| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner Logfiles Vista 32bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.11.2012, 21:41
| #1 |
| |  GVU Trojaner Logfiles Vista 32bit OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2012 09:05:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,36% Memory free
6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440,37 Gb Total Space | 268,06 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
Drive D: | 25,38 Gb Total Space | 12,12 Gb Free Space | 47,78% Space Free | Partition Type: FAT32
Computer Name: RONNY-PC | User Name: Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A7FB2F-8111-4A31-A412-A35DF6659B8D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0634C4BD-6C54-45C9-831E-D7603C260763}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{07F7D234-27AF-4722-84C9-070B53D1FCF6}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FD5BBD1-7B18-4975-ADE9-42764A6D6022}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{2F82DB99-C517-4D40-9125-7DE6D995B090}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B4DE7C5-7F8F-437A-BA64-7B911646A43B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E9690A4-F698-4212-AC65-F4FA115AD8D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{51D8A153-6BC4-4B38-81D2-817DA2970FE0}" = rport=137 | protocol=17 | dir=out | app=system |
"{54EFB16A-95AC-4010-92EA-EF9D7005D43B}" = lport=445 | protocol=6 | dir=in | app=system |
"{78D5811F-B4A2-4C01-88DC-4722E19450B2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{88E223B7-CE07-4998-80E8-180B4BF79078}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{B8C5FD8B-F612-4CB4-999C-DC99B81D4D52}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFDDC408-C657-4A9F-94C3-62889E93B9D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D9A449DF-C126-437A-AF12-263998AE0151}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026F1A75-F49E-4966-B6F7-F42939E85216}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{0E7FC604-C8E5-46C9-B35D-987F2F3AD9E2}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{17A4B851-556B-4BB4-AB60-2EDCC985A55B}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{1E9D60E1-9525-4A04-A26A-4658342C0C4A}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{1F66BBA1-16AF-46BB-8D96-AF3498F1E548}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{2A1AD889-0DF7-4B10-8377-450F03F5EF58}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{2B6A364F-FA43-4327-B28D-66302D9104F8}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{47C884D5-5046-4902-88C3-C3ACD3CC7D01}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{48AE8BA7-6AC6-4617-A6CD-9F1E11A29E05}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{57589A0A-CED9-49FF-9F5F-FFFA54977F84}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{57C89AE2-6171-4C57-A8EF-1BB20FA5B36F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{7E1DC8B1-D455-47F1-A6D8-74D24A6DC257}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F9B5DDE-565E-4D45-B5DC-45E112B40F33}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{95E471D9-2F3D-4CD4-8A04-BEDE690B092D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{961E2D57-B598-4B24-AB6E-BE41ECFD169B}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{9D4683EC-4107-44EA-9E2F-DB132EA4A78B}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{9F710A3A-9D97-4172-BA38-227A0C00F571}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AD4D1ADC-80B4-4734-A7DC-FA69F0D8EDC8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{B2F13807-F366-44EE-B49B-369C39C1894B}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{C0F8A6E7-8A3A-4F70-94F3-F2190C52D5BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE7678C4-ED6F-42DC-A7B7-1D38FF0B107A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DD51E01C-079E-4D66-9D5A-7778319AB82D}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{E29BC125-4BDE-4758-9750-ED78E1F582B9}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{FAA796D3-2DEA-4586-92FF-036175E69098}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{FDF5145F-7BE3-4D2A-A8A7-B6E47C756325}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"TCP Query User{41A7A2F9-A542-436C-B374-00BAAC56B826}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7FDADB65-4F0B-4320-A920-DEEB804A4E33}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DC19BBF7-CC66-461E-8EAF-DE9CD3630819}C:\users\ronny\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ronny\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3A3A7EE9-8EDD-412C-AF1C-07D61FECCBB8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B4C14862-8CE5-4678-88D8-067639B99C49}C:\users\ronny\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ronny\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F562BCC8-D051-4916-AEEF-8F715A2FA2C8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{072D086C-BE42-4276-B720-72A07F819B15}" = Free eXPert PDF Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Audacity_is1" = Audacity 2.0
"Badaboom" = Badaboom 1.1.1.194
"CloneSpy" = CloneSpy 2.62
"F-Secure Product 444" = Vodafone-Sicherheitspaket
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"Jewel Quest: Heritage" = Jewel Quest: Heritage (nur deinstallation)
"Magic DVD Copier_is1" = Magic DVD Copier V7.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP3-DJ_is1" = MP3-DJ 11.7.0
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"sm-un1.u32" = SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.11.2012 16:46:24 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 01:43:04 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 02:50:53 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 06:16:57 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 06:25:53 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 06:39:52 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 07:44:12 | Computer Name = Ronny-PC | Source = EventSystem | ID = 4609
Description =
Error - 09.11.2012 07:52:28 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 08:04:38 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 17:42:44 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:03 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:03 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:03 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
--- --- --- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-10 21:24:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60G
Running: cr909hmg.exe; Driver: C:\Users\Ronny\AppData\Local\Temp\kwlorpog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwCreateThread [0x98E75E8C]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwLoadDriver [0x98E761BC]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x98E75BCC]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwOpenSection [0x98E765EE]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwRenameKey [0x98E7788C]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x98E7643E]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSuspendProcess [0x98E75A4C]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSuspendThread [0x98E75EC0]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x98E76042]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwTerminateProcess [0x98E759A6]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwTerminateThread [0x98E75B06]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x98E75F86]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x98E75EA6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 826EC8E4 4 Bytes [8C, 5E, E7, 98] {MOV WORD [ESI-0x19], DS; CWDE }
