Viren, Spyware, Datenschutz 11.250 Themen, 94.777 Beiträge

Verfolgung starten Optionen

Computer mit Rootkit infiziert??

tocksick / 11 Antworten / Baumansicht Nickles

Antivir hat nichts als Virus/trojaner etc gefunden. Spybot meldet auch nichts. System ist auf dem aktuellsten Stand. Windows XP SP3

>SSDT State
NtCreateKey
Actual Address 0xB86D54AE
Hooked by: Unknown module filename

NtCreateThread
Actual Address 0xB86D54A4
Hooked by: Unknown module filename

NtDeleteKey
Actual Address 0xB86D54B3
Hooked by: Unknown module filename

NtDeleteValueKey
Actual Address 0xB86D54BD
Hooked by: Unknown module filename

NtEnumerateKey
Actual Address 0xB7EC5CA4
Hooked by: spuo.sys

NtEnumerateValueKey
Actual Address 0xB7EC6032
Hooked by: spuo.sys

NtLoadKey
Actual Address 0xB86D54C2
Hooked by: Unknown module filename

NtOpenKey
Actual Address 0xB7EA70C0
Hooked by: spuo.sys

NtOpenProcess
Actual Address 0xB86D5490
Hooked by: Unknown module filename

NtOpenThread
Actual Address 0xB86D5495
Hooked by: Unknown module filename

NtQueryKey
Actual Address 0xB7EC610A
Hooked by: spuo.sys

NtQueryValueKey
Actual Address 0xB7EC5F8A
Hooked by: spuo.sys

NtReplaceKey
Actual Address 0xB86D54CC
Hooked by: Unknown module filename

NtRestoreKey
Actual Address 0xB86D54C7
Hooked by: Unknown module filename

NtSetValueKey
Actual Address 0xB86D54B8
Hooked by: Unknown module filename

NtTerminateProcess
Actual Address 0xB86D549F
Hooked by: Unknown module filename

>Shadow
>Processes
>Drivers
>Stealth
>Files
>Hooks
ntkrnlpa.exe+0x0002D5E8, Type: Inline - PushRet at address 0x805045E8 hook handler located in [unknown_code_page]
[1236]TeamSpeak.exe-->kernel32.dll-->CreateMutexA, Type: Inline - DirectJump at address 0x7C80E9DF hook handler located in [unknown_code_page]
[1236]TeamSpeak.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump at address 0x7C801AF5 hook handler located in [unknown_code_page]
[1452]winlogon.exe-->ws2_32.dll-->getaddrinfo, Type: IAT modification at address 0x01001A28 hook handler located in [ws2_32.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001251, Type: Inline - RelativeCall at address 0x01FE1251 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000012A8, Type: Inline - PushRet at address 0x01FE12A8 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000012BA, Type: Inline - RelativeCall at address 0x01FE12BA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000012C2, Type: Inline - RelativeCall at address 0x01FE12C2 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001336, Type: Inline - PushRet at address 0x01FE1336 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001350, Type: Inline - RelativeCall at address 0x01FE1350 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000135D, Type: Inline - RelativeCall at address 0x01FE135D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001368, Type: Inline - RelativeCall at address 0x01FE1368 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001375, Type: Inline - RelativeCall at address 0x01FE1375 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001380, Type: Inline - PushRet at address 0x01FE1380 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001388, Type: Inline - PushRet at address 0x01FE1388 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001406, Type: Inline - RelativeJump at address 0x01FE1406 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000014BA, Type: Inline - RelativeJump at address 0x01FE14BA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000014C3, Type: Inline - RelativeJump at address 0x01FE14C3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000014CC, Type: Inline - RelativeCall at address 0x01FE14CC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001513, Type: Inline - DirectCall at address 0x01FE1513 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001515, Type: Inline - RelativeJump at address 0x01FE1515 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000154F, Type: Inline - RelativeCall at address 0x01FE154F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000156F, Type: Inline - RelativeJump at address 0x01FE156F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001604, Type: Inline - RelativeJump at address 0x01FE1604 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000160C, Type: Inline - RelativeJump at address 0x01FE160C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001614, Type: Inline - RelativeCall at address 0x01FE1614 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001653, Type: Inline - DirectCall at address 0x01FE1653 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000165A, Type: Inline - RelativeCall at address 0x01FE165A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000166B, Type: Inline - RelativeCall at address 0x01FE166B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001677, Type: Inline - RelativeCall at address 0x01FE1677 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001692, Type: Inline - PushRet at address 0x01FE1692 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000016AB, Type: Inline - RelativeCall at address 0x01FE16AB hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000016B6, Type: Inline - RelativeCall at address 0x01FE16B6 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000016C1, Type: Inline - RelativeCall at address 0x01FE16C1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000016E0, Type: Inline - PushRet at address 0x01FE16E0 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000017FC, Type: Inline - RelativeJump at address 0x01FE17FC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001806, Type: Inline - RelativeCall at address 0x01FE1806 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001811, Type: Inline - RelativeCall at address 0x01FE1811 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001859, Type: Inline - RelativeCall at address 0x01FE1859 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000187F, Type: Inline - RelativeCall at address 0x01FE187F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000188C, Type: Inline - RelativeCall at address 0x01FE188C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000019A5, Type: Inline - PushRet at address 0x01FE19A5 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000019D3, Type: Inline - RelativeCall at address 0x01FE19D3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000019DC, Type: Inline - PushRet at address 0x01FE19DC hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001A2E, Type: Inline - PushRet at address 0x01FE1A2E hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001AD6, Type: Inline - PushRet at address 0x01FE1AD6 hook handler located in [AdvrCntr2.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001AE1, Type: Inline - PushRet at address 0x01FE1AE1 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001AE4, Type: Inline - RelativeJump at address 0x01FE1AE4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001AEC, Type: Inline - PushRet at address 0x01FE1AEC hook handler located in [AdvrCntr2.