| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner Logfiles Vista 32bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.11.2012, 21:41
| #1 |
| |  GVU Trojaner Logfiles Vista 32bit OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2012 09:05:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,36% Memory free
6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440,37 Gb Total Space | 268,06 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
Drive D: | 25,38 Gb Total Space | 12,12 Gb Free Space | 47,78% Space Free | Partition Type: FAT32
Computer Name: RONNY-PC | User Name: Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A7FB2F-8111-4A31-A412-A35DF6659B8D}" = lport=138 | protocol=17 | dir=in | app=system |
"{0634C4BD-6C54-45C9-831E-D7603C260763}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{07F7D234-27AF-4722-84C9-070B53D1FCF6}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FD5BBD1-7B18-4975-ADE9-42764A6D6022}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{2F82DB99-C517-4D40-9125-7DE6D995B090}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B4DE7C5-7F8F-437A-BA64-7B911646A43B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E9690A4-F698-4212-AC65-F4FA115AD8D0}" = lport=139 | protocol=6 | dir=in | app=system |
"{51D8A153-6BC4-4B38-81D2-817DA2970FE0}" = rport=137 | protocol=17 | dir=out | app=system |
"{54EFB16A-95AC-4010-92EA-EF9D7005D43B}" = lport=445 | protocol=6 | dir=in | app=system |
"{78D5811F-B4A2-4C01-88DC-4722E19450B2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{88E223B7-CE07-4998-80E8-180B4BF79078}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{B8C5FD8B-F612-4CB4-999C-DC99B81D4D52}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFDDC408-C657-4A9F-94C3-62889E93B9D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D9A449DF-C126-437A-AF12-263998AE0151}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026F1A75-F49E-4966-B6F7-F42939E85216}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{0E7FC604-C8E5-46C9-B35D-987F2F3AD9E2}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{17A4B851-556B-4BB4-AB60-2EDCC985A55B}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{1E9D60E1-9525-4A04-A26A-4658342C0C4A}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{1F66BBA1-16AF-46BB-8D96-AF3498F1E548}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{2A1AD889-0DF7-4B10-8377-450F03F5EF58}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{2B6A364F-FA43-4327-B28D-66302D9104F8}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{47C884D5-5046-4902-88C3-C3ACD3CC7D01}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{48AE8BA7-6AC6-4617-A6CD-9F1E11A29E05}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{57589A0A-CED9-49FF-9F5F-FFFA54977F84}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{57C89AE2-6171-4C57-A8EF-1BB20FA5B36F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{7E1DC8B1-D455-47F1-A6D8-74D24A6DC257}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F9B5DDE-565E-4D45-B5DC-45E112B40F33}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{95E471D9-2F3D-4CD4-8A04-BEDE690B092D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{961E2D57-B598-4B24-AB6E-BE41ECFD169B}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{9D4683EC-4107-44EA-9E2F-DB132EA4A78B}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{9F710A3A-9D97-4172-BA38-227A0C00F571}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AD4D1ADC-80B4-4734-A7DC-FA69F0D8EDC8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{B2F13807-F366-44EE-B49B-369C39C1894B}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{C0F8A6E7-8A3A-4F70-94F3-F2190C52D5BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE7678C4-ED6F-42DC-A7B7-1D38FF0B107A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DD51E01C-079E-4D66-9D5A-7778319AB82D}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{E29BC125-4BDE-4758-9750-ED78E1F582B9}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{FAA796D3-2DEA-4586-92FF-036175E69098}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{FDF5145F-7BE3-4D2A-A8A7-B6E47C756325}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"TCP Query User{41A7A2F9-A542-436C-B374-00BAAC56B826}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7FDADB65-4F0B-4320-A920-DEEB804A4E33}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DC19BBF7-CC66-461E-8EAF-DE9CD3630819}C:\users\ronny\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ronny\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3A3A7EE9-8EDD-412C-AF1C-07D61FECCBB8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B4C14862-8CE5-4678-88D8-067639B99C49}C:\users\ronny\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ronny\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F562BCC8-D051-4916-AEEF-8F715A2FA2C8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{072D086C-BE42-4276-B720-72A07F819B15}" = Free eXPert PDF Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Audacity_is1" = Audacity 2.0
"Badaboom" = Badaboom 1.1.1.194
"CloneSpy" = CloneSpy 2.62
"F-Secure Product 444" = Vodafone-Sicherheitspaket
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector 2011
"Jewel Quest: Heritage" = Jewel Quest: Heritage (nur deinstallation)
"Magic DVD Copier_is1" = Magic DVD Copier V7.1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP3-DJ_is1" = MP3-DJ 11.7.0
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"sm-un1.u32" = SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.11.2012 16:46:24 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 01:43:04 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 02:50:53 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 06:16:57 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 06:25:53 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 06:39:52 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 07:44:12 | Computer Name = Ronny-PC | Source = EventSystem | ID = 4609
Description =
Error - 09.11.2012 07:52:28 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 08:04:38 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 17:42:44 | Computer Name = Ronny-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:02 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:03 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:03 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 10.11.2012 02:37:03 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
--- --- --- GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-10 21:24:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60G
Running: cr909hmg.exe; Driver: C:\Users\Ronny\AppData\Local\Temp\kwlorpog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwCreateThread [0x98E75E8C]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwLoadDriver [0x98E761BC]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x98E75BCC]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwOpenSection [0x98E765EE]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwRenameKey [0x98E7788C]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x98E7643E]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSuspendProcess [0x98E75A4C]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSuspendThread [0x98E75EC0]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x98E76042]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwTerminateProcess [0x98E759A6]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwTerminateThread [0x98E75B06]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x98E75F86]
SSDT \??\C:\Program Files\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x98E75EA6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 826EC8E4 4 Bytes [8C, 5E, E7, 98] {MOV WORD [ESI-0x19], DS; CWDE }
.text ntkrnlpa.exe!KeSetEvent + 37D 826ECA40 4 Bytes [BC, 61, E7, 98]
.text ntkrnlpa.exe!KeSetEvent + 3AD 826ECA70 4 Bytes [CC, 5B, E7, 98] {INT 3 ; POP EBX; OUT 0x98, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3FD 826ECAC0 4 Bytes [EE, 65, E7, 98]