.text ntkrnlpa.exe!KeSetEvent + 37D 826ECA40 4 Bytes [BC, 61, E7, 98]
.text ntkrnlpa.exe!KeSetEvent + 3AD 826ECA70 4 Bytes [CC, 5B, E7, 98] {INT 3 ; POP EBX; OUT 0x98, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3FD 826ECAC0 4 Bytes [EE, 65, E7, 98]
.text ntkrnlpa.exe!KeSetEvent + 515 826ECBD8 4 Bytes [8C, 78, E7, 98]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90E0B320, 0x3EEAF7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0021000C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0021100C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0021200C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0021300C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0021400C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0021500C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0021B00C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0021800C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0021600C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0021900C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0021700C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0021A00C
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 000A000C
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 000A100C
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 000A200C
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 000A300C
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 000A400C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 000A800C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 000A600C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 000A900C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 000A700C
.text C:\Windows\system32\wininit.exe[644] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 000A500C
.text C:\Windows\system32\wininit.exe[644] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 000AA00C
.text C:\Windows\system32\lsass.exe[704] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0004000C
.text C:\Windows\system32\lsass.exe[704] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0004100C
.text C:\Windows\system32\lsass.exe[704] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0004200C
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0004300C
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0004400C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0004800C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0004600C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0004900C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0004700C
.text C:\Windows\system32\lsass.exe[704] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0004500C
.text C:\Windows\system32\lsass.exe[704] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0004B00C
.text C:\Windows\system32\lsass.exe[704] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0004A00C
.text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0011000C
.text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0011100C
.text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0011200C
.text C:\Windows\system32\lsm.exe[712] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0011300C
.text C:\Windows\system32\lsm.exe[712] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0011400C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0011800C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0011600C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0011900C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0011700C
.text C:\Windows\system32\lsm.exe[712] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0011500C
.text C:\Windows\system32\lsm.exe[712] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0011A00C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 013E000C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 013E100C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 013E200C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 013E300C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 013E400C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 013E800C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 013E600C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 013E900C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 013E700C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 013E500C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 013EB00C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 013EA00C
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 001E000C
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 001E100C
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 001E200C
.text C:\Windows\system32\nvvsvc.exe[896] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0029000C
.text C:\Windows\system32\nvvsvc.exe[896] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0029100C
.text C:\Windows\system32\nvvsvc.exe[896] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0029200C
.text C:\Windows\system32\nvvsvc.exe[896] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0029300C
.text C:\Windows\system32\nvvsvc.exe[896] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0029400C
.text C:\Windows\system32\nvvsvc.exe[896] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0029500C
.text C:\Windows\system32\nvvsvc.exe[896] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0029B00C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0029800C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0029600C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0029900C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0029700C
.text C:\Windows\system32\nvvsvc.exe[896] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0029A00C
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0064000C
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0064100C
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0064200C
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 00A3000C
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 00A3100C
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 00A3200C
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0009100C
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0009200C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0063000C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0063100C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0063200C
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 00DA000C
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 00DA100C
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 00DA200C
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0033000C
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0033100C
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0033200C
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0008000C
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0008100C
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0008200C
.text C:\Windows\system32\winlogon.exe[1320] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 006F000C
.text C:\Windows\system32\winlogon.exe[1320] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 006F100C
.text C:\Windows\system32\winlogon.exe[1320] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 006F200C
.text C:\Windows\system32\winlogon.exe[1320] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 006F300C
