 5 Bytes  JMP 00060053 
.text           C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!system                                            76F38B63 5 Bytes  JMP 00060FC8 
.text           C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_creat                                            76F3C6F1 5 Bytes  JMP 0006001D 
.text           C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_open                                             76F3DA7E 5 Bytes  JMP 00060FEF 
.text           C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_wcreat                                           76F3DC9E 5 Bytes  JMP 0006002E 
.text           C:\Windows\system32\wuauclt.exe[4528] msvcrt.dll!_wopen                                            76F3DE79 5 Bytes  JMP 0006000C 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyExA                                 7696B5E7 5 Bytes  JMP 00070058 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyA                                   7696B8AE 5 Bytes  JMP 0007002C 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyA                                     76970BF5 5 Bytes  JMP 00070FE5 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyW                                   7697B83D 5 Bytes  JMP 00070047 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegCreateKeyExW                                 7697BCE1 5 Bytes  JMP 00070F9B 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyExA                                   7697D4E8 5 Bytes  JMP 00070FD4 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyW                                     76983CB0 5 Bytes  JMP 0007000A 
.text           C:\Windows\system32\wuauclt.exe[4528] ADVAPI32.dll!RegOpenKeyExW                                   7698F09D 5 Bytes  JMP 0007001B 
.text           C:\Windows\system32\wuauclt.exe[4528] WS2_32.dll!socket                                            771136D1 5 Bytes  JMP 00090000 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                             mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                            Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                            Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                            Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                          Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Der OSAM kommt gleich danach, den Scan starte ich gleich mal.

Alt 29.10.2010, 22:19   #14
Maybe
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



OSAM:
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:52:00 on 29.10.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.0.19

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"McDefragTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"McQcTask.job" - "McAfee, Inc." - c:\PROGRA~1\mcafee\mqc\QcConsol.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Michelle\AppData\Local\Temp\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"jnv4_mib" (jnv4_mib) - ? - C:\Users\Michelle\AppData\Local\Temp\jnv4_mib.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SVKP" (SVKP) - "AntiCracking" - C:\Windows\system32\SVKP.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{727A317F-21BE-47C3-B1B2-3F3ED1428DA7} "FtpOleHook Class" - "WeOnlyDo! Inc." - C:\Windows\system32\wodFtpDLX.OCX
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home  (HTTP value)
"eBay - Der weltweite Online Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4  (HTTP value)
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
<binary data> "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{CD292324-974F-4224-D074-CACA427AA030} "Neopets" - "Velocity Services, Inc." - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Privoxy.lnk" - "The Privoxy team - www.privoxy.org" - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"EA Core" - "Electronic Arts" - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ6.5\ICQ.exe" silent
"MsnMsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"TOSCDSPD" - ? - TOSCDSPD.EXE  (File not found)
"Vidalia" - ? - "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"00TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"mcagent_exe" - "McAfee, Inc." - C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"Picasa Media Detector" - "Google Inc." - C:\Program Files\Picasa2\PicasaMediaDetector.exe
"SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
"TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"Lavasoft Ad-Aware Service" (aawservice) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
"LckFldService" (LckFldService) - ? - C:\Windows\system32\LckFldService.exe  (File not found)
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L350
Logical Drives Mask: 0x00000034

