|
Plagegeister aller Art und deren Bekämpfung: trojaner an bord! online-banking gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.06.2011, 12:07 | #1 |
| trojaner an bord! online-banking gesperrt hallo, habe von meiner bank anruf erhalten dass meine login-daten gesperrt wurden, da sich auf meinem rechner trojaner befinden. habe in letzter zeit mehrere warnungen von antivir erhalten, dachte jedoch dass das problem durch antivir beseitigt wurde. dem scheint nicht so.. was kann ich tun und wie? thx für info. gruß tom und gerade eben noch ne warnung von antivir hier mal meine netstat -a-copy: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Dokumente und Einstellungen\Thomas>netstat -a Aktive Verbindungen Proto Lokale Adresse Remoteadresse Status TCP thomas-pc:epmap thomas-pc:0 ABHÖREN TCP thomas-pc:microsoft-ds thomas-pc:0 ABHÖREN TCP thomas-pc:1025 thomas-pc:0 ABHÖREN TCP thomas-pc:11487 thomas-pc:0 ABHÖREN TCP thomas-pc:1026 thomas-pc:0 ABHÖREN TCP thomas-pc:1039 localhost:1040 HERGESTELLT TCP thomas-pc:1040 localhost:1039 HERGESTELLT TCP thomas-pc:1045 localhost:1046 HERGESTELLT TCP thomas-pc:1046 localhost:1045 HERGESTELLT TCP thomas-pc:1648 localhost:5152 FIN_WARTEN_2 TCP thomas-pc:5152 thomas-pc:0 ABHÖREN TCP thomas-pc:5152 localhost:1648 SCHLIESSEN_WARTEN TCP thomas-pc:netbios-ssn thomas-pc:0 ABHÖREN TCP thomas-pc:1042 s15469592.rootmaster.info:http SCHLIESSEN_WARTE N TCP thomas-pc:1043 s15469592.rootmaster.info:http SCHLIESSEN_WARTE N TCP thomas-pc:1613 ey-in-f100.1e100.net:http HERGESTELLT TCP thomas-pc:1615 178.236.5.51:http HERGESTELLT TCP thomas-pc:1622 80.157.150.25:http HERGESTELLT TCP thomas-pc:1623 dd3728.kasserver.com:http WARTEND TCP thomas-pc:1624 dd3728.kasserver.com:http WARTEND TCP thomas-pc:1625 dd3728.kasserver.com:http WARTEND TCP thomas-pc:1626 ey-in-f95.1e100.net:http HERGESTELLT TCP thomas-pc:1627 ey-in-f95.1e100.net:http HERGESTELLT TCP thomas-pc:1628 dd3728.kasserver.com:http WARTEND TCP thomas-pc:1629 dd3728.kasserver.com:http WARTEND TCP thomas-pc:1630 fra07s07-in-f164.1e100.net:http HERGESTELLT TCP thomas-pc:1632 fra07s07-in-f99.1e100.net:http HERGESTELLT TCP thomas-pc:1653 img.web.de:http WARTEND TCP thomas-pc:1654 img.web.de:http WARTEND TCP thomas-pc:1655 img.web.de:http WARTEND TCP thomas-pc:1660 img.web.de:http WARTEND TCP thomas-pc:1661 img.web.de:http WARTEND TCP thomas-pc:1662 img.web.de:http WARTEND TCP thomas-pc:1664 img.web.de:http WARTEND TCP thomas-pc:1677 img.web.de:http WARTEND TCP thomas-pc:1689 img.web.de:http WARTEND TCP thomas-pc:1691 img.web.de:http WARTEND UDP thomas-pc:microsoft-ds *:* UDP thomas-pc:isakmp *:* UDP thomas-pc:4500 *:* UDP thomas-pc:ntp *:* UDP thomas-pc:ntp *:* UDP thomas-pc:netbios-ns *:* UDP thomas-pc:netbios-dgm *:* C:\Dokumente und Einstellungen\Thomas> |
26.06.2011, 10:24 | #2 |
/// TB-Ausbilder | trojaner an bord! online-banking gesperrtMein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte lies dir folgende Themen sorgfältig durch:
Erstelle anschließend die gewünschten Logfiles von Defogger, OTL und GMER. Ohne die entsprechenden Logfiles kann und wird dir hier niemand helfen. Vielen Dank für dein Verständnis. |
26.06.2011, 15:20 | #3 |
| trojaner an bord! online-banking gesperrt hallo und danke für die antwort und hilfe. Defogger forderte aber nicht zum Neustart auf
__________________hier die defogger-copies: defogger_enable by jpshortstuff (23.02.10.1) Log created at 16:18 on 26/06/2011 (Thomas) Parsing file... -=E.O.F=- ________________________________________________________________ defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:15 on 26/06/2011 (Thomas) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
26.06.2011, 15:40 | #4 |
/// TB-Ausbilder | trojaner an bord! online-banking gesperrt Hallo Thomas, Das ist ok so. Führe die beiden anderen Programm aus und poste die gewünschten Logfiles. Vielen Dank. |
26.06.2011, 16:00 | #5 |
| trojaner an bord! online-banking gesperrt OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.06.2011 16:25:06 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Dokumente und Einstellungen\Thomas\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 71,80% Memory free 1,48 Gb Paging File | 0,98 Gb Available in Paging File | 66,39% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 8,79 Gb Total Space | 0,01 Gb Free Space | 0,09% Space Free | Partition Type: NTFS Drive D: | 5,50 Gb Total Space | 3,58 Gb Free Space | 65,08% Space Free | Partition Type: FAT32 Drive E: | 197,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 465,76 Gb Total Space | 452,63 Gb Free Space | 97,18% Space Free | Partition Type: NTFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe PRC - [2011.04.27 14:50:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.27 18:57:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.03.27 17:00:00 | 000,057,344 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE PRC - [2002.10.15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe ========== Modules (SafeList) ========== MOD - [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe MOD - [2008.04.14 04:20:11 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.04.27 14:50:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.27 18:57:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2009.11.24 13:33:20 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.02.27 14:15:14 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.03.27 18:57:15 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.01.10 15:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.10.19 10:05:00 | 000,380,928 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2004.08.04 08:38:56 | 000,327,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2002.11.18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2001.08.17 14:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/?status=login-failed&mc=freemail@msg@logonfailed.hp@home@hinweis IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://web.de/fm?status=login-failed" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5018 [2011.06.15 20:20:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\mozilla\components [2009.09.07 11:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\mozilla\plugins [2009.09.07 11:52:30 | 000,000,000 | ---D | M] [2009.05.07 17:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Extensions [2011.03.30 19:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions [2009.09.03 09:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.25 23:11:40 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.08.30 21:15:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.05 21:33:12 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\searchplugins\conduit.xml [2009.09.07 11:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.19 23:22:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.06.15 20:20:23 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5018 [2009.12.04 16:30:30 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.01 16:34:18 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.12 19:54:14 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.04.15 17:37:50 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found. O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader Link Helper) - {C689C99E-3A8C-4c87-A79C-C80DC9C81632} - C:\WINDOWS\system32\AcroIEHelpe035.dll (Adobe Systems, Incorporated) O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [{8F48A3C8-B867-6C6B-E368-15DDC3AF994D}] C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag\inojo.exe () O4 - HKCU..\RunOnce: [Shockwave Updater] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226429018769 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.11 20:09:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell - "" = AutoRun O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell\AutoRun\command - "" = G:\iStudio.exe O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.26 16:23:20 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2011.06.25 14:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.06.19 17:44:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011.06.19 17:41:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\.sol Editor [2011.06.19 17:41:09 | 000,000,000 | ---D | C] -- C:\Programme\Sol Edit [2011.06.15 20:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5018 [2011.06.10 15:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs [2011.06.10 15:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5017 [2011.06.08 15:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5016 [2011.06.08 15:24:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2011.06.08 15:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2011.06.26 16:03:49 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.06.26 16:03:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.06.26 16:03:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.06.26 16:03:37 | 1341,689,856 | -HS- | M] () -- C:\hiberfil.sys [2011.06.22 23:26:39 | 000,137,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.20 00:48:19 | 000,000,043 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.10 19:11:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2011.03.27 16:00:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2010.07.16 19:45:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.16 17:04:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.03.28 11:53:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10QA4.INI [2009.12.10 17:36:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.11.26 16:47:19 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll [2009.11.26 16:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI [2009.04.14 18:53:54 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wiso.ini [2009.01.26 18:44:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Thomas.ini [2009.01.08 18:00:31 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008.12.09 17:23:13 | 000,047,104 | RHS- | C] () -- C:\WINDOWS\System32\appconf32.exe [2008.11.30 14:49:11 | 000,000,250 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2008.11.12 22:16:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.12 00:07:12 | 000,000,888 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2008.11.12 00:07:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2008.11.11 23:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.11.11 22:44:21 | 000,137,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.11 21:42:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.11.11 20:13:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.11.11 20:06:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.11.11 19:59:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.11.11 19:57:06 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2004.08.04 07:29:31 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2004.08.04 07:29:31 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys [2004.08.04 07:29:30 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2004.08.04 07:29:30 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys [2004.08.04 07:29:29 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys [2004.08.04 07:29:29 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2004.08.04 07:29:28 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2004.08.04 07:29:27 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2003.04.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003.04.02 14:00:00 | 000,473,624 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2003.04.02 14:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003.04.02 14:00:00 | 000,089,914 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2003.04.02 14:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003.04.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003.04.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.11.19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat [2002.11.19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat ========== LOP Check ========== [2010.02.25 14:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2009.04.14 18:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.05.03 12:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.11.11 22:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.06.26 16:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Arxop [2010.09.11 10:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Ashampoo [2009.04.14 18:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Buhl Data Service [2009.04.15 17:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Foxit [2010.07.29 17:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Foxit Software [2010.05.01 12:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\GrabPro [2011.05.13 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag [2010.06.03 09:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Orbit [2010.12.01 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\PriceGong [2008.11.11 22:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\TuneUp Software [2009.01.08 18:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\WEBDE [2008.11.12 14:53:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Windows Desktop Search [2008.11.12 21:25:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Windows Search [2011.06.26 16:03:49 | 000,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Thomas\Desktop\CWSysinfo.exe:SummaryInformation @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34 < End of report > |