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001B37, Type: Inline - DirectCall at address 0x01FE1B37 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001BD2, Type: Inline - PushRet at address 0x01FE1BD2 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001BD4, Type: Inline - RelativeCall at address 0x01FE1BD4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001BE4, Type: Inline - DirectCall at address 0x01FE1BE4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001C7F, Type: Inline - PushRet at address 0x01FE1C7F hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001C81, Type: Inline - RelativeCall at address 0x01FE1C81 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001CC4, Type: Inline - DirectCall at address 0x01FE1CC4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001CD8, Type: Inline - PushRet at address 0x01FE1CD8 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001CDA, Type: Inline - RelativeCall at address 0x01FE1CDA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001D30, Type: Inline - PushRet at address 0x01FE1D30 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001D33, Type: Inline - RelativeCall at address 0x01FE1D33 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001D77, Type: Inline - DirectCall at address 0x01FE1D77 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001D8B, Type: Inline - PushRet at address 0x01FE1D8B hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001D8D, Type: Inline - RelativeCall at address 0x01FE1D8D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001DD0, Type: Inline - DirectCall at address 0x01FE1DD0 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001DE4, Type: Inline - PushRet at address 0x01FE1DE4 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001DE6, Type: Inline - RelativeCall at address 0x01FE1DE6 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001E3C, Type: Inline - PushRet at address 0x01FE1E3C hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001E3F, Type: Inline - RelativeCall at address 0x01FE1E3F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001E82, Type: Inline - DirectCall at address 0x01FE1E82 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001E96, Type: Inline - PushRet at address 0x01FE1E96 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00001E98, Type: Inline - RelativeCall at address 0x01FE1E98 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00002470, Type: Inline - RelativeCall at address 0x01FE2470 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000249D, Type: Inline - RelativeCall at address 0x01FE249D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00002661, Type: Inline - PushRet at address 0x01FE2661 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000266B, Type: Inline - RelativeCall at address 0x01FE266B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00002D2A, Type: Inline - DirectCall at address 0x01FE2D2A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00002D38, Type: Inline - PushRet at address 0x01FE2D38 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00002DD5, Type: Inline - RelativeJump at address 0x01FE2DD5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003128, Type: Inline - PushRet at address 0x01FE3128 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000312A, Type: Inline - PushRet at address 0x01FE312A hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003131, Type: Inline - PushRet at address 0x01FE3131 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003141, Type: Inline - RelativeCall at address 0x01FE3141 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000314A, Type: Inline - PushRet at address 0x01FE314A hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003472, Type: Inline - RelativeCall at address 0x01FE3472 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003478, Type: Inline - RelativeCall at address 0x01FE3478 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003481, Type: Inline - RelativeCall at address 0x01FE3481 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000352F, Type: Inline - PushRet at address 0x01FE352F hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000035B1, Type: Inline - PushRet at address 0x01FE35B1 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003647, Type: Inline - RelativeCall at address 0x01FE3647 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000364E, Type: Inline - RelativeCall at address 0x01FE364E hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000038CC, Type: Inline - RelativeJump at address 0x01FE38CC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003A05, Type: Inline - PushRet at address 0x01FE3A05 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003AAD, Type: Inline - RelativeCall at address 0x01FE3AAD hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003AB7, Type: Inline - RelativeCall at address 0x01FE3AB7 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003AC0, Type: Inline - SEH at address 0x01FE3AC0 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003B39, Type: Inline - PushRet at address 0x01FE3B39 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003BC9, Type: Inline - PushRet at address 0x01FE3BC9 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003C0F, Type: Inline - PushRet at address 0x01FE3C0F hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003C19, Type: Inline - RelativeCall at address 0x01FE3C19 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003FA4, Type: Inline - PushRet at address 0x01FE3FA4 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003FAC, Type: Inline - RelativeJump at address 0x01FE3FAC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003FBD, Type: Inline - PushRet at address 0x01FE3FBD hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00003FC3, Type: Inline - RelativeCall at address 0x01FE3FC3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004074, Type: Inline - PushRet at address 0x01FE4074 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004107, Type: Inline - RelativeJump at address 0x01FE4107 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004201, Type: Inline - PushRet at address 0x01FE4201 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000042A5, Type: Inline - RelativeCall at address 0x01FE42A5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000042AD, Type: Inline - RelativeCall at address 0x01FE42AD hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004310, Type: Inline - RelativeCall at address 0x01FE4310 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004361, Type: Inline - RelativeCall at address 0x01FE4361 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000044C5, Type: Inline - RelativeCall at address 0x01FE44C5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000044DE, Type: Inline - PushRet at address 0x01FE44DE hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000044E0, Type: Inline - RelativeCall at address 0x01FE44E0 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000044EC, Type: Inline - RelativeCall at address 0x01FE44EC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000045E6, Type: Inline - RelativeCall at address 0x01FE45E6 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000045F1, Type: Inline - RelativeCall at address 0x01FE45F1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000045FC, Type: Inline - RelativeJump at address 0x01FE45FC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004D7D, Type: Inline - PushRet at address 0x01FE4D7D hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004D7E, Type: Inline - RelativeCall at address 0x01FE4D7E hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004F8E, Type: Inline - PushRet at address 0x01FE4F8E hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00004F96, Type: Inline - PushRet at address 0x01FE4F96 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000050C1, Type: Inline - RelativeJump at address 0x01FE50C1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005159, Type: Inline - RelativeJump at address 0x01FE5159 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000526A, Type: Inline - RelativeJump at address 0x01FE526A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005302, Type: Inline - SEH at address 0x01FE5302 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005303, Type: Inline - RelativeJump at address 0x01FE5303 