Kernel Drivers (total 155):
0xE2005000 \SystemRoot\system32\ntkrnlpa.exe
0xE23BE000 \SystemRoot\system32\hal.dll
0xC5E0B000 \SystemRoot\system32\kdcom.dll
0xC5E13000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0xC5E73000 \SystemRoot\system32\PSHED.dll
0xC5E84000 \SystemRoot\system32\BOOTVID.dll
0xC5E8C000 \SystemRoot\system32\CLFS.SYS
0xC5ECD000 \SystemRoot\system32\CI.dll
0xC6005000 \SystemRoot\system32\drivers\Wdf01000.sys
0xC6081000 \SystemRoot\system32\drivers\WDFLDR.SYS
0xC608E000 \SystemRoot\system32\drivers\acpi.sys
0xC60D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0xC60DD000 \SystemRoot\system32\drivers\msisadrv.sys
0xC60E5000 \SystemRoot\system32\drivers\pci.sys
0xC610C000 \SystemRoot\System32\drivers\partmgr.sys
0xC611B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0xC611E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0xC6128000 \SystemRoot\system32\drivers\volmgr.sys
0xC6137000 \SystemRoot\System32\drivers\volmgrx.sys
0xC6181000 \SystemRoot\system32\drivers\intelide.sys
0xC6188000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0xC6196000 \SystemRoot\System32\drivers\mountmgr.sys
0xC620C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0xC62D4000 \SystemRoot\system32\drivers\atapi.sys
0xC62DC000 \SystemRoot\system32\drivers\ataport.SYS
0xC62FA000 \SystemRoot\system32\drivers\msahci.sys
0xC6304000 \SystemRoot\system32\drivers\fltmgr.sys
0xC6336000 \SystemRoot\system32\drivers\fileinfo.sys
0xC6346000 \SystemRoot\System32\Drivers\PxHelp20.sys
0xC634F000 \SystemRoot\System32\Drivers\ksecdd.sys
0xC640F000 \SystemRoot\system32\drivers\ndis.sys
0xC651A000 \SystemRoot\system32\drivers\msrpc.sys
0xC6545000 \SystemRoot\system32\drivers\NETIO.SYS
0xC6600000 \SystemRoot\System32\Drivers\Ntfs.sys
0xC670F000 \SystemRoot\system32\drivers\volsnap.sys
0xC6748000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0xC674D000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0xC6798000 \SystemRoot\System32\Drivers\spldr.sys
0xC67A0000 \SystemRoot\System32\Drivers\mup.sys
0xC67AF000 \SystemRoot\System32\drivers\ecache.sys
0xC67D6000 \SystemRoot\system32\drivers\disk.sys
0xC657F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0xC67E7000 \SystemRoot\system32\drivers\crcdisk.sys
0xC9CCF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0xC9CDA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xC9CE3000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0xC9CEB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xC9CFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xCA40A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0xCAA41000 \SystemRoot\System32\drivers\dxgkrnl.sys
0xCAAE0000 \SystemRoot\System32\drivers\watchdog.sys
0xCAAED000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xCAAF8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xCAB36000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xCAB45000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xCAB57000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0xCAB74000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xCAB87000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xCAB92000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xCABC1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xCABC3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xCABCE000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0xCABD2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xC9CFE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0xC9D2C000 \SystemRoot\system32\DRIVERS\storport.sys
0xCABEA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xC9D6D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xCABF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xC9D84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xC9DA7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xC9DB6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xC9DCA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0xCA400000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xC9DDF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xCA405000 \SystemRoot\system32\DRIVERS\swenum.sys
0xC65A0000 \SystemRoot\system32\DRIVERS\ks.sys
0xC9DEF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xC65CA000 \SystemRoot\system32\DRIVERS\umbus.sys
0xC63C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xCA000000 \SystemRoot\system32\drivers\RTKVHDA.sys
0xC61A6000 \SystemRoot\system32\drivers\portcls.sys
0xC65D7000 \SystemRoot\system32\drivers\drmk.sys
0xC5FAD000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xCAC0C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xCAD0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xCADC4000 \SystemRoot\system32\drivers\modem.sys
0xCADD1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xCADE2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xCADEB000 \SystemRoot\System32\Drivers\Null.SYS
0xCADF2000 \SystemRoot\System32\Drivers\Beep.SYS
0xCADF9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xCAC00000 \SystemRoot\System32\drivers\vga.sys
0xC61D3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xCA1F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xC6400000 \SystemRoot\system32\drivers\rdpencdd.sys
0xC63F4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xC5FEB000 \SystemRoot\System32\Drivers\Npfs.SYS
0xC6200000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xCAE04000 \SystemRoot\System32\drivers\tcpip.sys
0xCAEED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0xCAF08000 \SystemRoot\system32\DRIVERS\tdx.sys
0xCAF1E000 \SystemRoot\system32\DRIVERS\smb.sys
0xCAF32000 \SystemRoot\system32\drivers\afd.sys
0xCAF7A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xCAFAC000 \SystemRoot\system32\DRIVERS\pacer.sys
0xCAFC2000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0xCAFCC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xCAFDA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xCAFED000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xCB201000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xCB23D000 \SystemRoot\system32\drivers\nsiproxy.sys
0xCB247000 \SystemRoot\System32\Drivers\dfsc.sys