26.06.2011, 16:01 | #6 |
| trojaner an bord! online-banking gesperrt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.06.2011 16:25:06 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Dokumente und Einstellungen\Thomas\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 71,80% Memory free 1,48 Gb Paging File | 0,98 Gb Available in Paging File | 66,39% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 8,79 Gb Total Space | 0,01 Gb Free Space | 0,09% Space Free | Partition Type: NTFS Drive D: | 5,50 Gb Total Space | 3,58 Gb Free Space | 65,08% Space Free | Partition Type: FAT32 Drive E: | 197,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 465,76 Gb Total Space | 452,63 Gb Free Space | 97,18% Space Free | Partition Type: NTFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup "C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE "D:\mozilla\firefox.exe" = D:\mozilla\firefox.exe:*:Enabled:Firefox "C:\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ".sol Editor" = .sol Editor 1.1.0.1 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Canon LBP2900" = Canon LBP2900 "ENTERPRISE" = Microsoft Office Enterprise 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "MDI2PDF (Microsoft Office Document Image) Converter_is1" = MDI2PDF 2.4 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PCI Audio Applications" = PCI Audio Applications "PCI Audio Driver" = PCI Audio Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.06.2011 08:47:31 | Computer Name = THOMAS-PC | Source = VSS | ID = 4001 Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich. Error - 25.06.2011 08:49:30 | Computer Name = THOMAS-PC | Source = VSS | ID = 4001 Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich. Error - 25.06.2011 08:49:36 | Computer Name = THOMAS-PC | Source = VSS | ID = 4001 Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich. Error - 25.06.2011 10:13:34 | Computer Name = THOMAS-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung firefox.exe, Version 0.0.0.0, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Error - 25.06.2011 10:13:53 | Computer Name = THOMAS-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung firefox.exe, Version 0.0.0.0, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Error - 25.06.2011 10:14:08 | Computer Name = THOMAS-PC | Source = VSS | ID = 5013 Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager" aufgerufene Routine "ExportNtmsDatabase" ist mit Status "0x80070070" (konvertiert in 0x800423f1) fehlgeschlagen. Error - 25.06.2011 10:14:10 | Computer Name = THOMAS-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung firefox.exe, Version 0.0.0.0, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Error - 26.06.2011 10:15:58 | Computer Name = THOMAS-PC | Source = MSDTC | ID = 4404 Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x80070070 Error - 26.06.2011 10:16:19 | Computer Name = THOMAS-PC | Source = VSS | ID = 5013 Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "EventLogs" aufgerufene Routine "BackupEventLogW" ist mit Status "0x80070070" (konvertiert in 0x800423f1) fehlgeschlagen. Error - 26.06.2011 10:16:55 | Computer Name = THOMAS-PC | Source = VSS | ID = 5013 Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "EventLogs" aufgerufene Routine "BackupEventLogW" ist mit Status "0x80070070" (konvertiert in 0x800423f1) fehlgeschlagen. [ OSession Events ] Error - 20.02.2011 15:05:48 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 31.03.2011 14:31:13 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 31.03.2011 14:31:40 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error - 31.03.2011 14:36:18 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 31.03.2011 14:36:30 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 31.03.2011 14:36:52 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 31.03.2011 14:37:55 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 10.05.2011 16:18:24 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.05.2011 14:13:44 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.05.2011 14:14:33 | Computer Name = THOMAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 24.05.2011 15:55:45 | Computer Name = THOMAS-PC | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 24.05.2011 15:55:58 | Computer Name = THOMAS-PC | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 24.05.2011 15:57:59 | Computer Name = THOMAS-PC | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 24.05.2011 15:58:22 | Computer Name = THOMAS-PC | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 24.05.2011 16:00:12 | Computer Name = THOMAS-PC | Source = atapi | ID = 262153 Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 25.06.2011 08:15:34 | Computer Name = THOMAS-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "Distributed Transaction Coordinator" wurde mit folgendem dienstspezifischem Fehler beendet: 3221229584 (0xC0001010). Error - 25.06.2011 08:50:27 | Computer Name = THOMAS-PC | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService. Error - 25.06.2011 09:12:35 | Computer Name = THOMAS-PC | Source = VolSnap | ID = 393226 Description = Die Schattenkopie von Volume "D:" hat das Installationszeitlimit überschritten. Error - 26.06.2011 10:04:38 | Computer Name = THOMAS-PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Gatewaydienst auf Anwendungsebene. Error - 26.06.2011 10:04:38 | Computer Name = THOMAS-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Gatewaydienst auf Anwendungsebene" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > |
26.06.2011, 16:31 | #7 |
| trojaner an bord! online-banking gesperrt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover Rootkit scan 2011-06-26 17:26:12 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_91531U3 rev.FA520S60 Running: d1jo9i5w.exe; Driver: C:\DOKUME~1\Thomas\LOKALE~1\Temp\uwlyipod.sys ---- System - GMER 1.0.15 ---- SSDT BA2AED7E ZwCreateKey SSDT BA2AED74 ZwCreateThread SSDT BA2AED83 ZwDeleteKey SSDT BA2AED8D ZwDeleteValueKey SSDT BA2AED92 ZwLoadKey SSDT BA2AED60 ZwOpenProcess SSDT BA2AED65 ZwOpenThread SSDT BA2AED9C ZwReplaceKey SSDT BA2AED97 ZwRestoreKey SSDT BA2AED88 ZwSetValueKey ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Mixer.exe[376] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 03B30317 .text C:\WINDOWS\Mixer.exe[376] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 03B30095 .text C:\WINDOWS\Mixer.exe[376] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 03B30275 .text C:\WINDOWS\Mixer.exe[376] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\WINDOWS\Mixer.exe[376] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 03B30468 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 03B26F55 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 03B26ED7 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 03B3EF33 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 03B26F16 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 03B2A562 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 03B2A5B2 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 03B2A4C3 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 03B39768 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 03B39802 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 03B393F6 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 03B39446 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 03B394F0 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 03B2A58A .text C:\WINDOWS\Mixer.exe[376] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 03B39854 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 03B39464 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 03B26DCC .text C:\WINDOWS\Mixer.exe[376] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 03B26E3C .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 03B2A395 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 03B2A363 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 03B3969A .text C:\WINDOWS\Mixer.exe[376] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 03B2A5DD .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 03B26F95 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 03B396E3 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 03B394AA .text C:\WINDOWS\Mixer.exe[376] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 03B2A419 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 03B2A473 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 03B26E7C .text C:\WINDOWS\Mixer.exe[376] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 03B397B5 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 03B27028 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 03B3957C .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 03B3960E .text C:\WINDOWS\Mixer.exe[376] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 03B3F0A0 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 03B39536 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 03B395C5 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 03B39654 .text C:\WINDOWS\Mixer.exe[376] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 03B2A3DC .text C:\WINDOWS\Mixer.exe[376] wininet.dll!InternetSetOptionA 408C3302 5 Bytes JMP 03B3006E .text C:\WINDOWS\Mixer.exe[376] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 03B2FF28 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 03B2FFE9 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 03B2FEE5 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 03B2FFB8 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 03B2FCF9 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 03B30056 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 03B2FD50 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!InternetReadFileExA 408E3381 5 Bytes JMP 03B2FF69 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 03B3003E .text C:\WINDOWS\Mixer.exe[376] wininet.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 03B2FE46 .text C:\WINDOWS\Mixer.exe[376] wininet.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 03B2FDA7 .text C:\WINDOWS\Mixer.exe[376] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 03B38ACD .text C:\WINDOWS\Mixer.exe[376] ws2_32.dll!send 71A14C27 5 Bytes JMP 03B38B1F .text C:\WINDOWS\Mixer.exe[376] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 03B38C13 .text C:\WINDOWS\Mixer.exe[376] ws2_32.dll!recv 71A1676F 5 Bytes JMP 03B38BCB .text C:\WINDOWS\Mixer.exe[376] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 03B38B59 .text C:\WINDOWS\Mixer.exe[376] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 03B32C8D .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00150317 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00150095 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00150275 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00150468 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00146F55 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00146ED7 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0015EF33 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00146F16 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0014A562 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0014A5B2 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0014A4C3 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00159768 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00159802 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 001593F6 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00159446 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 001594F0 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0014A58A .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00159854 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00159464 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00146DCC .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 00146E3C .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0014A395 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0014A363 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0015969A .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0014A5DD .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00146F95 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 001596E3 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 001594AA .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0014A419 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0014A473 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 00146E7C .