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000054D0, Type: Inline - PushRet at address 0x01FE54D0 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000554C, Type: Inline - RelativeCall at address 0x01FE554C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000565E, Type: Inline - RelativeCall at address 0x01FE565E hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005799, Type: Inline - RelativeJump at address 0x01FE5799 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005A29, Type: Inline - PushRet at address 0x01FE5A29 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005ABE, Type: Inline - RelativeCall at address 0x01FE5ABE hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005B0C, Type: Inline - PushRet at address 0x01FE5B0C hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005C21, Type: Inline - RelativeCall at address 0x01FE5C21 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005CF3, Type: Inline - RelativeCall at address 0x01FE5CF3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005CFF, Type: Inline - PushRet at address 0x01FE5CFF hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005ECA, Type: Inline - RelativeCall at address 0x01FE5ECA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005F9A, Type: Inline - RelativeCall at address 0x01FE5F9A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00005FE9, Type: Inline - RelativeCall at address 0x01FE5FE9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006049, Type: Inline - RelativeCall at address 0x01FE6049 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006053, Type: Inline - RelativeCall at address 0x01FE6053 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006063, Type: Inline - RelativeCall at address 0x01FE6063 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000606B, Type: Inline - RelativeCall at address 0x01FE606B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006073, Type: Inline - RelativeCall at address 0x01FE6073 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000060C4, Type: Inline - RelativeCall at address 0x01FE60C4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000060CB, Type: Inline - PushRet at address 0x01FE60CB hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000060D7, Type: Inline - RelativeCall at address 0x01FE60D7 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006399, Type: Inline - RelativeCall at address 0x01FE6399 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000063A1, Type: Inline - RelativeCall at address 0x01FE63A1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000063A9, Type: Inline - RelativeCall at address 0x01FE63A9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000645A, Type: Inline - PushRet at address 0x01FE645A hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000646B, Type: Inline - PushRet at address 0x01FE646B hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000065C3, Type: Inline - RelativeCall at address 0x01FE65C3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006710, Type: Inline - RelativeCall at address 0x01FE6710 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006718, Type: Inline - RelativeCall at address 0x01FE6718 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006724, Type: Inline - RelativeJump at address 0x01FE6724 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006753, Type: Inline - PushRet at address 0x01FE6753 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000675F, Type: Inline - PushRet at address 0x01FE675F hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000689E, Type: Inline - SEH at address 0x01FE689E hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000068DE, Type: Inline - RelativeCall at address 0x01FE68DE hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006BA3, Type: Inline - RelativeCall at address 0x01FE6BA3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00006C98, Type: Inline - PushRet at address 0x01FE6C98 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000073E7, Type: Inline - PushRet at address 0x01FE73E7 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000073EA, Type: Inline - RelativeCall at address 0x01FE73EA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000073FB, Type: Inline - PushRet at address 0x01FE73FB hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000762C, Type: Inline - RelativeCall at address 0x01FE762C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007641, Type: Inline - RelativeJump at address 0x01FE7641 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007646, Type: Inline - RelativeJump at address 0x01FE7646 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000076B7, Type: Inline - RelativeCall at address 0x01FE76B7 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000076C3, Type: Inline - DirectCall at address 0x01FE76C3 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000076ED, Type: Inline - RelativeCall at address 0x01FE76ED hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000076F2, Type: Inline - RelativeCall at address 0x01FE76F2 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007722, Type: Inline - PushRet at address 0x01FE7722 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007878, Type: Inline - RelativeJump at address 0x01FE7878 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000078FC, Type: Inline - RelativeCall at address 0x01FE78FC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007904, Type: Inline - RelativeCall at address 0x01FE7904 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007919, Type: Inline - RelativeCall at address 0x01FE7919 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007982, Type: Inline - RelativeCall at address 0x01FE7982 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007995, Type: Inline - RelativeJump at address 0x01FE7995 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000079E5, Type: Inline - RelativeCall at address 0x01FE79E5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007BA3, Type: Inline - RelativeJump at address 0x01FE7BA3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007BE5, Type: Inline - RelativeJump at address 0x01FE7BE5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007DB7, Type: Inline - RelativeJump at address 0x01FE7DB7 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00007DC4, Type: Inline - RelativeJump at address 0x01FE7DC4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000809D, Type: Inline - RelativeJump at address 0x01FE809D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000818A, Type: Inline - RelativeCall at address 0x01FE818A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008197, Type: Inline - RelativeCall at address 0x01FE8197 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000082A3, Type: Inline - RelativeCall at address 0x01FE82A3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000082B3, Type: Inline - RelativeJump at address 0x01FE82B3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000082BC, Type: Inline - RelativeJump at address 0x01FE82BC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000082C7, Type: Inline - RelativeJump at address 0x01FE82C7 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000836A, Type: Inline - RelativeCall at address 0x01FE836A hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000861B, Type: Inline - RelativeCall at address 0x01FE861B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008862, Type: Inline - RelativeJump at address 0x01FE8862 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008A33, Type: Inline - RelativeJump at address 0x01FE8A33 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008A46, Type: Inline - RelativeCall at address 