0xCB25E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xCB27A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xCB27C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xCB293000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0xCB29C000 \SystemRoot\System32\Drivers\usbvideo.sys
0xCB2BD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xCB2C6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xCB2D6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xCB2DE000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0xCB32E000 \SystemRoot\System32\Drivers\crashdmp.sys
0xC9C00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xD3090000 \SystemRoot\System32\win32k.sys
0xCB33B000 \SystemRoot\System32\drivers\Dxapi.sys
0xCB345000 \SystemRoot\system32\DRIVERS\monitor.sys
0xD32B0000 \SystemRoot\System32\TSDDD.dll
0xD32D0000 \SystemRoot\System32\cdd.dll
0xCB354000 \SystemRoot\system32\drivers\luafv.sys
0xCB36F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xD8A0D000 \SystemRoot\system32\drivers\spsys.sys
0xD8ABC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xD8ACC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xD8AF6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xD8B00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xD8B13000 \SystemRoot\system32\drivers\HTTP.sys
0xD8B80000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xD8B9D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xD8BB6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xD8BCB000 \SystemRoot\system32\drivers\mrxdav.sys
0xCB383000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xCB3A2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xCB3DB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xDA20E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xDA236000 \SystemRoot\System32\DRIVERS\srv.sys
0xDA284000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xDA29A000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xDA2DD000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xDA2E2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xDA2E6000 \SystemRoot\system32\drivers\peauth.sys
0xDA3C4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xDA3CE000 \??\C:\Windows\system32\SVKP.sys
0xDA3CF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xDA3DB000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x77BC0000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
592 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
680 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\winlogon.exe
896 C:\Windows\System32\svchost.exe
960 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1004 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\audiodg.exe
1336 C:\Windows\System32\SLsvc.exe
1376 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1676 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1856 C:\Windows\System32\spoolsv.exe
1880 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1892 C:\Windows\System32\svchost.exe
436 C:\Windows\System32\dwm.exe
888 C:\Windows\System32\taskeng.exe
1428 C:\Windows\explorer.exe
1720 C:\Windows\System32\taskeng.exe
880 C:\Program Files\Windows Defender\MSASCui.exe
2076 C:\Windows\System32\igfxtray.exe
2112 C:\Windows\System32\hkcmd.exe
2152 C:\Windows\System32\igfxpers.exe
2168 C:\Windows\RtHDVCpl.exe
2196 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2228 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
2248 C:\Program Files\McAfee.com\Agent\mcagent.exe
2272 C:\Windows\System32\igfxsrvc.exe
2300 C:\Program Files\Picasa2\PicasaMediaDetector.exe
2340 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
2352 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2368 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2408 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2444 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2452 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2480 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
2500 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2528 C:\Program Files\Windows Sidebar\sidebar.exe
2536 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2556 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2576 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
2608 C:\Program Files\ICQ6.5\ICQ.exe
2744 C:\Program Files\Skype\Phone\Skype.exe
2752 C:\Program Files\Windows Media Player\wmpnscfg.exe
2764 C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
2868 C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2880 C:\Program Files\OpenOffice.org 3\program\soffice.exe
2944 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3144 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
3172 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
3216 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
3308 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
3372 C:\Windows\System32\svchost.exe
3384 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3416 C:\Windows\System32\svchost.exe
3436 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
3524 C:\Windows\System32\TODDSrv.exe
3536 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
3560 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
3632 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3660 C:\Windows\System32\svchost.exe
3680 C:\Windows\System32\SearchIndexer.exe
3708 C:\Windows\System32\drivers\XAudio.exe
1240 C:\Program Files\Vidalia Bundle\Tor\tor.exe
3624 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
3064 C:\Program Files\Windows Media Player\wmpnetwk.exe
2084 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
5284 C:\Program Files\Skype\Plugin Manager\skypePM.exe
5352 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4948 C:\Program Files\Mozilla Firefox\firefox.exe
4324 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
4476 C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
5612 C:\Windows\System32\wuauclt.exe
6132 C:\Windows\servicing\TrustedInstaller.exe
3480 C:\Windows\System32\SearchProtocolHost.exe
5208 dllhost.exe
5432 dllhost.exe
5916 C:\Users\Michelle\Desktop\MBRCheck.exe
5776 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001d`75800000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2546GSX, Rev: LB013M