.text C:\Windows\system32\winlogon.exe[1320] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 006F400C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 006F800C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 006F600C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 006F900C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 006F700C
.text C:\Windows\system32\winlogon.exe[1320] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 006F500C
.text C:\Windows\system32\winlogon.exe[1320] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 006FB00C
.text C:\Windows\system32\winlogon.exe[1320] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 006FA00C
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 008C000C
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 008C100C
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 008C200C
.text C:\Windows\system32\WLANExt.exe[1588] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0100000C
.text C:\Windows\system32\WLANExt.exe[1588] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0100100C
.text C:\Windows\system32\WLANExt.exe[1588] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0100200C
.text C:\Windows\system32\WLANExt.exe[1588] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0100300C
.text C:\Windows\system32\WLANExt.exe[1588] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0100400C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0100800C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0100600C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0100900C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0100700C
.text C:\Windows\system32\WLANExt.exe[1588] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0100500C
.text C:\Windows\system32\WLANExt.exe[1588] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0100B00C
.text C:\Windows\system32\WLANExt.exe[1588] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0100A00C
.text C:\Windows\system32\rundll32.exe[1616] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0033000C
.text C:\Windows\system32\rundll32.exe[1616] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0033100C
.text C:\Windows\system32\rundll32.exe[1616] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0033200C
.text C:\Windows\system32\rundll32.exe[1616] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0033300C
.text C:\Windows\system32\rundll32.exe[1616] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0033400C
.text C:\Windows\system32\rundll32.exe[1616] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0033500C
.text C:\Windows\system32\rundll32.exe[1616] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0033B00C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0033800C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0033600C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0033900C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0033700C
.text C:\Windows\system32\rundll32.exe[1616] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0033A00C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0097000C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0097100C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0097200C
.text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0097300C
.text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0097400C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0097800C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0097600C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0097900C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0097700C
.text C:\Windows\system32\taskeng.exe[1716] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0097500C
.text C:\Windows\system32\taskeng.exe[1716] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0097B00C
.text C:\Windows\system32\taskeng.exe[1716] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0097A00C
.text C:\Windows\system32\Dwm.exe[1728] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0007000C
.text C:\Windows\system32\Dwm.exe[1728] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0007100C
.text C:\Windows\system32\Dwm.exe[1728] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0007200C
.text C:\Windows\system32\Dwm.exe[1728] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0007300C
.text C:\Windows\system32\Dwm.exe[1728] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0007400C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0007800C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0007600C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0007900C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0007700C
.text C:\Windows\system32\Dwm.exe[1728] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0007500C
.text C:\Windows\system32\Dwm.exe[1728] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0007B00C
.text C:\Windows\system32\Dwm.exe[1728] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0007A00C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0057000C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0057100C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0057200C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0210000C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0210100C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0210200C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0210300C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0210400C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0210800C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0210600C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0210900C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0210700C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0210500C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0210B00C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0210A00C
.text C:\Windows\Explorer.EXE[2144] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0271000C
.text C:\Windows\Explorer.EXE[2144] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0271100C
.text C:\Windows\Explorer.EXE[2144] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0271200C
.text C:\Windows\Explorer.EXE[2144] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0271300C
.text C:\Windows\Explorer.EXE[2144] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0271400C
.text C:\Windows\Explorer.EXE[2144] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0271800C
.text C:\Windows\Explorer.EXE[2144] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0271600C
.text C:\WindowsR1NtCreateProcess 774A4304 5 Bytes JMP 004E000C
.text C:\Windows\system32\svchost.exe[2896] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 004E100C
.text C:\Windows\system32\svchost.exe[2896] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 004E200C
.text C:\Windows\tsnp2uvc.exe[2932] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 018D000C
.text C:\Windows\tsnp2uvc.exe[2932] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 018D100C
.text C:\Windows\tsnp2uvc.exe[2932] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 018D200C
.text C:\Windows\tsnp2uvc.exe[2932] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 018D300C
.text C:\Windows\tsnp2uvc.exe[2932] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 018D400C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 018D800C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 018D600C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 018D900C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 018D700C