0x01FE8A46 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008A7D, Type: Inline - RelativeJump at address 0x01FE8A7D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008A8F, Type: Inline - RelativeJump at address 0x01FE8A8F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008ABB, Type: Inline - RelativeCall at address 0x01FE8ABB hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008DBA, Type: Inline - RelativeCall at address 0x01FE8DBA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00008DC1, Type: Inline - RelativeCall at address 0x01FE8DC1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009012, Type: Inline - RelativeCall at address 0x01FE9012 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000090E3, Type: Inline - PushRet at address 0x01FE90E3 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000090E4, Type: Inline - RelativeCall at address 0x01FE90E4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009171, Type: Inline - RelativeCall at address 0x01FE9171 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009178, Type: Inline - RelativeCall at address 0x01FE9178 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000092DF, Type: Inline - PushRet at address 0x01FE92DF hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009316, Type: Inline - RelativeJump at address 0x01FE9316 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000093F6, Type: Inline - SEH at address 0x01FE93F6 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000093F8, Type: Inline - RelativeCall at address 0x01FE93F8 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000094D0, Type: Inline - PushRet at address 0x01FE94D0 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000964C, Type: Inline - RelativeCall at address 0x01FE964C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009BF9, Type: Inline - RelativeCall at address 0x01FE9BF9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009C2B, Type: Inline - RelativeCall at address 0x01FE9C2B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009C3C, Type: Inline - RelativeCall at address 0x01FE9C3C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009D1C, Type: Inline - RelativeCall at address 0x01FE9D1C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009D5F, Type: Inline - RelativeCall at address 0x01FE9D5F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009E46, Type: Inline - RelativeJump at address 0x01FE9E46 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009E6D, Type: Inline - RelativeCall at address 0x01FE9E6D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009F47, Type: Inline - RelativeCall at address 0x01FE9F47 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009F97, Type: Inline - RelativeCall at address 0x01FE9F97 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00009FC4, Type: Inline - RelativeCall at address 0x01FE9FC4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000A024, Type: Inline - RelativeCall at address 0x01FEA024 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000A059, Type: Inline - RelativeCall at address 0x01FEA059 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000A3E3, Type: Inline - RelativeCall at address 0x01FEA3E3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000A985, Type: Inline - RelativeCall at address 0x01FEA985 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000A9EA, Type: Inline - RelativeCall at address 0x01FEA9EA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000ACBF, Type: Inline - RelativeCall at address 0x01FEACBF hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000ACCE, Type: Inline - PushRet at address 0x01FEACCE hook handler located in [NeroStartSmart.exe]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000AD76, Type: Inline - PushRet at address 0x01FEAD76 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000AEDB, Type: Inline - RelativeCall at address 0x01FEAEDB hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B148, Type: Inline - RelativeJump at address 0x01FEB148 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B184, Type: Inline - RelativeCall at address 0x01FEB184 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B21F, Type: Inline - RelativeCall at address 0x01FEB21F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B5D0, Type: Inline - SEH at address 0x01FEB5D0 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B5D1, Type: Inline - RelativeCall at address 0x01FEB5D1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B616, Type: Inline - RelativeCall at address 0x01FEB616 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B781, Type: Inline - RelativeCall at address 0x01FEB781 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B786, Type: Inline - RelativeCall at address 0x01FEB786 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000B793, Type: Inline - DirectCall at address 0x01FEB793 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000BA5A, Type: Inline - DirectCall at address 0x01FEBA5A hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000BABC, Type: Inline - RelativeCall at address 0x01FEBABC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000BB60, Type: Inline - RelativeCall at address 0x01FEBB60 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000BC28, Type: Inline - PushRet at address 0x01FEBC28 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C183, Type: Inline - RelativeCall at address 0x01FEC183 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C188, Type: Inline - RelativeCall at address 0x01FEC188 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C2B0, Type: Inline - RelativeCall at address 0x01FEC2B0 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C381, Type: Inline - RelativeCall at address 0x01FEC381 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C3D9, Type: Inline - RelativeCall at address 0x01FEC3D9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C4FF, Type: Inline - PushRet at address 0x01FEC4FF hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C530, Type: Inline - DirectCall at address 0x01FEC530 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C726, Type: Inline - RelativeCall at address 0x01FEC726 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C7AA, Type: Inline - DirectCall at address 0x01FEC7AA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C7F9, Type: Inline - PushRet at address 0x01FEC7F9 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C863, Type: Inline - PushRet at address 0x01FEC863 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000C869, Type: Inline - PushRet at address 0x01FEC869 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000CF65, Type: Inline - DirectCall at address 0x01FECF65 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000CFA1, Type: Inline - RelativeCall at address 0x01FECFA1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000D24F, Type: Inline - RelativeCall at address 0x01FED24F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000D37D, Type: Inline - DirectCall at address 0x01FED37D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000D47B, Type: Inline - RelativeCall at address 0x01FED47B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000D486, Type: Inline - PushRet at address 0x01FED486 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000D705, Type: Inline - RelativeCall at address 0x01FED705 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000D710, Type: Inline - PushRet at address 0x01FED710 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000DB95, Type: Inline - PushRet at address 0x01FEDB95 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000DC1B, Type: Inline - RelativeCall at address 