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 001597B5 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00147028 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0015957C .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0015960E .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0015F0A0 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00159536 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 001595C5 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00159654 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0014A3DC .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00158ACD .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WS2_32.dll!send 71A14C27 5 Bytes JMP 00158B1F .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00158C13 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00158BCB .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00158B59 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00152C8D .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0015006E .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 0014FF28 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0014FFE9 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0014FEE5 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0014FFB8 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0014FCF9 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00150056 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0014FD50 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0014FF69 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0015003E .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0014FE46 .text C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe[1032] WININET.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0014FDA7 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00D90317 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00D90095 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00D90275 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D90468 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00D86F55 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00D86ED7 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00D9EF33 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00D86F16 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00D8A562 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00D8A5B2 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00D8A4C3 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00D99768 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00D99802 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 00D993F6 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00D99446 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 00D994F0 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 00D8A58A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00D99854 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00D99464 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00D86DCC .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 00D86E3C .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 00D8A395 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 00D8A363 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 00D9969A .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 00D8A5DD .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00D86F95 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 00D996E3 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 00D994AA .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 00D8A419 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 00D8A473 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 00D86E7C .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 00D997B5 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00D87028 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 00D9957C .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 00D9960E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 00D9F0A0 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00D99536 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 00D995C5 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00D99654 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 00D8A3DC .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!InternetSetOptionA 408C3302 5 Bytes JMP 00D9006E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 00D8FF28 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 00D8FFE9 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 00D8FEE5 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 00D8FFB8 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 00D8FCF9 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00D90056 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 00D8FD50 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 00D8FF69 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 00D9003E .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 00D8FE46 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] WININET.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 00D8FDA7 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00D98ACD .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ws2_32.dll!send 71A14C27 5 Bytes JMP 00D98B1F .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00D98C13 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ws2_32.dll!recv 71A1676F 5 Bytes JMP 00D98BCB .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 00D98B59 .text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[1108] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00D92C8D .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 01080317 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 01080095 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 01080275 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01080468 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 01076F55 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 01076ED7 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0108EF33 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 01076F16 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0107A562 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0107A5B2 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0107A4C3 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01089768 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 01089802 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 010893F6 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 01089446 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 010894F0 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0107A58A .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 01089854 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 01089464 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 01076DCC .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 01076E3C .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0107A395 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0107A363 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0108969A .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0107A5DD .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 01076F95 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 010896E3 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 010894AA .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0107A419 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0107A473 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 01076E7C .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 010897B5 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 01077028 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0108957C .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0108960E .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0108F0A0 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 01089536 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 010895C5 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 01089654 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0107A3DC .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0108006E .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 0107FF28 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0107FFE9 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0107FEE5 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0107FFB8 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0107FCF9 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 01080056 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0107FD50 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0107FF69 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0108003E .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0107FE46 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] wininet.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0107FDA7 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01088ACD .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ws2_32.dll!send 71A14C27 5 Bytes JMP 01088B1F .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01088C13 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ws2_32.dll!recv 71A1676F 5 Bytes JMP 01088BCB .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 01088B59 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[1144] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 01082C8D .text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00DB0317 .text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00DB0095 .text C:\WINDOWS\system32\ctfmon.exe[1164] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00DB0275 .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\WINDOWS\system32\ctfmon.exe[1164] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00DB0468 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00DA6F55 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00DA6ED7 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00DBEF33 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00DA6F16 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00DAA562 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00DAA5B2 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 00DAA4C3 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00DB9768 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00DB9802 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 00DB93F6 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00DB9446 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 00DB94F0 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 00DAA58A .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00DB9854 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00DB9464 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00DA6DCC .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 00DA6E3C .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 00DAA395 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 00DAA363 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 00DB969A .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 00DAA5DD .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00DA6F95 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 00DB96E3 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 00DB94AA .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 00DAA419 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 00DAA473 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 00DA6E7C .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 00DB97B5 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00DA7028 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 00DB957C .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 00DB960E .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 00DBF0A0 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00DB9536 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 00DB95C5 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00DB9654 .text C:\WINDOWS\system32\ctfmon.exe[1164] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 00DAA3DC .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!InternetSetOptionA 408C3302 5 Bytes JMP 00DB006E .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 00DAFF28 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 00DAFFE9 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 00DAFEE5 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 00DAFFB8 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 00DAFCF9 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00DB0056 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 00DAFD50 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!InternetReadFileExA 408E3381 5 Bytes JMP 00DAFF69 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 00DB003E .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 00DAFE46 .text C:\WINDOWS\system32\ctfmon.exe[1164] wininet.