.text ntkrnlpa.exe!KeSetEvent + 515 826ECBD8 4 Bytes [8C, 78, E7, 98]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90E0B320, 0x3EEAF7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0021000C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0021100C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0021200C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0021300C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0021400C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0021500C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0021B00C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0021800C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0021600C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0021900C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0021700C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[552] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0021A00C
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 000A000C
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 000A100C
.text C:\Windows\system32\wininit.exe[644] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 000A200C
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 000A300C
.text C:\Windows\system32\wininit.exe[644] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 000A400C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 000A800C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 000A600C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 000A900C
.text C:\Windows\system32\wininit.exe[644] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 000A700C
.text C:\Windows\system32\wininit.exe[644] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 000A500C
.text C:\Windows\system32\wininit.exe[644] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 000AA00C
.text C:\Windows\system32\lsass.exe[704] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0004000C
.text C:\Windows\system32\lsass.exe[704] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0004100C
.text C:\Windows\system32\lsass.exe[704] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0004200C
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0004300C
.text C:\Windows\system32\lsass.exe[704] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0004400C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0004800C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0004600C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0004900C
.text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0004700C
.text C:\Windows\system32\lsass.exe[704] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0004500C
.text C:\Windows\system32\lsass.exe[704] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0004B00C
.text C:\Windows\system32\lsass.exe[704] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0004A00C
.text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0011000C
.text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0011100C
.text C:\Windows\system32\lsm.exe[712] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0011200C
.text C:\Windows\system32\lsm.exe[712] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0011300C
.text C:\Windows\system32\lsm.exe[712] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0011400C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0011800C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0011600C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0011900C
.text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0011700C
.text C:\Windows\system32\lsm.exe[712] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0011500C
.text C:\Windows\system32\lsm.exe[712] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0011A00C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 013E000C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 013E100C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 013E200C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 013E300C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 013E400C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 013E800C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 013E600C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 013E900C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 013E700C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 013E500C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 013EB00C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[732] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 013EA00C
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 001E000C
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 001E100C
.text C:\Windows\system32\svchost.exe[844] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 001E200C
.text C:\Windows\system32\nvvsvc.exe[896] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0029000C
.text C:\Windows\system32\nvvsvc.exe[896] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0029100C
.text C:\Windows\system32\nvvsvc.exe[896] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0029200C
.text C:\Windows\system32\nvvsvc.exe[896] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0029300C
.text C:\Windows\system32\nvvsvc.exe[896] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0029400C
.text C:\Windows\system32\nvvsvc.exe[896] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0029500C
.text C:\Windows\system32\nvvsvc.exe[896] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0029B00C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0029800C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0029600C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0029900C
.text C:\Windows\system32\nvvsvc.exe[896] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0029700C
.text C:\Windows\system32\nvvsvc.exe[896] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0029A00C
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0064000C
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0064100C
.text C:\Windows\system32\svchost.exe[924] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0064200C
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 00A3000C
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 00A3100C
.text C:\Windows\System32\svchost.exe[968] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 00A3200C
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0009000C
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0009100C
.text C:\Windows\System32\svchost.exe[1012] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0009200C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0063000C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0063100C
.text C:\Windows\System32\svchost.exe[1040] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0063200C
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 00DA000C
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 00DA100C
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 00DA200C
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0033000C
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0033100C
.text C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0033200C
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0008000C
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0008100C
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0008200C
.text C:\Windows\system32\winlogon.exe[1320] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 006F000C
.text C:\Windows\system32\winlogon.exe[1320] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 006F100C
.text C:\Windows\system32\winlogon.exe[1320] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 006F200C
.text C:\Windows\system32\winlogon.exe[1320] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 006F300C
