| |
| |||||||
Log-Analyse und Auswertung: HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.12.2010, 16:23
| #1 |
 |  HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. Hallo, ich poste nun nochmal mein HiJack-Logfile sowie ein GMER-Logfile. Vielleicht koennte sich mal jemand die Prozesse ansehen. Ich hatte schon mal gepostet allerdings hat niemand mehr geantwortet. Ich habe zuletzt noch festgestellt, dass Kerio seid geraumer Zeit immer Backdoor-Angriffe anzeigt, die mein Internet lahmlegen und auch Skype ungewoehnliche Verbindungen nach aussen ahn, was dann auch dazu fuehrt, dass sich das Programm nicht verbinden kann. Da ich schon super viele Scans gemacht habe und selber nichts finde waere es gut wenn sich jeamand die Files ansehen koennte. Vielen Dank HiJack -------------------------------------------------------------------------------------HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:40:42 AM, on 12/28/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\PC Tools Security\BDT\FGuard.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\IRW.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\Boot Camp\KbdMgr.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\AppleOSSMgr.exe C:\WINDOWS\system32\AppleTimeSrv.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Simone\My Documents\Downloads\HiJackThis204.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - - (no file) O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe -- End of file - 10157 bytes GMER -------------------------------------------------------------------------------------GMER Logfile: Code:
ATTFilter GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2010-12-22 17:22:09
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9ECB6AE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EA9A96]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9EA9D5E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9ECC04C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9ECC3D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9ECA8EC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB59C26C0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9ECC91A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9ECBA50]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB59C2770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB59C2810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB59C28B0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP EA9D5EB9
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[600] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\WINDOWS\Explorer.EXE[1120] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100250F0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100251A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10025140] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100250A0] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
IAT C:\Program Files\PC Tools Security\BDT\FGuard.exe[3248] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10025210] C:\Program Files\PC Tools Security\BDT\FGuardHks.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\BTHUSB \Device\000000a0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\BTHUSB \Device\000000a2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001ec2948f29
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001ec2948f29
---- EOF - GMER 1.0.15 ----
|
| Themen zu HiJack und Gmer durchsehen - Malewarebytes zeigt keine funde. |
| adobe, avg, bho, bonjour, browser, driver./avg, excel, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, keine funde, mozilla, ntdll.dll, plug-in, programm, prozesse, registry, rundll, security, server, shell32.dll, software, super, system, udp, windows, windows xp |
Baum-Darstellung