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 00DAFDA7 .text C:\WINDOWS\system32\ctfmon.exe[1164] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00DB8ACD .text C:\WINDOWS\system32\ctfmon.exe[1164] ws2_32.dll!send 71A14C27 5 Bytes JMP 00DB8B1F .text C:\WINDOWS\system32\ctfmon.exe[1164] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00DB8C13 .text C:\WINDOWS\system32\ctfmon.exe[1164] ws2_32.dll!recv 71A1676F 5 Bytes JMP 00DB8BCB .text C:\WINDOWS\system32\ctfmon.exe[1164] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 00DB8B59 .text C:\WINDOWS\system32\ctfmon.exe[1164] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00DB2C8D .text C:\Programme\Messenger\msmsgs.exe[1308] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 01E30317 .text C:\Programme\Messenger\msmsgs.exe[1308] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 01E30095 .text C:\Programme\Messenger\msmsgs.exe[1308] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 01E30275 .text C:\Programme\Messenger\msmsgs.exe[1308] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Programme\Messenger\msmsgs.exe[1308] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01E30468 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 01E26F55 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 01E26ED7 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 01E3EF33 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 01E26F16 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 01E2A562 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 01E2A5B2 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 01E2A4C3 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01E39768 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 01E39802 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 01E393F6 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 01E39446 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 01E394F0 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 01E2A58A .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 01E39854 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 01E39464 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 01E26DCC .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 01E26E3C .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 01E2A395 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 01E2A363 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 01E3969A .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 01E2A5DD .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 01E26F95 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 01E396E3 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 01E394AA .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 01E2A419 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 01E2A473 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 01E26E7C .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 01E397B5 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 01E27028 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 01E3957C .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 01E3960E .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 01E3F0A0 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 01E39536 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 01E395C5 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 01E39654 .text C:\Programme\Messenger\msmsgs.exe[1308] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 01E2A3DC .text C:\Programme\Messenger\msmsgs.exe[1308] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01E38ACD .text C:\Programme\Messenger\msmsgs.exe[1308] WS2_32.dll!send 71A14C27 5 Bytes JMP 01E38B1F .text C:\Programme\Messenger\msmsgs.exe[1308] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01E38C13 .text C:\Programme\Messenger\msmsgs.exe[1308] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01E38BCB .text C:\Programme\Messenger\msmsgs.exe[1308] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 01E38B59 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!InternetSetOptionA 408C3302 5 Bytes JMP 01E3006E .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 01E2FF28 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 01E2FFE9 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 01E2FEE5 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 01E2FFB8 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 01E2FCF9 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 01E30056 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 01E2FD50 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 01E2FF69 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 01E3003E .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 01E2FE46 .text C:\Programme\Messenger\msmsgs.exe[1308] WININET.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 01E2FDA7 .text C:\Programme\Messenger\msmsgs.exe[1308] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 01E32C8D .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00E20317 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00E20095 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00E20275 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00E20468 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00E16F55 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetDC 7E3686C7 5 Bytes JMP 00E16ED7 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 00E2EF33 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetWindowDC 7E369021 5 Bytes JMP 00E16F16 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetMessageW 7E3691C6 5 Bytes JMP 00E1A562 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!PeekMessageW 7E36929B 5 Bytes JMP 00E1A5B2 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetCapture 7E3694DA 5 Bytes JMP 00E1A4C3 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00E29768 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00E29802 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 00E293F6 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00E29446 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 00E294F0 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetMessageA 7E37772B 5 Bytes JMP 00E1A58A .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00E29854 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00E29464 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00E16DCC .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!EndPaint 7E378FFD 5 Bytes JMP 00E16E3C .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetCursorPos 7E37974E 5 Bytes JMP 00E1A395 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetMessagePos 7E37996C 5 Bytes JMP 00E1A363 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 00E2969A .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!PeekMessageA 7E37A340 5 Bytes JMP 00E1A5DD .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00E16F95 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 00E296E3 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 00E294AA .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!SetCapture 7E37C35E 5 Bytes JMP 00E1A419 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 00E1A473 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetDCEx 7E37C595 5 Bytes JMP 00E16E7C .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 00E297B5 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00E17028 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefFrameProcW 7E380833 5 Bytes JMP 00E2957C .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 00E2960E .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 00E2F0A0 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00E29536 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 00E295C5 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00E29654 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] user32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 00E1A3DC .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00E28ACD .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WS2_32.dll!send 71A14C27 5 Bytes JMP 00E28B1F .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00E28C13 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00E28BCB .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00E28B59 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!InternetSetOptionA 408C3302 5 Bytes JMP 00E2006E .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 00E1FF28 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 00E1FFE9 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 00E1FEE5 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 00E1FFB8 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 00E1FCF9 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00E20056 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 00E1FD50 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 00E1FF69 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 00E2003E .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 00E1FE46 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] WININET.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 00E1FDA7 .text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1376] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00E22C8D .text C:\WINDOWS\system32\SearchIndexer.exe[1632] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 01970317 .text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 01970095 .text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 01970275 .text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01334745 .text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01970468 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 01966F55 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 01966ED7 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0197EF33 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 01966F16 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0196A562 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0196A5B2 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0196A4C3 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01979768 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 01979802 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 019793F6 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 01979446 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 019794F0 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0196A58A 2. teil des GMER-Textes: text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 01979854 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 01979464 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 01966DCC .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 01966E3C .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0196A395 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0196A363 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0197969A .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0196A5DD .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 01966F95 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 019796E3 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 019794AA .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0196A419 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0196A473 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 01966E7C .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 019797B5 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 01967028 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0197957C .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0197960E .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0197F0A0 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 01979536 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 019795C5 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 01979654 .text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0196A3DC .text C:\WINDOWS\Explorer.EXE[1952] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 01972C8D .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0197006E .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 0196FF28 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0196FFE9 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0196FEE5 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0196FFB8 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0196FCF9 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 01970056 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0196FD50 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0196FF69 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0197003E .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0196FE46 .text C:\WINDOWS\Explorer.EXE[1952] WININET.