.text C:\Windows\system32\winlogon.exe[1320] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 006F400C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 006F800C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 006F600C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 006F900C
.text C:\Windows\system32\winlogon.exe[1320] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 006F700C
.text C:\Windows\system32\winlogon.exe[1320] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 006F500C
.text C:\Windows\system32\winlogon.exe[1320] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 006FB00C
.text C:\Windows\system32\winlogon.exe[1320] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 006FA00C
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 008C000C
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 008C100C
.text C:\Windows\system32\svchost.exe[1388] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 008C200C
.text C:\Windows\system32\WLANExt.exe[1588] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0100000C
.text C:\Windows\system32\WLANExt.exe[1588] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0100100C
.text C:\Windows\system32\WLANExt.exe[1588] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0100200C
.text C:\Windows\system32\WLANExt.exe[1588] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0100300C
.text C:\Windows\system32\WLANExt.exe[1588] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0100400C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0100800C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0100600C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0100900C
.text C:\Windows\system32\WLANExt.exe[1588] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0100700C
.text C:\Windows\system32\WLANExt.exe[1588] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0100500C
.text C:\Windows\system32\WLANExt.exe[1588] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0100B00C
.text C:\Windows\system32\WLANExt.exe[1588] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0100A00C
.text C:\Windows\system32\rundll32.exe[1616] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0033000C
.text C:\Windows\system32\rundll32.exe[1616] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0033100C
.text C:\Windows\system32\rundll32.exe[1616] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0033200C
.text C:\Windows\system32\rundll32.exe[1616] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0033300C
.text C:\Windows\system32\rundll32.exe[1616] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0033400C
.text C:\Windows\system32\rundll32.exe[1616] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0033500C
.text C:\Windows\system32\rundll32.exe[1616] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0033B00C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0033800C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0033600C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0033900C
.text C:\Windows\system32\rundll32.exe[1616] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0033700C
.text C:\Windows\system32\rundll32.exe[1616] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0033A00C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0097000C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0097100C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0097200C
.text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0097300C
.text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0097400C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0097800C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0097600C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0097900C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0097700C
.text C:\Windows\system32\taskeng.exe[1716] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0097500C
.text C:\Windows\system32\taskeng.exe[1716] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0097B00C
.text C:\Windows\system32\taskeng.exe[1716] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0097A00C
.text C:\Windows\system32\Dwm.exe[1728] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0007000C
.text C:\Windows\system32\Dwm.exe[1728] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0007100C
.text C:\Windows\system32\Dwm.exe[1728] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0007200C
.text C:\Windows\system32\Dwm.exe[1728] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0007300C
.text C:\Windows\system32\Dwm.exe[1728] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0007400C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0007800C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0007600C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0007900C
.text C:\Windows\system32\Dwm.exe[1728] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0007700C
.text C:\Windows\system32\Dwm.exe[1728] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0007500C
.text C:\Windows\system32\Dwm.exe[1728] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0007B00C
.text C:\Windows\system32\Dwm.exe[1728] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0007A00C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0057000C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0057100C
.text C:\Windows\system32\svchost.exe[1904] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0057200C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0210000C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0210100C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0210200C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0210300C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0210400C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0210800C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0210600C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0210900C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0210700C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0210500C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0210B00C
.text C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe[2076] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0210A00C
.text C:\Windows\Explorer.EXE[2144] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0271000C
.text C:\Windows\Explorer.EXE[2144] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0271100C
.text C:\Windows\Explorer.EXE[2144] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0271200C
.text C:\Windows\Explorer.EXE[2144] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0271300C
.text C:\Windows\Explorer.EXE[2144] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0271400C
.text C:\Windows\Explorer.EXE[2144] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0271800C
.text C:\Windows\Explorer.EXE[2144] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0271600C
.text C:\WindowsR1NtCreateProcess 774A4304 5 Bytes JMP 004E000C
.text C:\Windows\system32\svchost.exe[2896] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 004E100C
.text C:\Windows\system32\svchost.exe[2896] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 004E200C
.text C:\Windows\tsnp2uvc.exe[2932] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 018D000C
.text C:\Windows\tsnp2uvc.exe[2932] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 018D100C
.text C:\Windows\tsnp2uvc.exe[2932] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 018D200C
.text C:\Windows\tsnp2uvc.exe[2932] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 018D300C
.text C:\Windows\tsnp2uvc.exe[2932] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 018D400C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 018D800C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 018D600C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 018D900C
.text C:\Windows\tsnp2uvc.exe[2932] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 018D700C
.text C:\Windows\tsnp2uvc.exe[2932] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 018D500C
.text C:\Windows\tsnp2uvc.exe[2932] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 018DB00C