.text C:\Windows\tsnp2uvc.exe[2932] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 018D500C
.text C:\Windows\tsnp2uvc.exe[2932] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 018DB00C
.text C:\Windows\tsnp2uvc.exe[2932] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 018DA00C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0092000C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0092100C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0092200C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0092300C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0092400C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0092800C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0092600C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0092900C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0092700C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0092500C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0092B00C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0092A00C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0162000C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0162100C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0162200C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0162300C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0162400C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0162500C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0162B00C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0162800C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0162600C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0162900C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0162700C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0162A00C
.text C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE[2996] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0351000C
.text C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE[2996] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0351100C
.text C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE[2996] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0351200C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0259000C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0259100C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0259200C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0259300C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0259400C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0259900C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0259700C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0259A00C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0259800C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0259500C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0259B00C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0259600C
.text C:\Windows\ehome\ehtray.exe[3076] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 003A000C
.text C:\Windows\ehome\ehtray.exe[3076] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 003A100C
.text C:\Windows\ehome\ehtray.exe[3076] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 003A200C
.text C:\Windows\ehome\ehtray.exe[3076] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 003A300C
.text C:\Windows\ehome\ehtray.exe[3076] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 003A400C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 003A800C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 003A600C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!CreateServiceW 75D99EB4 3 Bytes JMP 003A900C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!CreateServiceW + 4 75D99EB8 1 Byte [8A]
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 003A700C
.text C:\Windows\ehome\ehtray.exe[3076] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 003A500C
.text C:\Windows\ehome\ehtray.exe[3076] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 003AB00C
.text C:\Windows\ehome\ehtray.exe[3076] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 003AA00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 003F000C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 003F100C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 003F200C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 003F300C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 003F400C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 003F500C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 003FB00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 003F800C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 003F600C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 003F900C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 003F700C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 003FA00C
.text C:\Windows\system32\svchost.exe[3128] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 002F000C
.text C:\Windows\system32\svchost.exe[3128] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 002F100C
.text C:\Windows\system32\svchost.exe[3128] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 002F200C
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0008000C
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0008100C
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0008200C
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0206000C
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0206100C
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0206200C
.text C:\Windows\system32\SearchIndexer.exe[3220] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0206300C
.text C:\Windows\system32\SearchIndexer.exe[3220] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0206400C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0206800C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0206600C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0206900C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0206700C
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0206500C
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0206B00C
.text C:\Windows\system32\SearchIndexer.exe[3220] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0206A00C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 00B4000C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 00B4100C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 00B4200C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 00B4300C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 00B4400C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 00B4800C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 00B4600C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 00B4900C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 00B4700C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 00B4500C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 00B4B00C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 00B4A00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0039000C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0039100C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0039200C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0039300C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0039400C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0039500C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0039B00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0039800C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0039600C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0039900C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0039700C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0039A00C