0x01FEDC1B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000DC98, Type: Inline - RelativeJump at address 0x01FEDC98 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000DD50, Type: Inline - RelativeCall at address 0x01FEDD50 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000DE46, Type: Inline - RelativeJump at address 0x01FEDE46 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000DFD4, Type: Inline - RelativeCall at address 0x01FEDFD4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000E052, Type: Inline - DirectCall at address 0x01FEE052 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000E292, Type: Inline - RelativeCall at address 0x01FEE292 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000E378, Type: Inline - RelativeCall at address 0x01FEE378 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000E596, Type: Inline - RelativeCall at address 0x01FEE596 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000E5AD, Type: Inline - RelativeCall at address 0x01FEE5AD hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000ED97, Type: Inline - RelativeJump at address 0x01FEED97 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000EF43, Type: Inline - RelativeCall at address 0x01FEEF43 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F0AA, Type: Inline - RelativeCall at address 0x01FEF0AA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F515, Type: Inline - SEH at address 0x01FEF515 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F516, Type: Inline - RelativeJump at address 0x01FEF516 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F52D, Type: Inline - RelativeCall at address 0x01FEF52D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F61D, Type: Inline - RelativeCall at address 0x01FEF61D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F713, Type: Inline - RelativeJump at address 0x01FEF713 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F7AA, Type: Inline - RelativeCall at address 0x01FEF7AA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F7B2, Type: Inline - PushRet at address 0x01FEF7B2 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F897, Type: Inline - PushRet at address 0x01FEF897 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F8A7, Type: Inline - RelativeCall at address 0x01FEF8A7 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000F940, Type: Inline - RelativeCall at address 0x01FEF940 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000FBA5, Type: Inline - RelativeCall at address 0x01FEFBA5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000FBBC, Type: Inline - RelativeCall at address 0x01FEFBBC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000FCAF, Type: Inline - PushRet at address 0x01FEFCAF hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000FDCD, Type: Inline - RelativeCall at address 0x01FEFDCD hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0000FFA1, Type: Inline - PushRet at address 0x01FEFFA1 hook handler located in [NeroStartSmart.exe]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001001B, Type: Inline - PushRet at address 0x01FF001B hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001042E, Type: Inline - RelativeCall at address 0x01FF042E hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000105BE, Type: Inline - RelativeCall at address 0x01FF05BE hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000106C3, Type: Inline - RelativeJump at address 0x01FF06C3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000106C9, Type: Inline - RelativeJump at address 0x01FF06C9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010749, Type: Inline - RelativeJump at address 0x01FF0749 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010760, Type: Inline - DirectCall at address 0x01FF0760 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000107F4, Type: Inline - RelativeCall at address 0x01FF07F4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000107F9, Type: Inline - RelativeCall at address 0x01FF07F9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001086A, Type: Inline - RelativeCall at address 0x01FF086A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010879, Type: Inline - RelativeCall at address 0x01FF0879 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010926, Type: Inline - RelativeCall at address 0x01FF0926 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010A6D, Type: Inline - DirectJump at address 0x01FF0A6D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010C62, Type: Inline - RelativeJump at address 0x01FF0C62 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010E01, Type: Inline - RelativeCall at address 0x01FF0E01 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010EC1, Type: Inline - RelativeCall at address 0x01FF0EC1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010EC8, Type: Inline - RelativeCall at address 0x01FF0EC8 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00010ED1, Type: Inline - RelativeCall at address 0x01FF0ED1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000110BC, Type: Inline - PushRet at address 0x01FF10BC hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011136, Type: Inline - DirectJump at address 0x01FF1136 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001113C, Type: Inline - DirectJump at address 0x01FF113C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000111CF, Type: Inline - DirectJump at address 0x01FF11CF hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000111DA, Type: Inline - DirectJump at address 0x01FF11DA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011205, Type: Inline - DirectJump at address 0x01FF1205 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011210, Type: Inline - DirectJump at address 0x01FF1210 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011216, Type: Inline - DirectJump at address 0x01FF1216 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001121C, Type: Inline - DirectJump at address 0x01FF121C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011277, Type: Inline - DirectJump at address 0x01FF1277 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001160A, Type: Inline - RelativeCall at address 0x01FF160A hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000116D4, Type: Inline - DirectJump at address 0x01FF16D4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000116DA, Type: Inline - DirectJump at address 0x01FF16DA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000116E0, Type: Inline - DirectJump at address 0x01FF16E0 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000118A1, Type: Inline - DirectCall at address 0x01FF18A1 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000118A9, Type: Inline - RelativeJump at address 0x01FF18A9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011916, Type: Inline - DirectCall at address 0x01FF1916 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011959, Type: Inline - SEH at address 0x01FF1959 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000119F5, Type: Inline - DirectCall at address 0x01FF19F5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011ACC, Type: Inline - PushRet at address 0x01FF1ACC hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011AD4, Type: Inline - RelativeCall at address 0x01FF1AD4 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011ADA, Type: Inline - RelativeCall at address 0x01FF1ADA hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011AE5, Type: Inline - PushRet at address 0x01FF1AE5 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011AE6, Type: Inline - DirectJump at address 0x01FF1AE6 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011B7E, Type: Inline - RelativeJump at address 0x01FF1B7E hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011BAF, Type: Inline - PushRet at address 0x01FF1BAF hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011BB5, Type: Inline - RelativeJump at address 0x01FF1BB5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011BC9, Type: Inline - RelativeJump at address 0x01FF1BC9 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011C94, Type: Inline - RelativeJump at address 0x01FF1C94 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011D28, Type: Inline - RelativeJump at address 0x01FF1D28 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011D43, Type: Inline - DirectJump at address 0x01FF1D43 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011D49, Type: Inline - PushRet at address 0x01FF1D49 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011D4A, Type: Inline - RelativeJump at address 0x01FF1D4A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011D54, Type: Inline - DirectJump at address 0x01FF1D54 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011DB0, Type: Inline - RelativeJump at address 0x01FF1DB0 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011DB8, Type: Inline - RelativeJump at address 0x01FF1DB8 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011DC2, Type: Inline - RelativeJump at address 0x01FF1DC2 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011DCC, Type: Inline - RelativeJump at address 0x01FF1DCC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011DF3, Type: Inline - RelativeJump at address 0x01FF1DF3 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011E3F, Type: Inline - RelativeJump at address 0x01FF1E3F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011E49, Type: Inline - RelativeJump at address 0x01FF1E49 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011E51, Type: Inline - DirectJump at address 0x01FF1E51 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011E5A, Type: Inline - RelativeJump at address 0x01FF1E5A hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011E64, Type: Inline - RelativeJump at address 0x01FF1E64 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011E6C, Type: Inline - RelativeJump at address 0x01FF1E6C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011EC0, Type: Inline - RelativeJump at address 0x01FF1EC0 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011EC5, Type: Inline - RelativeJump at address 0x01FF1EC5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011ECD, Type: Inline - RelativeJump at address 0x01FF1ECD hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011F43, Type: Inline - DirectJump at address 0x01FF1F43 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011F4C, Type: Inline - RelativeJump at address 0x01FF1F4C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011FEA, Type: Inline - PushRet at address 0x01FF1FEA hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011FEC, Type: Inline - RelativeCall at address 0x01FF1FEC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00011FF4, Type: Inline - PushRet at address 0x01FF1FF4 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012026, Type: Inline - RelativeJump at address 0x01FF2026 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012030, Type: Inline - RelativeJump at address 0x01FF2030 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001215E, Type: Inline - RelativeJump at address 0x01FF215E hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001222A, Type: Inline - PushRet at address 0x01FF222A hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001222C, Type: Inline - RelativeJump at address 0x01FF222C hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012234, Type: Inline - RelativeJump at address 0x01FF2234 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001233D, Type: Inline - RelativeJump at address 0x01FF233D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000123DC, Type: Inline - RelativeCall at address 0x01FF23DC hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000123E7, Type: Inline - PushRet at address 0x01FF23E7 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000123F4, Type: Inline - DirectJump at address 0x01FF23F4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012407, Type: Inline - RelativeJump at address 0x01FF2407 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012412, Type: Inline - RelativeJump at address 0x01FF2412 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012452, Type: Inline - RelativeJump at address 0x01FF2452 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012481, Type: Inline - RelativeJump at address 0x01FF2481 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012486, Type: Inline - RelativeJump at address 0x01FF2486 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000124F0, Type: Inline - RelativeCall at address 0x01FF24F0 hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000124F5, Type: Inline - RelativeJump at address 0x01FF24F5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012501, Type: Inline - RelativeJump at address 0x01FF2501 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001250B, Type: Inline - RelativeJump at address 0x01FF250B hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012516, Type: Inline - RelativeJump at address 0x01FF2516 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x000125F1, Type: Inline - RelativeJump at address 0x01FF25F1 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012602, Type: Inline - RelativeJump at address 0x01FF2602 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012607, Type: Inline - RelativeJump at address 0x01FF2607 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x00012618, Type: Inline - RelativeJump at address 0x01FF2618 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll+0x0001261D, Type: Inline - RelativeJump at address 0x01FF261D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->gethostbyaddr, Type: Inline - RelativeCall at address 0x01FEE4A2 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->GetNameInfoW, Type: Inline - RelativeCall at address 0x01FEC505 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->getprotobyname, Type: Inline - RelativeCall at address 0x01FEE199 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->getservbyport, Type: Inline - RelativeCall at address 0x01FEE5C5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->getservbyport, Type: Inline - RelativeCall at address 0x01FEE5D4 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->sendto, Type: Inline - PushRet at address 0x01FE2F5D hook handler located in [unknown_code_page]
[3884]NeroStartSmart.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeCall at address 0x01FE2F5F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSACancelAsyncRequest, Type: Inline - RelativeCall at address 0x01FEE35F hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSAEnumNetworkEvents, Type: Inline - RelativeCall at address 0x01FE6597 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump at address 0x01FF0D22 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump at address 0x01FF0D2D hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSAGetServiceClassNameByClassIdW, Type: Inline - RelativeCall at address 0x01FEFF98 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSAHtonl, Type: Inline - RelativeCall at address 0x01FEBCF2 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSAHtons, Type: Inline - RelativeCall at address 0x01FEBDD5 hook handler located in [CDCopy.dll]
[3884]NeroStartSmart.exe-->ws2_32.dll-->WSALookupServiceNextW, Type: Inline - PushRet at address 0x01FE3182 hook handler located in [unknown_code_page]
[792]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