.text C:\Windows\tsnp2uvc.exe[2932] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 018DA00C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0092000C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0092100C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0092200C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0092300C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0092400C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0092800C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0092600C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0092900C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0092700C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0092500C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0092B00C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2940] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0092A00C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0162000C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0162100C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0162200C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0162300C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0162400C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0162500C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0162B00C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0162800C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0162600C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0162900C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0162700C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2988] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0162A00C
.text C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE[2996] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0351000C
.text C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE[2996] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0351100C
.text C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE[2996] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0351200C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0259000C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0259100C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0259200C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0259300C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0259400C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0259900C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0259700C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0259A00C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0259800C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0259500C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0259B00C
.text C:\Program Files\Windows Sidebar\sidebar.exe[3068] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0259600C
.text C:\Windows\ehome\ehtray.exe[3076] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 003A000C
.text C:\Windows\ehome\ehtray.exe[3076] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 003A100C
.text C:\Windows\ehome\ehtray.exe[3076] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 003A200C
.text C:\Windows\ehome\ehtray.exe[3076] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 003A300C
.text C:\Windows\ehome\ehtray.exe[3076] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 003A400C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 003A800C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 003A600C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!CreateServiceW 75D99EB4 3 Bytes JMP 003A900C
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!CreateServiceW + 4 75D99EB8 1 Byte [8A]
.text C:\Windows\ehome\ehtray.exe[3076] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 003A700C
.text C:\Windows\ehome\ehtray.exe[3076] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 003A500C
.text C:\Windows\ehome\ehtray.exe[3076] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 003AB00C
.text C:\Windows\ehome\ehtray.exe[3076] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 003AA00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 003F000C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 003F100C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 003F200C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 003F300C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 003F400C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 003F500C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 003FB00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 003F800C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 003F600C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 003F900C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 003F700C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Software.exe[3100] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 003FA00C
.text C:\Windows\system32\svchost.exe[3128] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 002F000C
.text C:\Windows\system32\svchost.exe[3128] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 002F100C
.text C:\Windows\system32\svchost.exe[3128] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 002F200C
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0008000C
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0008100C
.text C:\Windows\System32\svchost.exe[3176] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0008200C
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0206000C
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0206100C
.text C:\Windows\system32\SearchIndexer.exe[3220] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0206200C
.text C:\Windows\system32\SearchIndexer.exe[3220] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0206300C
.text C:\Windows\system32\SearchIndexer.exe[3220] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0206400C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0206800C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0206600C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0206900C
.text C:\Windows\system32\SearchIndexer.exe[3220] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0206700C
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0206500C
.text C:\Windows\system32\SearchIndexer.exe[3220] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0206B00C
.text C:\Windows\system32\SearchIndexer.exe[3220] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0206A00C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 00B4000C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 00B4100C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 00B4200C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 00B4300C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 00B4400C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 00B4800C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 00B4600C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 00B4900C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 00B4700C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 00B4500C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 00B4B00C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3252] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 00B4A00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0039000C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0039100C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0039200C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0039300C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0039400C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0039500C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0039B00C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0039800C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0039600C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0039900C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0039700C