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Geändert von Maybe (29.10.2010 um 22:55 Uhr)

Alt 30.10.2010, 21:01   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen in AppData - Standard

TR/Crypt.XPACK.Gen in AppData



Sieht an für sich ok aus. Probier bitte CF nochmal mit einer neuen cofi.exe
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Crypt.XPACK.Gen in AppData
acroiehelper.dll, ad-aware, antivir, avgntflt.sys, avira, bho, components, converter, corp./icp, desktop, druck, error, firefox, firefox.exe, flash player, google, home, home premium, iastor.sys, install.exe, intranet, local\temp, location, logfile, microsoft office word, mp3, nvstor.sys, object, oldtimer, otl logfile, otl.exe, phishing, picasa, programdata, realtek, registry, saver, sched.exe, searchplugins, security, shell32.dll, skype.exe, software, start menu, studio, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner gefunden, uleadburninghelper, updates, usb 2.0, vista, vlc media player, wireless lan, worm.p2p



Ähnliche Themen: TR/Crypt.XPACK.Gen in AppData


  1. TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (21)
  2. TR/Crypt.XPACK.Gen8 in C:\Users\main\AppData\Local\Temp\aromecxsnw.exe
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  3. TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (24)
  4. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  5. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  6. C:\Users\XXXX\AppData\Roaming\Emwoe\ovews.exe -- ein TR/Crypt.xpack.gen
    Log-Analyse und Auswertung - 05.05.2011 (4)
  7. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  8. C:\Users\Besitzer\AppData\Local\Temp\irftsync.dll ist das Trojanische Pferd TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 16.11.2010 (2)
  9. TR/Crypt.XPACK.Gen3 in C:\Users\***\AppData\Local\umevevukoviker.dll und JAVA/Agent.HN'
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (1)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  12. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)
  13. TR/Crypt.XPACK.Gen in -> AppData\Local\Temp\BIT6C2E.tmp
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (15)
  14. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  15. tr\crypt.xpack.gen2 und tr\crypt.xpack.gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (4)
  16. Trojaner TR/Crypt.XPACK.Gen in C:\Users\***\AppData\Local\Temp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)
  17. TR/Crypt.XPACK.Gen in C:\User\***\AppData\Local\Temp\...\http.dll
    Log-Analyse und Auswertung - 10.11.2009 (1)

Zum Thema TR/Crypt.XPACK.Gen in AppData - Hallo! Ich habe nun seit einigen Tagen bei Avira die Meldung, dass ein Trojaner gefunden wurde. Ich habe auch schon mehrere Versuche unternommen, ihn zu löschen, bzw. die beiden. Es - TR/Crypt.XPACK.Gen in AppData...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen in AppData auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.