bei Antwort benachrichtigen
Conqueror tocksick „Computer mit Rootkit infiziert??“
Optionen

Und mit welchem Tool hast Du dies festgestellt ? Mit Antivir = ?
Wenn ja war dieses auf dem neuesten Stand ?

bei Antwort benachrichtigen
tocksick Nachtrag zu: „Computer mit Rootkit infiziert??“
Optionen

Das Programm das dieses Log erstellt hat war RK Unhooker. Antivir uns Spybot haben nichts festgestellt. Antivr ist auf dem neuesten Stand, Heuristik ist auf "hoch" und scan wird jeden Abend durchgeführt.

bei Antwort benachrichtigen
Conqueror tocksick „Computer mit Rootkit infiziert??“
Optionen

Lade bitte
http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx
runter und entpacke das Archiv in einen eigenen Ordner, z.B.
C:programmerootkitrevealer.
Starte in diesem Ordner RootkitReavealer.exe. Alle anderen
Programme schließen.
Starte durch Klick auf "Scan".
Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern, und hier im forum posten.



Sophos scannen lassen
Gehe zu
http://www.sophos.de/products/free-tools/sophos-anti-rootkit/download/
und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe.
Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:SOPHTEMP nicht.
Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme.
Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse.
Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten.



Gmer scannen lassen
Lade dir Gmer von
dieser Seite http://www.gmer.net/files.php
runter und entpacke es auf deinen Desktop.
Starte gmer.exe und gehe zum Tabellenreiter Rootkit. Alle anderen Programme sollten geschlossen sein.
Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist (Wichtig: "Show all" darf nicht angehakt sein) und starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
Füge das Log aus der Zwischenablage in deine Antwort hier ein.

bei Antwort benachrichtigen
tocksick Nachtrag zu: „Computer mit Rootkit infiziert??“
Optionen

Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 30.12.2009 at 22:41:50
User "Dominic" on computer "SENSIL"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\drivers\sptd.sys
Info: Starting disk scan of G: (NTFS).
Stopped logging on 30.12.2009 at 22:55:26
_________________________________________________________________________________

HKU\S-1-5-21-1085031214-1935655697-682003330-1004\Console 24.11.2009 00:38 0 bytes Security mismatch.
HKU\S-1-5-21-1085031214-1935655697-682003330-1004\Console\AA3-Tutorials.bat 15.07.2009 18:37 0 bytes Security mismatch.
HKU\S-1-5-21-1085031214-1935655697-682003330-1004\console_combofixbackup 16.07.2009 19:26 0 bytes Security mismatch.
HKU\S-1-5-21-1085031214-1935655697-682003330-1004\console_combofixbackup\AA3-Tutorials.bat 16.07.2009 19:26 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 27.10.2008 21:54 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 27.10.2008 21:54 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\ASUS\AI Gear3\EPU\MB\CurrentPower 30.12.2009 22:57 8 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\services\command\ 25.10.2009 23:57 21 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher\DefaultIcon 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher\shell 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher\shell\open 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher\shell\open\command 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher\shell\open\ddeexec 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher\shell\open\ddeexec\Application 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\gopher\shell\open\ddeexec\Topic 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Enum 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Linkage 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Parameters 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Parameters\Interfaces 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Parameters\Interfaces\Tcpip_{130FF01E-CEE2-44A4-9FF1-71DF5A5F1CF4} 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Parameters\Interfaces\Tcpip_{1BF4C15B-1FDE-4D61-B068-FB114253DAF9} 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Parameters\Interfaces\Tcpip_{35F0F2DB-3303-44FB-9AC7-462DC15DA3F9} 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Parameters\Interfaces\Tcpip_{6D2839C1-0687-43E6-9F45-81CA0BD13D31} 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\NetBT\Parameters\Interfaces\Tcpip_{DCD70627-BAA5-431D-89FD-731596DB9829} 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Ole 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Ole\AppCompat 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Ole\AppCompat\ActivationSecurityCheckExemptionList 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Rpc 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Rpc\ClientProtocols 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Rpc\NameService 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Rpc\NetBios 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\Rpc\SecurityService 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\telnet 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\telnet\DefaultIcon 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\telnet\shell 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\telnet\shell\open 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SOFTWARE\fdik\Windows-Dienste abschalten\Backup\telnet\shell\open\command 09.01.2009 14:12 0 bytes Security mismatch.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 21.09.2009 21:22 0 bytes Access is denied.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 20.10.2009 01:01 252.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 20.10.2009 01:01 111.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll 20.10.2009 01:01 8.00 KB Visible in Windows API, but not in MFT or directory index.
E: 01.01.1601 01:00 0 bytes Error mounting volume
________________________________________________________________________________________

Gmer kann ich nicht posten da das Programm am ende total hängt, Winlogon.exe sowie lsass.exe verbrauchen dabei jeweils 50% CPU auslastung, gmer kann nix speichern und copy um es in eine datei zu speichern geht auch nicht. habs nun 3 mal probiert aber immer gleiches ergebnis.

bei Antwort benachrichtigen
Conqueror tocksick „Sophos Anti-Rootkit Version 1.5.0 c 2009 Sophos Plc Started logging on...“
Optionen

Um ganz sicher zu gehen, gehe auf diese Seite und poste das Logfile:
http://sicher-ins-netz.info/analyse/hjt.html

bei Antwort benachrichtigen
tocksick Nachtrag zu: „Computer mit Rootkit infiziert??“
Optionen

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:53:57, on 31.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\FRITZ!Fernzugang\certsrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Programme\FRITZ!Fernzugang\nwtsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programme\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.de/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.de/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.de/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 95.43.131.253 testauthd.lineage2.com
O1 - Hosts: 94.127.17.101 l2testauthd.lineage2.com
O1 - Hosts: 94.127.17.101 l2authd.lineage2.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.6.0_13\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre1.6.0_13\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programme\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Programme\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Programme\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programme\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DD1C28F-9B65-4FA3-898F-90687F8AD5A3}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{130FF01E-CEE2-44A4-9FF1-71DF5A5F1CF4}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D2839C1-0687-43E6-9F45-81CA0BD13D31}: NameServer = 192.168.123.254
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM FRITZ!Fernzugang IKE Service (avmike) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\avmike.exe
O23 - Service: AVM FRITZ!Fernzugang Cert Service (certsrv) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\certsrv.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: AVM FRITZ!Fernzugang Client (nwtsrv) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe
O23 - Service: NZ - Unknown owner - C:\DOKUME~1\Dominic\LOKALE~1\Temp\NZ.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11412 bytes

bei Antwort benachrichtigen
Conqueror tocksick „Computer mit Rootkit infiziert??“
Optionen

Bin mir nicht ganz sicher
Gehe mal auf diese Seite http://www.resplendence.com/downloads und lade Dir das Tool SanityCheck 2.00. Dies ist neueste Entwicklung. Findet dies etwas, schlecht.

bei Antwort benachrichtigen
tocksick Nachtrag zu: „Computer mit Rootkit infiziert??“
Optionen

BTW: HZappyyyy New Yearrr :)

Analyzing your system ...