.text C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe[3264] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0039A00C
.text C:\Windows\system32\WUDFHost.exe[3584] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0023000C
.text C:\Windows\system32\WUDFHost.exe[3584] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0023100C
.text C:\Windows\system32\WUDFHost.exe[3584] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0023200C
.text C:\Windows\system32\WUDFHost.exe[3584] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0023300C
.text C:\Windows\system32\WUDFHost.exe[3584] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0023400C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0023800C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0023600C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0023900C
.text C:\Windows\system32\WUDFHost.exe[3584] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0023700C
.text C:\Windows\system32\WUDFHost.exe[3584] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0023A00C
.text C:\Windows\system32\WUDFHost.exe[3584] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0023500C
.text C:\Windows\system32\WUDFHost.exe[3584] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0023B00C
.text C:\Windows\ehome\ehmsas.exe[3616] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 001A000C
.text C:\Windows\ehome\ehmsas.exe[3616] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 001A100C
.text C:\Windows\ehome\ehmsas.exe[3616] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 001A200C
.text C:\Windows\ehome\ehmsas.exe[3616] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 001A300C
.text C:\Windows\ehome\ehmsas.exe[3616] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 001A400C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 001A800C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 001A600C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 001A900C
.text C:\Windows\ehome\ehmsas.exe[3616] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 001A700C
.text C:\Windows\ehome\ehmsas.exe[3616] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 001A500C
.text C:\Windows\ehome\ehmsas.exe[3616] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 001AB00C
.text C:\Windows\ehome\ehmsas.exe[3616] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 001AA00C
.text C:\Windows\System32\mobsync.exe[3692] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 003B000C
.text C:\Windows\System32\mobsync.exe[3692] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 003B100C
.text C:\Windows\System32\mobsync.exe[3692] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 003B200C
.text C:\Windows\System32\mobsync.exe[3692] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 003B300C
.text C:\Windows\System32\mobsync.exe[3692] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 003B400C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 003B800C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 003B600C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 003B900C
.text C:\Windows\System32\mobsync.exe[3692] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 003B700C
.text C:\Windows\System32\mobsync.exe[3692] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 003B500C
.text C:\Windows\System32\mobsync.exe[3692] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 003BB00C
.text C:\Windows\System32\mobsync.exe[3692] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 003BA00C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0006000C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0006100C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0006200C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0006300C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0006400C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0006800C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0006600C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0006900C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0006700C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0006500C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0006A00C
.text C:\Program Files\Windows Media Player\wmplayer.exe[4344] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0006B00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0033000C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0033100C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0033200C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0033300C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0033400C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0033500C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0033A00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0033800C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0033600C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0033900C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4520] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0033700C
.text C:\Windows\system32\taskeng.exe[5152] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 000D000C
.text C:\Windows\system32\taskeng.exe[5152] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 000D100C
.text C:\Windows\system32\taskeng.exe[5152] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 000D200C
.text C:\Windows\system32\taskeng.exe[5152] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 000D300C
.text C:\Windows\system32\taskeng.exe[5152] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 000D400C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 000D800C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 000D600C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 000D900C
.text C:\Windows\system32\taskeng.exe[5152] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 000D700C
.text C:\Windows\system32\taskeng.exe[5152] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 000D500C
.text C:\Windows\system32\taskeng.exe[5152] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 000DB00C
.text C:\Windows\system32\taskeng.exe[5152] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 000DA00C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ntdll.dll!NtCreateProcess 774A4304 5 Bytes JMP 0023000C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ntdll.dll!NtCreateProcessEx 774A4314 5 Bytes JMP 0023100C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ntdll.dll!NtCreateUserProcess 774A5674 5 Bytes JMP 0023200C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] kernel32.dll!LoadLibraryExW 75B2927C 5 Bytes JMP 0023300C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] kernel32.dll!TerminateThread 75B44413 5 Bytes JMP 0023400C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] USER32.dll!SetWindowsHookExW 75CB87AD 5 Bytes JMP 0023500C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] USER32.dll!DdeConnect 75CF9A1F 5 Bytes JMP 0023A00C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!CloseServiceHandle 75D782A5 5 Bytes JMP 0023800C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!OpenServiceW 75D78354 5 Bytes JMP 0023600C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!CreateServiceW 75D99EB4 5 Bytes JMP 0023900C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ADVAPI32.dll!ControlService 75D99FB8 5 Bytes JMP 0023700C
.text C:\Users\Ronny\Desktop\cr909hmg.exe[5308] ole32.dll!CoCreateInstanceEx 76FF9F81 5 Bytes JMP 0023B00C
---- EOF - GMER 1.0.15 ----
Hallo ins Forum, irgendwie fehlt mein Anschreiben. Wie auch immer, mich hat es Freitag mittag erwischt. Illegaler Download. Ich habe soweit alles erledigt, hoffentlich richtig. Ergebnisse oben. Für Hilfe wie es jetzt weitergeht wäre ich sehr dankbar. Danke im voraus. Liebe Grüße Ronny Windows Vista, 32bit, Google Chrom Browser ich benutze das Vodafone Sicherheitspaket F-Secure |
|
11.11.2012, 17:41
| #2 |
| /// Helfer-Team  | GVU Trojaner Logfiles Vista 32bit OTL.txt fehlt!