.text C:\Windows\system32\WUDFHost.exe[3584] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0023000C
.text C:\Windows\system32\WUDFHost.exe[3584] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0023100C
.text C:\Windows\system32\WUDFHost.exe[3584] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0023200C
.text C:\Windows\system32\WUDFHost.exe[3584] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0023300C
.text C:\Windows\system32\WUDFHost.exe[3584] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0023400C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0023800C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0023600C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0023900C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0023700C
.text C:\Windows\system32\WUDFHost.exe[3584] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0023A00C
.text C:\Windows\system32\WUDFHost.exe[3584] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0023500C
.text C:\Windows\system32\WUDFHost.exe[3584] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0023B00C
.text C:\Windows\ehome\ehmsas.exe[3616] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 001A000C
.text C:\Windows\ehome\ehmsas.exe[3616] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 001A100C
.text C:\Windows\ehome\ehmsas.exe[3616] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 001A200C
.text C:\Windows\ehome\ehmsas.exe[3616] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 001A300C
.text C:\Windows\ehome\ehmsas.exe[3616] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 001A400C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 001A800C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 001A600C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 001A900C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 001A700C
.text C:\Windows\ehome\ehmsas.exe[3616] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 001A500C
.text C:\Windows\ehome\ehmsas.exe[3616] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 001AB00C
.text C:\Windows\ehome\ehmsas.exe[3616] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 001AA00C
.text C:\Windows\System32\mobsync.exe[3692] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 003B000C
.text C:\Windows\System32\mobsync.exe[3692] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 003B100C
.text C:\Windows\System32\mobsync.exe[3692] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 003B200C
.text C:\Windows\System32\mobsync.exe[3692] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 003B300C
.text C:\Windows\System32\mobsync.exe[3692] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 003B400C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 003B800C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 003B600C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 003B900C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 003B700C
.text C:\Windows\System32\mobsync.exe[3692] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 003B500C
.text C:\Windows\System32\mobsync.exe[3692] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 003BB00C
.text C:\Windows\System32\mobsync.exe[3692] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 003BA00C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0006000C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0006100C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0006200C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0006300C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0006400C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0006800C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0006600C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0006900C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0006700C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0006500C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0006A00C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0006B00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0033000C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0033100C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0033200C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0033300C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0033400C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0033500C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0033A00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0033800C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0033600C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0033900C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0033700C
.text C:\Windows\system32\taskeng.exe[5152] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 000D000C
.text C:\Windows\system32\taskeng.exe[5152] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 000D100C
.text C:\Windows\system32\taskeng.exe[5152] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 000D200C
.text C:\Windows\system32\taskeng.exe[5152] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 000D300C
.text C:\Windows\system32\taskeng.exe[5152] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 000D400C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 000D800C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 000D600C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 000D900C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 000D700C
.text C:\Windows\system32\taskeng.exe[5152] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 000D500C
.text C:\Windows\system32\taskeng.exe[5152] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 000DB00C
.text C:\Windows\system32\taskeng.exe[5152] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 000DA00C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0023000C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0023100C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0023200C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0023300C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0023400C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0023500C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0023A00C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0023800C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0023600C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0023900C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0023700C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0023B00C
---- EOF - GMER 1.0.15 ----
Hallo ins Forum, irgendwie fehlt mein Anschreiben. Wie auch immer, mich hat es Freitag mittag erwischt. Illegaler Download. Ich habe soweit alles erledigt, hoffentlich richtig. Ergebnisse oben. Für Hilfe wie es jetzt weitergeht wäre ich sehr dankbar. Danke im voraus. Liebe Grüße Ronny Windows Vista, 32bit, Google Chrom Browser ich benutze das Vodafone Sicherheitspaket F-Secure |
| Themen zu GVU Trojaner Logfiles Vista 32bit |
| adobe, audacity, autorun, bho, browser, defender, expert pdf, explorer, firefox, helper, home, homepage, install.exe, logfile, malwarebytes, microsoft, ntdll.dll, nvidia, object, picasa, programme, realtek, registry, scan, trojaner, usb, usb 2.0, vista, vodafone-sicherheitspaket, wmp |
Baum-Darstellung