Processes with suspicious filenames have been detected

One or more processes have been detected which are trying to appear as a standard Windows process. This may be an indication of malware at work.


The process khalmnpr.exe is suspicious as it is trying to appear as a a standard Windows process.

Information about the responsible process khalmnpr.exe:

file path: C:\programme\gemeinsame dateien\logishrd\khal2\khalmnpr.exe
product: Logitech SetPoint
description: Logitech KHAL Main Process
company: Logitech, Inc.
Click here to do a Google search on khalmnpr.exe

Processes are running without company, product and description information

One or more processes have been detected which have not registered any company, product and description information. This is not necessarily the work of a virus or malware but does raise a flag of suspicion. It is suggested you find out what this process belongs to and why it is running on your system.


The process sixengine.exe does not have any product, company or description information.

Information about the responsible process sixengine.exe:

file path: C:\program files\asus\six engine\sixengine.exe
Click here to do a Google search on sixengine.exe


The process lgdcore.exe does not have any product, company or description information.

Information about the responsible process lgdcore.exe:

file path: C:\programme\logitech\gamepanel software\g-series software\lgdcore.exe
Click here to do a Google search on lgdcore.exe


The process lcdmon.exe does not have any product, company or description information.

Information about the responsible process lcdmon.exe:

file path: C:\programme\logitech\gamepanel software\lcd manager\lcdmon.exe
Click here to do a Google search on lcdmon.exe


The process ainap.exe does not have any product, company or description information.

Information about the responsible process ainap.exe:

file path: C:\programme\asus\ai suite\ainap\ainap.exe
Click here to do a Google search on ainap.exe


The process qfanhelp.exe does not have any product, company or description information.

Information about the responsible process qfanhelp.exe:

file path: C:\programme\asus\ai suite\qfan3\qfanhelp.exe
Click here to do a Google search on qfanhelp.exe


The process g15_teamspeak.exe does not have any product, company or description information.

Information about the responsible process g15_teamspeak.exe:

file path: C:\programme\schmads inc\g15_teamspeak\g15_teamspeak.exe
Click here to do a Google search on g15_teamspeak.exe


The process pnkbstra.exe does not have any product, company or description information.

Information about the responsible process pnkbstra.exe:

file path: C:\windows\system32\pnkbstra.exe
Click here to do a Google search on pnkbstra.exe


The process pnkbstrb.exe does not have any product, company or description information.

Information about the responsible process pnkbstrb.exe:

file path: C:\windows\system32\pnkbstrb.exe
Click here to do a Google search on pnkbstrb.exe


Soweit kenne ich alle oben aufgeführten programme
--------------------------------------------------------------------------------


Some driver entry points are being hijacked by other modules



Module spgy.sys is overwriting one or more dispatch entry points of other drivers running in the system. This controversial technique could be the work of malware running in the system but it could also be the work of legitimate software.

Information about the responsible module spgy.sys:

file path: spgy.sys
This file is no longer available. We suggest you try to find this file in another location on your hard disk.
Click here to do a Google search on spgy.sys


das hier wundert mich nur ein bisschen was das ist



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Irregularities have been detected on your system which indicate your system is possibly compromised by malware but it may also be that these are caused by a legitimate product. If you do not know what these files are about it is suggested that you locate the above mentioned files and do a search on their filenames with Google. This may help you find out whether the reported issues are the work of a legitimate product that you have installed deliberately or the work of a rootkit of other malware.

As always, we suggest you use a good antivirus scanner which does not make use of any controversial techniques and always practice caution when downloading files and opening email attachments.

Note that is is not always possible to make a clear distinction between malware and legitimate products. This is because certain legitimate products resort to agressive controversial techniques as an anti-piracy measure, to avoid debugging or for anti-competetive purposes. Antivirus or other security software may be making use of rootkit-like techniques in an attempt to hide itself from malware. Worse, such products may be involved in a controversial race along the lines of "defeat evil with its own weapons".


About your system:

Windows version: Windows XP Service Pack 3, 5.1, build: 2600
Windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 2146414592 total

Report generated on 01.01.2010 02:00:49

bei Antwort benachrichtigen
tocksick Nachtrag zu: „Computer mit Rootkit infiziert??“
Optionen

hier noch ein Scan von OTL


http://pastebin.com/m31cc7878

bei Antwort benachrichtigen
Conqueror tocksick „hier noch ein Scan von OTL http://pastebin.com/m31cc7878“
Optionen

Ich kann Dir nur raten die neue C`T zu erwerben, dort ist eine DVD drin mit Virenscannern und Rootkit Scanner, damit kannst Du Dein Tool von DVD aus überprüfen. Somit haben eventuelle Schädlinge keine Chance sich zu verstecken. Das Tool kann sich auch aktualisieren.

bei Antwort benachrichtigen
tocksick Nachtrag zu: „Computer mit Rootkit infiziert??“
Optionen

Naja ich sag mal so, für mich war nur die Frage wichtig ob eines drauf sein könnte, wenn das nun zu kompliziet wird, dann gibts einfach ne low-level Formatierung und gut ist. Sowieso das Beste was du bei nem kompromitiertem System machen kannst. Dennoch danke für die Bemühungen :))

bei Antwort benachrichtigen