__________________ |
|
12.11.2012, 21:20
| #3 |
| | GVU Trojaner Logfiles Vista 32bit OTL logfile created on: 10.11.2012 09:05:36 - Run 1
__________________OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronny\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,36% Memory free 6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 268,06 Gb Free Space | 60,87% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,12 Gb Free Space | 47,78% Space Free | Partition Type: FAT32 Computer Name: RONNY-PC | User Name: Ronny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.10 09:04:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronny\Desktop\OTL.exe PRC - [2012.11.01 09:43:14 | 001,011,256 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fssm32.exe PRC - [2012.11.01 09:43:14 | 000,605,752 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32.exe PRC - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe PRC - [2012.10.01 02:15:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.11.08 12:28:52 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsav32.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.23 20:18:55 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe PRC - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2009.08.05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSMA32.EXE PRC - [2009.08.05 16:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSM32.EXE PRC - [2009.08.05 16:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSHDLL32.EXE PRC - [2009.08.05 16:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\FWES\program\fsdfwd.exe PRC - [2009.08.05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ========== Modules (No Company Name) ========== MOD - [2009.08.05 16:59:02 | 000,001,536 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSPC\fspcfsm.eng MOD - [2009.08.05 16:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\vodafone-sicherheitspaket\hips\fshook32.dll MOD - [2009.08.05 16:57:04 | 000,081,920 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\strres.eng MOD - [2009.08.05 16:56:56 | 000,920,160 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\gres.dll MOD - [2009.08.05 16:56:50 | 000,143,360 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\flyerres.eng MOD - [2009.08.05 16:56:50 | 000,045,056 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\fsavures.eng MOD - [2009.08.05 16:56:32 | 000,838,240 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\about.dll MOD - [2009.08.05 16:56:32 | 000,088,672 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\aboutres.dll MOD - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe MOD - [2008.04.30 19:22:34 | 000,057,344 | ---- | M] () -- C:\Programme\Common Files\Intel\WirelessCommon\CustomUIResource.dll MOD - [2008.03.04 12:11:54 | 000,856,576 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]_Software.dll MOD - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ========== Services (SafeList) ========== SRV - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service) SRV - [2012.10.09 05:51:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.01 02:15:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.23 20:18:55 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Programme\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2009.08.05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSMA32.EXE -- (FSMA) SRV - [2009.08.05 16:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Programme\Vodafone-Sicherheitspaket\FWES\program\fsdfwd.exe -- (FSDFWD) SRV - [2009.08.05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) [verify-U]) [verify-U]-Service [Auto | Running] -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe -- ([verify-U]) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:\uxddrv86.sys -- (uxddrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.11.01 09:43:45 | 000,144,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.18 08:33:10 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts) DRV - [2011.11.02 12:40:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2011.10.30 22:42:55 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES) DRV - [2010.06.23 09:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009.08.05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Programme\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009.08.05 16:57:20 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2009.08.05 16:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009.02.10 06:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.12.29 18:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.09.24 16:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2007.11.07 15:21:18 | 000,016,128 | ---- | M] (Cybits AG) [verify-U]_System) [verify-U]_System [Kernel | System | Running] -- C:\Windows\System32\drivers\[verify-U]-driver.sys -- ([verify-U]_System) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2481020 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 40 48 6B 28 B6 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6E5510EA-3F8A-4824-9002-D41CBEEC6864}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Vodafone-Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.10.08 05:56:20 | 000,000,000 | ---D | M] [2011.10.24 22:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.13 20:54:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.21 13:22:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.04.29 12:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll [2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ronny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Bejeweled 2 = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\akphcmbagmeiogjbadpijeijneplndlm\0.1.0.6_0\ CHR - Extension: YouTube = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Full Screen Weather = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\ CHR - Extension: Online Radio Tuner = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpobelkpbpmdlcgepdmlcegedjcmmge\0.1.0.6_0\ CHR - Extension: Google Docs Viewer f\u00FCr PDF/PowerPoint (von Google) = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\ CHR - Extension: Google Mail = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found. O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKStatusMonitor] C:\Programme\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Vodafone-Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E684673-6CBF-43A7-903B-EBBCB66E0805}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB66285-08B6-4B72-978C-B4239F6633F5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ronny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ronny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/c |
|
12.11.2012, 21:24
| #4 |
| /// Helfer-Team | GVU Trojaner Logfiles Vista 32bit Es ist unvollstaendig. |
|
13.11.2012, 21:11
| #5 |