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0196FDA7 .text C:\WINDOWS\Explorer.EXE[1952] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01978ACD .text C:\WINDOWS\Explorer.EXE[1952] ws2_32.dll!send 71A14C27 5 Bytes JMP 01978B1F .text C:\WINDOWS\Explorer.EXE[1952] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01978C13 .text C:\WINDOWS\Explorer.EXE[1952] ws2_32.dll!recv 71A1676F 5 Bytes JMP 01978BCB .text C:\WINDOWS\Explorer.EXE[1952] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 01978B59 .text C:\Programme\Internet Explorer\iexplore.exe[2808] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00150317 .text C:\Programme\Internet Explorer\iexplore.exe[2808] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00150095 .text C:\Programme\Internet Explorer\iexplore.exe[2808] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00150275 .text C:\Programme\Internet Explorer\iexplore.exe[2808] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Programme\Internet Explorer\iexplore.exe[2808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003B91C8 .text C:\Programme\Internet Explorer\iexplore.exe[2808] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00150468 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00146F55 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00146ED7 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0015EF33 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00146F16 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0014A562 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0014A5B2 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0014A4C3 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00159768 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00159802 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 001593F6 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00159446 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 001594F0 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411954C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0014A58A .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00159854 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00159464 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00146DCC .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 00146E3C .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0014A395 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0014A363 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0015969A .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0014A5DD .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00146F95 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 001596E3 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 001594AA .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0014A419 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0014A473 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 00146E7C .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 001597B5 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00147028 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0015957C .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0015960E .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0015F0A0 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41364741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413647AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00159536 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 001595C5 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00159654 .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0014A3DC .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41364872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413646D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41364B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0015006E .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 0014FF28 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0014FFE9 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0014FEE5 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0014FFB8 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetConnectA 408CDEAE 5 Bytes JMP 003B8480 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0014FCF9 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetCrackUrlA 408D4928 5 Bytes JMP 003B8386 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetOpenA 408DD690 5 Bytes JMP 003B864F .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetOpenW 408DDB09 5 Bytes JMP 003B8661 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00150056 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0014FD50 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0014FF69 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0015003E .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0014FE46 .text C:\Programme\Internet Explorer\iexplore.exe[2808] wininet.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0014FDA7 .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 46CAE71D C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 46CAEEE9 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!socket 71A14211 5 Bytes JMP 46CAE59E C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!connect 71A14A07 5 Bytes JMP 46CAE62A C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!send 71A14C27 5 Bytes JMP 46CAE9ED C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00158C13 .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!recv 71A1676F 5 Bytes JMP 46CAF1C3 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2808] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00158B59 .text C:\Programme\Internet Explorer\iexplore.exe[2808] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00152C8D .text C:\Programme\Internet Explorer\iexplore.exe[2872] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00150317 .text C:\Programme\Internet Explorer\iexplore.exe[2872] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00150095 .text C:\Programme\Internet Explorer\iexplore.exe[2872] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00150275 .text C:\Programme\Internet Explorer\iexplore.exe[2872] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Programme\Internet Explorer\iexplore.exe[2872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003F91C8 .text C:\Programme\Internet Explorer\iexplore.exe[2872] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00150468 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00146F55 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00146ED7 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0015EF33 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00146F16 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0014A562 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0014A5B2 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0014A4C3 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00159768 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00159802 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 001593F6 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00159446 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 001594F0 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411954C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0014A58A .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00159854 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00159464 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00146DCC .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 00146E3C .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0014A395 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0014A363 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0015969A .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0014A5DD .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00146F95 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 001596E3 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 001594AA .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0014A419 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0014A473 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 00146E7C .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 001597B5 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00147028 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0015957C .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0015960E .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0015F0A0 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41364741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413647AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00159536 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 001595C5 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00159654 .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0014A3DC .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41364872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413646D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[2872] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00158ACD .text C:\Programme\Internet Explorer\iexplore.exe[2872] WS2_32.dll!send 71A14C27 5 Bytes JMP 00158B1F .text C:\Programme\Internet Explorer\iexplore.exe[2872] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00158C13 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00158BCB .text C:\Programme\Internet Explorer\iexplore.exe[2872] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00158B59 .text C:\Programme\Internet Explorer\iexplore.exe[2872] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00152C8D .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0015006E .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 0014FF28 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0014FFE9 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0014FEE5 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0014FFB8 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 003F8480 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0014FCF9 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetCrackUrlA 408D4928 5 Bytes JMP 003F8386 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetOpenA 408DD690 5 Bytes JMP 003F864F .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetOpenW 408DDB09 5 Bytes JMP 003F8661 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00150056 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0014FD50 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0014FF69 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0015003E .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0014FE46 .text C:\Programme\Internet Explorer\iexplore.exe[2872] WININET.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0014FDA7 .text C:\Programme\Internet Explorer\iexplore.exe[3252] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00150317 .text C:\Programme\Internet Explorer\iexplore.exe[3252] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00150095 .text C:\Programme\Internet Explorer\iexplore.exe[3252] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00150275 .text C:\Programme\Internet Explorer\iexplore.exe[3252] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Programme\Internet Explorer\iexplore.exe[3252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003791C8 .text C:\Programme\Internet Explorer\iexplore.exe[3252] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00150468 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00146F55 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00146ED7 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0015EF33 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00146F16 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0014A562 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0014A5B2 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0014A4C3 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00159768 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00159802 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 001593F6 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00159446 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 001594F0 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411954C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0014A58A .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00159854 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00159464 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00146DCC .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 00146E3C .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0014A395 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0014A363 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0015969A .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0014A5DD .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00146F95 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 001596E3 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 001594AA .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0014A419 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0014A473 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 00146E7C .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 001597B5 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00147028 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0015957C .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0015960E .