| | GVU Trojaner Logfiles Vista 32bit OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2012 09:05:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronny\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,36% Memory free 6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 268,06 Gb Free Space | 60,87% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,12 Gb Free Space | 47,78% Space Free | Partition Type: FAT32 Computer Name: RONNY-PC | User Name: Ronny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.10 09:04:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronny\Desktop\OTL.exe PRC - [2012.11.01 09:43:14 | 001,011,256 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fssm32.exe PRC - [2012.11.01 09:43:14 | 000,605,752 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32.exe PRC - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe PRC - [2012.10.01 02:15:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.11.08 12:28:52 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsav32.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.23 20:18:55 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe PRC - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2009.08.05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSMA32.EXE PRC - [2009.08.05 16:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSM32.EXE PRC - [2009.08.05 16:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSHDLL32.EXE PRC - [2009.08.05 16:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\FWES\program\fsdfwd.exe PRC - [2009.08.05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ========== Modules (No Company Name) ========== MOD - [2009.08.05 16:59:02 | 000,001,536 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSPC\fspcfsm.eng MOD - [2009.08.05 16:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files\vodafone-sicherheitspaket\hips\fshook32.dll MOD - [2009.08.05 16:57:04 | 000,081,920 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\strres.eng MOD - [2009.08.05 16:56:56 | 000,920,160 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\gres.dll MOD - [2009.08.05 16:56:50 | 000,143,360 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\flyerres.eng MOD - [2009.08.05 16:56:50 | 000,045,056 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\fsavures.eng MOD - [2009.08.05 16:56:32 | 000,838,240 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\about.dll MOD - [2009.08.05 16:56:32 | 000,088,672 | ---- | M] () -- C:\Programme\Vodafone-Sicherheitspaket\FSGUI\aboutres.dll MOD - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe MOD - [2008.04.30 19:22:34 | 000,057,344 | ---- | M] () -- C:\Programme\Common Files\Intel\WirelessCommon\CustomUIResource.dll MOD - [2008.03.04 12:11:54 | 000,856,576 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]_Software.dll MOD - [2008.01.14 14:04:02 | 000,475,136 | ---- | M] () -- C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ========== Services (SafeList) ========== SRV - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service) SRV - [2012.10.09 05:51:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.01 02:15:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.23 20:18:55 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Programme\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2009.08.05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Common\FSMA32.EXE -- (FSMA) SRV - [2009.08.05 16:57:20 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Programme\Vodafone-Sicherheitspaket\FWES\program\fsdfwd.exe -- (FSDFWD) SRV - [2009.08.05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.01.28 11:23:14 | 000,143,360 | ---- | M] (Cybit AG) [verify-U]) [verify-U]-Service [Auto | Running] -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe -- ([verify-U]) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- F:\uxddrv86.sys -- (uxddrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.11.01 09:43:45 | 000,144,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.18 08:33:10 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fsbts.sys -- (fsbts) DRV - [2011.11.02 12:40:30 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2011.10.30 22:42:55 | 000,036,792 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fses.sys -- (FSES) DRV - [2010.06.23 09:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009.08.05 16:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Programme\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009.08.05 16:57:20 | 000,071,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2009.08.05 16:56:12 | 000,012,384 | ---- | M] () [Kernel | System | Running] -- C:\Programme\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009.02.10 06:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.12.29 18:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.09.24 16:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2007.11.07 15:21:18 | 000,016,128 | ---- | M] (Cybits AG) [verify-U]_System) [verify-U]_System [Kernel | System | Running] -- C:\Windows\System32\drivers\[verify-U]-driver.sys -- ([verify-U]_System) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2481020 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 40 48 6B 28 B6 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6E5510EA-3F8A-4824-9002-D41CBEEC6864}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ronny\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Vodafone-Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.10.08 05:56:20 | 000,000,000 | ---D | M] [2011.10.24 22:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.13 20:54:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.21 13:22:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.04.29 12:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll [2011.08.31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ronny\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Bejeweled 2 = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\akphcmbagmeiogjbadpijeijneplndlm\0.1.0.6_0\ CHR - Extension: YouTube = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Full Screen Weather = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\ CHR - Extension: Online Radio Tuner = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhpobelkpbpmdlcgepdmlcegedjcmmge\0.1.0.6_0\ CHR - Extension: Google Docs Viewer f\u00FCr PDF/PowerPoint (von Google) = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\ CHR - Extension: Google Mail = C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found. O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKStatusMonitor] C:\Programme\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Vodafone-Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Vodafone-Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E684673-6CBF-43A7-903B-EBBCB66E0805}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB66285-08B6-4B72-978C-B4239F6633F5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ronny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ronny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 