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0015F0A0 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4136480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41364741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413647AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00159536 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 001595C5 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00159654 .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0014A3DC .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41364872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413646D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126DB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41364B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0015006E .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 0014FF28 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0014FFE9 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0014FEE5 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0014FFB8 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00378480 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0014FCF9 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetCrackUrlA 408D4928 5 Bytes JMP 00378386 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetOpenA 408DD690 5 Bytes JMP 0037864F .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetOpenW 408DDB09 5 Bytes JMP 00378661 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00150056 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0014FD50 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0014FF69 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0015003E .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0014FE46 .text C:\Programme\Internet Explorer\iexplore.exe[3252] wininet.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0014FDA7 .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 46CAE71D C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 46CAEEE9 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!socket 71A14211 5 Bytes JMP 46CAE59E C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!connect 71A14A07 5 Bytes JMP 46CAE62A C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!send 71A14C27 5 Bytes JMP 46CAE9ED C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00158C13 .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!recv 71A1676F 5 Bytes JMP 46CAF1C3 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Programme\Internet Explorer\iexplore.exe[3252] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00158B59 .text C:\Programme\Internet Explorer\iexplore.exe[3252] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00152C8D .text C:\WINDOWS\system32\wuauclt.exe[3664] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 01040317 .text C:\WINDOWS\system32\wuauclt.exe[3664] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 01040095 .text C:\WINDOWS\system32\wuauclt.exe[3664] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 01040275 .text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\WINDOWS\system32\wuauclt.exe[3664] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 01040468 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 01036F55 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 01036ED7 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0104EF33 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 01036F16 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0103A562 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0103A5B2 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0103A4C3 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 01049768 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 01049802 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 010493F6 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 01049446 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 010494F0 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0103A58A .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 01049854 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 01049464 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 01036DCC .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 01036E3C .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0103A395 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0103A363 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0104969A .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0103A5DD .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 01036F95 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 010496E3 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 010494AA .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0103A419 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0103A473 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 01036E7C .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 010497B5 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 01037028 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0104957C .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0104960E .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0104F0A0 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 01049536 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 010495C5 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 01049654 .text C:\WINDOWS\system32\wuauclt.exe[3664] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0103A3DC .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0104006E .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 0103FF28 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0103FFE9 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0103FEE5 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0103FFB8 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0103FCF9 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 01040056 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0103FD50 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0103FF69 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0104003E .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0103FE46 .text C:\WINDOWS\system32\wuauclt.exe[3664] wininet.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0103FDA7 .text C:\WINDOWS\system32\wuauclt.exe[3664] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01048ACD .text C:\WINDOWS\system32\wuauclt.exe[3664] ws2_32.dll!send 71A14C27 5 Bytes JMP 01048B1F .text C:\WINDOWS\system32\wuauclt.exe[3664] ws2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01048C13 .text C:\WINDOWS\system32\wuauclt.exe[3664] ws2_32.dll!recv 71A1676F 5 Bytes JMP 01048BCB .text C:\WINDOWS\system32\wuauclt.exe[3664] ws2_32.dll!WSASend 71A168FA 5 Bytes JMP 01048B59 .text C:\WINDOWS\system32\wuauclt.exe[3664] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 01042C8D .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] ntdll.dll!NtCreateFile 7C91D0AE 5 Bytes JMP 00150317 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] ntdll.dll!NtCreateThread 7C91D1AE 5 Bytes JMP 00150095 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 00150275 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] kernel32.dll!VirtualFreeEx + 44 7C809BE6 1 Byte [40] .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00150468 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!ReleaseDC 7E36869D 5 Bytes JMP 00146F55 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetDC 7E3686C7 5 Bytes JMP 00146ED7 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!TranslateMessage 7E368BF6 5 Bytes JMP 0015EF33 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetWindowDC 7E369021 5 Bytes JMP 00146F16 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 0014A562 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 0014A5B2 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetCapture 7E3694DA 5 Bytes JMP 0014A4C3 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!RegisterClassW 7E36A39A 5 Bytes JMP 00159768 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!RegisterClassExW 7E36AF7F 5 Bytes JMP 00159802 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!OpenInputDesktop 7E36ECA3 5 Bytes JMP 001593F6 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!SwitchDesktop 7E36FE6E 5 Bytes JMP 00159446 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefDlgProcW 7E373D3A 5 Bytes JMP 001594F0 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 0014A58A .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 00159854 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefWindowProcW 7E378D20 5 Bytes JMP 00159464 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!BeginPaint 7E378FE9 5 Bytes JMP 00146DCC .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!EndPaint 7E378FFD 5 Bytes JMP 00146E3C .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0014A395 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetMessagePos 7E37996C 5 Bytes JMP 0014A363 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!CallWindowProcW 7E37A01E 5 Bytes JMP 0015969A .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 0014A5DD .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetUpdateRect 7E37A8C9 5 Bytes JMP 00146F95 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!CallWindowProcA 7E37A97D 5 Bytes JMP 001596E3 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefWindowProcA 7E37C17E 5 Bytes JMP 001594AA .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 0014A419 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 0014A473 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetDCEx 7E37C595 5 Bytes JMP 00146E7C .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!RegisterClassA 7E37EA5E 5 Bytes JMP 001597B5 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetUpdateRgn 7E37F5EC 5 Bytes JMP 00147028 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefFrameProcW 7E380833 5 Bytes JMP 0015957C .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefMDIChildProcW 7E380A47 5 Bytes JMP 0015960E .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 0015F0A0 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefDlgProcA 7E38E577 5 Bytes JMP 00159536 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefFrameProcA 7E39F965 5 Bytes JMP 001595C5 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!DefMDIChildProcA 7E39F9B4 5 Bytes JMP 00159654 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 0014A3DC .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!InternetSetOptionA 408C3302 5 Bytes JMP 0015006E .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!InternetReadFile 408C654B 5 Bytes JMP 0014FF28 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!HttpQueryInfoA 408C878D 5 Bytes JMP 0014FFE9 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!InternetCloseHandle 408C9088 5 Bytes JMP 0014FEE5 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!InternetQueryDataAvailable 408CBF7F 5 Bytes JMP 0014FFB8 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!HttpSendRequestW 408CFABE 5 Bytes JMP 0014FCF9 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!InternetSetStatusCallback 408DDCC8 5 Bytes JMP 00150056 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!HttpSendRequestA 408DEE89 5 Bytes JMP 0014FD50 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!InternetReadFileExA 408E3381 5 Bytes JMP 0014FF69 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!InternetSetStatusCallbackW 40926FD0 5 Bytes JMP 0015003E .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!HttpSendRequestExA 4093A70A 5 Bytes JMP 0014FE46 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] wininet.dll!HttpSendRequestExW 4093A763 5 Bytes JMP 0014FDA7 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00158ACD .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] WS2_32.dll!send 71A14C27 5 Bytes JMP 00158B1F .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00158C13 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00158BCB .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00158B59 .text C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe[3816] CRYPT32.dll!PFXImportCertStore 77ABFF8F 5 Bytes JMP 00152C8D ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
26.06.2011, 20:59 | #8 | |
/// TB-Ausbilder | trojaner an bord! online-banking gesperrt Hallo Thomas, Schritt # 1: Wichtige Hinweise Laut den vorhandenen Logfiles bist du seit Mitte Mai mit einem Trojaner infiziert, der Online-Passwörter ausspioniert. Ich empfehle dir die sofortige Änderung aller Passwörter von einem sicheren Rechner aus. Zitat:
Eine Bereinigung macht wenig Sinn, wenn du die Anleitungen nur halbherzig befolgst. Daher bitte ich dich, alle Schritte genau so durchzuführen, wie du sie hier vorfindest. Sollte es Probleme geben, so lass es mich bitte wissen. Schritt # 2: Registry Cleaner Ich sehe, dass Du sogenannte Registry Cleaner am System hast. In deinem Fall TuneUp Utilities 2008. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Schritt # 3: Add-ons in Firefox entfernen
Schritt # 4: Fix mit OTL
Code:
ATTFilter :OTL FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5018 [2011.06.15 20:20:23 | 000,000,000 | ---D | M] [2010.10.25 23:11:40 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.08.05 21:33:12 | 000,000,935 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\searchplugins\conduit.xml [2011.06.15 20:20:23 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5018 O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found. O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKCU..\Run: [{8F48A3C8-B867-6C6B-E368-15DDC3AF994D}] C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag\inojo.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe () [2011.06.15 20:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5018 [2011.06.10 15:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs [2011.06.10 15:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5017 [2011.06.08 15:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5016 [2011.06.08 15:24:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2011.06.08 15:24:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock [2011.05.13 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag @Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Thomas\Desktop\CWSysinfo.exe:SummaryInformation @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34 :commands [Purity] [Emptytemp]
Schritt # 5: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM) Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt # 6: aswMBR.exe ausführen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt # 7: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %PROGRAMFILES%\*. %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start explorer.exe regedit.exe winlogon.exe wininit.exe userinit.exe svchost.exe atapi.sys volsnap.sys /md5stop HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs CREATERESTOREPOINT
Schritt # 8: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
26.06.2011, 21:06 | #9 |
| trojaner an bord! online-banking gesperrt hallo m-k-d-b uiui, jede menge arbeit. das schaff ich heut nicht mehr. muss ich morgen machen. lustigerweise hats mir heut morgen das mozilla abgeschossen. mozilla.exe nicht auffindbar. deinstallieren in systemsteuerung ging auch nicht. habe gerade neu downgeloadet aber startet nicht durch wenn ich die setup machen will..... gruß thomas |
26.06.2011, 21:12 | #10 |
| trojaner an bord! online-banking gesperrt sodele, tune up ist schonmal weg. da ging die deinstallation. immerhin mal was... tom |
26.06.2011, 21:24 | #11 |
| trojaner an bord! online-banking gesperrt hallo, tune-up hab ich deinstalliert. wurde mir von meinem computerfuzzy-untermieter draufgemacht. mozilla lässt sich immer noch nicht deinst. ich mach dann den otl-fix noch. bis dann und vielen dank jetzt schon... gute nacht ciao tom |
26.06.2011, 21:28 | #12 |
/// TB-Ausbilder | trojaner an bord! online-banking gesperrt Hallo Thomas, Du hast eine heftige Infektion, es wundert mich sowieso, dass du noch normal booten kannst. Lass jetzt mal Mozilla/Firefox. Höchstwahrscheinlich wird die Malware den Zugriff blockieren. Führe alle Schritte durch und poste nacheinander alle gewünschten Informationen. Dann kanns morgen weitergehen. |
26.06.2011, 21:38 | #13 |
| trojaner an bord! online-banking gesperrt All processes killed ========== OTL ========== Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.selectedEngine Prefs.js: false removed from browser.search.update Prefs.js: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" removed from keyword.URL Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found. C:\WINDOWS\system32\5018\components folder moved successfully. C:\WINDOWS\system32\5018 folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\searchplugin folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\META-INF folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\lib folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\defaults folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\chrome folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\searchplugins\conduit.xml moved successfully. Folder C:\WINDOWS\SYSTEM32\5018\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{8F48A3C8-B867-6C6B-E368-15DDC3AF994D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F48A3C8-B867-6C6B-E368-15DDC3AF994D}\ not found. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag\inojo.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\appconf32.exe deleted successfully. File move failed. C:\WINDOWS\system32\appconf32.exe scheduled to be moved on reboot. Folder C:\WINDOWS\System32\5018\ not found. C:\WINDOWS\System32\UAs folder moved successfully. C:\WINDOWS\System32\5017\components folder moved successfully. C:\WINDOWS\System32\5017 folder moved successfully. C:\WINDOWS\System32\5016\components folder moved successfully. C:\WINDOWS\System32\5016 folder moved successfully. C:\WINDOWS\System32\xmldm folder moved successfully. C:\WINDOWS\System32\kock folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Henag folder moved successfully. ADS C:\Dokumente und Einstellungen\Thomas\Desktop\CWSysinfo.exe:SummaryInformation deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Thomas ->Temp folder emptied: 1743463 bytes ->Temporary Internet Files folder emptied: 161733942 bytes ->Java cache emptied: 102597653 bytes ->FireFox cache emptied: 58848236 bytes ->Flash cache emptied: 39925 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1139177 bytes %systemroot%\System32 .tmp files removed: 31479 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16864 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 311,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06262011_222443 Files\Folders moved on Reboot... C:\WINDOWS\system32\appconf32.exe moved successfully. Registry entries deleted on Reboot... noch ne frage: muss ich vor schritt 7 otl auch antivir deaktivieren? Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6955 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 26.06.2011 23:12:33 mbam-log-2011-06-26 (23-12-33).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146550 Laufzeit: 21 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\WINDOWS\system32\acroiehelpe035.dll (Trojan.Banker) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\linkrdr.AIEbho.1 (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\linkrdr.AIEbho (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{8F48A3C8-B867-6C6B-E368-15DDC3AF994D} (Trojan.ZbotR.Gen) -> Value: {8F48A3C8-B867-6C6B-E368-15DDC3AF994D} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully. Infizierte Dateien: c:\WINDOWS\system32\acroiehelpe035.dll (Trojan.Banker) -> Delete on reboot. c:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> Quarantined and deleted successfully. Run date: 2011-06-27 00:26:21 ----------------------------- 00:26:21.425 OS Version: Windows 5.1.2600 Service Pack 3 00:26:21.425 Number of processors: 1 586 0x602 00:26:21.425 ComputerName: THOMAS-PC UserName: Thomas 00:26:22.126 Initialize success 00:26:52.129 AVAST engine defs: 11062601 00:27:31.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 00:27:31.676 Disk 0 Vendor: Maxtor_91531U3 FA520S60 Size: 14655MB BusType: 3 00:27:31.686 Disk 0 MBR read successfully 00:27:31.686 Disk 0 MBR scan 00:27:31.686 Disk 0 unknown MBR code 00:27:31.706 Disk 0 scanning sectors +29993355 00:27:31.766 Disk 0 scanning C:\WINDOWS\system32\drivers 00:28:07.537 Service scanning 00:28:09.610 Disk 0 trace - called modules: 00:28:09.630 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys 00:28:09.630 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8973cab8] 00:28:09.630 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000052[0x89735f18] 00:28:09.630 5 ACPI.sys[f750d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89734940] 00:28:10.321 AVAST engine scan C:\WINDOWS 02:38:26.991 AVAST engine scan C:\Dokumente und Einstellungen\Thomas 02:46:04.529 AVAST engine scan C:\Dokumente und Einstellungen\All Users 02:47:39.716 Scan finished successfully 05:34:17.192 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\MBR.dat" 05:34:17.202 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\aswMBR.txt" OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2011 05:38:52 - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Dokumente und Einstellungen\Thomas\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,25 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 69,66% Memory free 1,48 Gb Paging File | 1,15 Gb Available in Paging File | 77,46% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 8,79 Gb Total Space | 0,18 Gb Free Space | 2,05% Space Free | Partition Type: NTFS Drive D: | 5,50 Gb Total Space | 4,05 Gb Free Space | 73,54% Space Free | Partition Type: FAT32 Drive E: | 197,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 465,76 Gb Total Space | 461,45 Gb Free Space | 99,07% Space Free | Partition Type: NTFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe PRC - [2011.04.27 14:50:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.27 18:57:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.03.27 17:00:00 | 000,057,344 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE PRC - [2002.10.15 19:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\WINDOWS\mixer.exe ========== Modules (SafeList) ========== MOD - [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe MOD - [2008.04.14 04:20:11 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.04.27 14:50:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.27 18:57:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.03.27 18:57:15 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.01.10 15:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.10.19 10:05:00 | 000,380,928 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) DRV - [2004.08.04 08:38:56 | 000,327,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa) DRV - [2002.11.18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2001.08.17 14:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.update: "" FF - prefs.js..browser.startup.homepage: "hxxp://web.de/fm?status=login-failed" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\mozilla\components [2009.09.07 11:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\mozilla\plugins [2009.09.07 11:52:30 | 000,000,000 | ---D | M] [2009.05.07 17:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Extensions [2011.06.26 22:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions [2009.09.03 09:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.30 21:15:14 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Mozilla\Firefox\Profiles\glvmmicv.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.09.07 11:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\THOMAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\GLVMMICV.DEFAULT\EXTENSIONS\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} [2009.01.19 23:22:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\WINDOWS\SYSTEM32\5018 [2009.12.04 16:30:30 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.01 16:34:18 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.12 19:54:14 | 000,000,000 | ---D | M] (Java Console) -- D:\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.04.15 17:37:50 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.)) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\RunOnce: [Shockwave Updater] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226429018769 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.11 20:09:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell - "" = AutoRun O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{520c9390-b055-11df-bbc9-001e58a1587d}\Shell\AutoRun\command - "" = G:\iStudio.exe O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011.06.26 22:55:30 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\aswMBR.exe [2011.06.26 22:46:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Malwarebytes [2011.06.26 22:45:48 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.06.26 22:45:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.06.26 22:45:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.06.26 22:45:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.06.26 22:45:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.26 22:43:58 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\mbam-setup-1.51.0.1200.exe [2011.06.26 22:24:43 | 000,000,000 | ---D | C] -- C:\_OTL [2011.06.26 22:11:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.06.26 16:23:20 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2011.06.25 14:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.06.19 17:44:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2011.06.19 17:41:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\.sol Editor [2011.06.19 17:41:09 | 000,000,000 | ---D | C] -- C:\Programme\Sol Edit ========== Files - Modified Within 30 Days ========== [2011.06.27 05:34:17 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\MBR.dat [2011.06.27 05:00:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.06.26 23:18:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.06.26 23:18:27 | 1341,689,856 | -HS- | M] () -- C:\hiberfil.sys [2011.06.26 22:55:34 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\aswMBR.exe [2011.06.26 22:45:49 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.26 22:43:59 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\mbam-setup-1.51.0.1200.exe [2011.06.26 17:03:11 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe [2011.06.26 16:23:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Thomas\Desktop\OTL.exe [2011.06.26 16:03:40 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.06.22 23:26:39 | 000,137,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.20 00:48:19 | 000,000,043 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.06.27 05:34:17 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\MBR.dat [2011.06.26 22:45:49 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.26 17:03:02 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas\Desktop\d1jo9i5w.exe [2011.06.10 19:11:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2011.03.27 16:00:13 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2010.07.16 19:45:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.16 17:04:44 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.03.28 11:53:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10QA4.INI [2009.12.10 17:36:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.11.26 16:47:19 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll [2009.11.26 16:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI [2009.04.14 18:53:54 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wiso.ini [2009.01.26 18:44:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Thomas.ini [2009.01.08 18:00:31 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008.11.30 14:49:11 | 000,000,250 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2008.11.12 22:16:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.12 00:07:12 | 000,000,888 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2008.11.12 00:07:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2008.11.11 23:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.11.11 22:44:21 | 000,137,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Thomas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.11 21:42:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.11.11 20:13:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.11.11 20:06:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.11.11 19:59:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.11.11 19:57:06 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2004.08.04 07:29:31 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2004.08.04 07:29:31 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys [2004.08.04 07:29:30 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2004.08.04 07:29:30 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys [2004.08.04 07:29:29 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys [2004.08.04 07:29:29 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2004.08.04 07:29:28 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2004.08.04 07:29:27 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2003.04.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003.04.02 14:00:00 | 000,473,624 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2003.04.02 14:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003.04.02 14:00:00 | 000,089,914 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2003.04.02 14:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003.04.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003.04.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.11.19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat [2002.11.19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat ========== LOP Check ========== [2010.02.25 14:51:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2009.04.14 18:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.05.03 12:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.06.26 21:55:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Arxop [2010.09.11 10:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Ashampoo [2009.04.14 18:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Buhl Data Service [2009.04.15 17:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Foxit [2010.07.29 17:31:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Foxit Software [2010.05.01 12:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\GrabPro [2010.06.03 09:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Orbit [2010.12.01 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\PriceGong [2008.11.11 22:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\TuneUp Software [2009.01.08 18:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\WEBDE [2008.11.12 14:53:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Windows Desktop Search [2008.11.12 21:25:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Windows Search [2011.06.27 05:00:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.26 22:32:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.03.18 19:02:47 | 000,000,000 | ---D | M] -- C:\Desktop [2008.11.11 20:15:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.07.05 19:58:54 | 000,000,000 | ---D | M] -- C:\Downloads [2010.02.06 13:32:17 | 000,000,000 | ---D | M] -- C:\LexmarkX1100 [2008.11.30 14:47:25 | 000,000,000 | ---D | M] -- C:\Lxk1100 [2008.11.11 22:32:11 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.06.01 13:13:39 | 000,000,000 | ---D | M] -- C:\Program Files [2011.06.26 22:45:40 | 000,000,000 | R--D | M] -- C:\Programme [2010.06.29 19:51:14 | 000,000,000 | ---D | M] -- C:\Real Alternative [2008.11.11 22:56:46 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2008.11.11 22:12:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.02.14 11:37:06 | 000,000,000 | ---D | M] -- C:\Tivola [2011.06.26 22:28:01 | 000,000,000 | ---D | M] -- C:\WINDOWS [2011.06.26 22:24:43 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2011.02.11 18:50:08 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2009.12.05 16:57:48 | 000,000,000 | ---D | M] -- C:\Programme\Canon [2008.11.11 20:06:30 | 000,000,000 | ---D | M] -- C:\Programme\ComPlus Applications [2010.10.25 23:11:46 | 000,000,000 | ---D | M] -- C:\Programme\Conduit [2009.11.26 16:47:31 | 000,000,000 | ---D | M] -- C:\Programme\directx [2010.01.17 15:24:35 | 000,000,000 | ---D | M] -- C:\Programme\EUROPA Multimedia [2010.07.27 23:01:08 | 000,000,000 | ---D | M] -- C:\Programme\Foxit Software [2011.06.26 22:11:32 | 000,000,000 | ---D | M] -- C:\Programme\Gemeinsame Dateien [2010.05.20 19:21:05 | 000,000,000 | ---D | M] -- C:\Programme\Google [2010.12.27 18:32:27 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2010.06.14 18:30:31 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2010.05.12 19:53:36 | 000,000,000 | ---D | M] -- C:\Programme\Java [2011.03.26 19:56:33 | 000,000,000 | ---D | M] -- C:\Programme\Lexmark X1100 Series [2011.06.26 22:45:52 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2009.02.04 21:34:49 | 000,000,000 | ---D | M] -- C:\Programme\MDIConvertor [2010.01.09 15:15:10 | 000,000,000 | ---D | M] -- C:\Programme\Messenger [2009.04.05 12:06:27 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft [2008.11.11 20:10:16 | 000,000,000 | ---D | M] -- C:\Programme\microsoft frontpage [2008.11.11 22:42:12 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2011.03.30 19:27:33 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight [2008.11.11 22:41:58 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio [2010.01.29 13:24:21 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works [2011.03.02 20:14:34 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2009.09.07 11:51:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2009.08.14 12:27:42 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2008.11.11 20:05:27 | 000,000,000 | ---D | M] -- C:\Programme\MSN Gaming Zone [2008.11.12 09:38:04 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2011.03.15 20:24:03 | 000,000,000 | ---D | M] -- C:\Programme\NetMeeting [2010.08.30 21:15:19 | 000,000,000 | ---D | M] -- C:\Programme\NOS [2008.11.11 20:05:40 | 000,000,000 | ---D | M] -- C:\Programme\Online Services [2008.11.11 20:08:10 | 000,000,000 | ---D | M] -- C:\Programme\Online-Dienste [2011.02.07 18:52:32 | 000,000,000 | ---D | M] -- C:\Programme\Outlook Express [2008.11.12 00:07:09 | 000,000,000 | ---D | M] -- C:\Programme\PCI Audio Applications [2009.08.14 12:27:24 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2010.12.05 12:26:16 | 000,000,000 | ---D | M] -- C:\Programme\Softonic_Deutsch [2011.06.19 17:41:10 | 000,000,000 | ---D | M] -- C:\Programme\Sol Edit [2008.11.11 20:15:54 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2009.06.11 18:12:38 | 000,000,000 | ---D | M] -- C:\Programme\Windows Desktop Search [2009.04.05 12:00:05 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive [2010.01.17 14:57:07 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Connect 2 [2011.03.25 22:09:58 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2008.11.12 01:09:44 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2008.11.11 20:05:41 | 000,000,000 | -H-D | M] -- C:\Programme\WindowsUpdate [2011.03.24 17:43:19 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR [2008.11.11 20:10:16 | 000,000,000 | ---D | M] -- C:\Programme\xerox Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: ATAPI.SYS > [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EXPLORER.EXE > [2004.08.04 09:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.04 09:58:09 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: SVCHOST.EXE > [2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\svchost.exe [2004.08.04 09:58:15 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VOLSNAP.SYS > [2008.04.14 03:52:02 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=A5A712F4E880874A477AF790B5186E1D -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys [2008.04.14 03:52:02 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=A5A712F4E880874A477AF790B5186E1D -- C:\WINDOWS\system32\drivers\volsnap.sys [2004.08.04 09:44:48 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=D6888520FF56D72A50437E371CA25FC9 -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys < MD5 for: WINLOGON.EXE > [2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-30 17:07:55 < > < End of report > |
27.06.2011, 13:12 | #14 | |
/// TB-Ausbilder | trojaner an bord! online-banking gesperrt Hallo Thomas, Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" File not found (No name found) -- C:\WINDOWS\SYSTEM32\5018 O4 - HKCU..\RunOnce: [Shockwave Updater] File not found [2010.12.01 00:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\PriceGong [2008.11.11 22:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\TuneUp Software [2011.06.27 05:00:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2010.10.25 23:11:46 | 000,000,000 | ---D | M] -- C:\Programme\Conduit [2010.12.05 12:26:16 | 000,000,000 | ---D | M] -- C:\Programme\Softonic_Deutsch :commands [Emptytemp]
Schritt # 2: Kontrolle mit VirusTotal Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Schritt # 3: Systemscan mit OTL
Code:
ATTFilter C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Arxop /S
Schritt # 4: Fragen beantworten Wir sind mit der Bereinigung zwar noch nicht fertig, aber ein kleiner Zwischenstand ist nie verkehrt:
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
27.06.2011, 18:24 | #15 |
| trojaner an bord! online-banking gesperrtCode:
ATTFilter All processes killed ========== OTL ========== Service NMIndexingService stopped successfully! Service NMIndexingService deleted successfully! Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&q=" removed from keyword.URL Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\PriceGong\Data folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\PriceGong folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Backups folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\TuneUp Software\TuneUp Utilities folder moved successfully. C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\TuneUp Software folder moved successfully. C:\WINDOWS\Tasks\1-Klick-Wartung.job moved successfully. C:\Programme\Conduit\Community Alerts folder moved successfully. C:\Programme\Conduit folder moved successfully. C:\Programme\Softonic_Deutsch folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Thomas ->Temp folder emptied: 41683317 bytes ->Temporary Internet Files folder emptied: 48837088 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 86,00 mb OTL by OldTimer - Version 3.2.24.1 log created on 06272011_171736 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
Themen zu trojaner an bord! online-banking gesperrt |
anruf, antivir, beseitigt, e-banking, erhalte, erhalten, gen, gesperrt, login-daten, netbios-ns, online-banking, problem, rechner, schei, thomas, troja, trojaner, warnungen |