09:04:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ronny\Desktop\OTL.exe [2012.11.09 13:22:48 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Malwarebytes [2012.11.09 13:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.09 13:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.09 13:21:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.09 13:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.28 08:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan ========== Files - Modified Within 30 Days ========== [2012.11.10 09:04:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronny\Desktop\OTL.exe [2012.11.10 09:02:42 | 000,000,000 | ---- | M] () -- C:\Users\Ronny\defogger_reenable [2012.11.10 08:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 08:49:14 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3590476037-3865012952-1902216093-1000Core.job [2012.11.10 08:49:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3590476037-3865012952-1902216093-1000UA.job [2012.11.10 08:45:19 | 000,002,046 | ---- | M] () -- C:\Users\Ronny\Desktop\Google Chrome.lnk [2012.11.10 08:44:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 07:36:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 07:36:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 00:03:07 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job [2012.11.09 22:49:58 | 000,635,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.09 22:49:58 | 000,603,124 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.09 22:49:58 | 000,129,698 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.09 22:49:58 | 000,107,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.09 22:42:21 | 000,101,683 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.09 22:42:11 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2012.11.09 13:22:06 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.09 11:25:40 | 000,101,683 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.10.28 11:47:27 | 000,033,792 | ---- | M] () -- C:\Users\Ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.13 19:52:31 | 403,582,115 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2012.11.10 09:02:42 | 000,000,000 | ---- | C] () -- C:\Users\Ronny\defogger_reenable [2012.11.09 13:22:06 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.09 13:04:07 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys [2012.10.03 21:46:13 | 000,000,001 | ---- | C] () -- C:\Windows\System32\au3305arc.dll [2012.10.03 21:46:10 | 000,000,066 | ---- | C] () -- C:\Windows\Arc DVD Copy.INI [2012.01.15 03:23:29 | 000,001,824 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini [2011.11.04 11:48:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.04 09:18:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.11.04 09:18:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.11.03 11:17:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.11.03 08:52:27 | 000,033,792 | ---- | C] () -- C:\Users\Ronny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.02 12:40:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WinIo.sys [2011.10.30 22:31:07 | 000,044,240 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2011.10.30 21:21:51 | 000,101,683 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.10.30 21:15:16 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2011.10.30 21:15:16 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2011.10.30 21:11:26 | 000,101,683 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.10.30 21:07:23 | 000,000,276 | R--- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2011.10.28 17:50:25 | 000,000,680 | ---- | C] () -- C:\Users\Ronny\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.08 16:12:52 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Amazon [2012.03.11 12:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Ashampoo [2012.10.03 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Audacity [2012.06.09 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Canneverbe Limited [2012.03.11 13:13:45 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\CloneSpy [2011.12.19 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\concept design [2012.10.04 17:16:44 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Downloaded Installations [2012.10.03 21:47:33 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\DVDVideoSoft [2011.11.06 10:26:00 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Expert PDF Reader [2012.03.02 05:03:38 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\F-Secure [2012.10.04 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\FileOpen [2012.10.04 17:27:51 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Nitro [2012.09.26 20:07:47 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\OpenCandy [2012.04.18 12:01:47 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\PeerNetworking [2012.05.03 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\SoftMaker [2011.11.04 12:52:23 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Temp [2012.03.08 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\Template [2012.09.26 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\Ronny\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report >  mennojetzt aber ... ... hoffentlich |
|
13.11.2012, 21:13
| #6 |
| /// Helfer-Team | GVU Trojaner Logfiles Vista 32bit http://www.trojaner-board.de/125889-...tml#post941532 Bitte das Malwarebytes Logfile posten! (Reiter Logberichte)
__________________ --> GVU Trojaner Logfiles Vista 32bit |
|
13.11.2012, 21:17
| #7 |
| | GVU Trojaner Logfiles Vista 32bit Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.09.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Ronny :: RONNY-PC [Administrator] Schutz: Aktiviert 09.11.2012 20:46:24 mbam-log-2012-11-09 (20-46-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 367448 Laufzeit: 1 Stunde(n), 47 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Ronny\AppData\Roaming\msconfig.dat (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ist es das? |
|
13.11.2012, 21:29
| #8 |
| /// Helfer-Team | GVU Trojaner Logfiles Vista 32bit Downloade Dir bitte AdwCleaner auf deinen Desktop.
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
14.11.2012, 21:29
| #9 |
| | GVU Trojaner Logfiles Vista 32bit # AdwCleaner v2.007 - Datei am 14/11/2012 um 21:19:38 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Ronny - RONNY-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Ronny\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\Plugins\npvsharetvplg.dll Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\ConduitEngine Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\Users\Ronny\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Ronny\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Ronny\AppData\LocalLow\PriceGong Ordner Gelöscht : C:\Users\Ronny\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2481020 Schlüssel Gelöscht : HKLM\Software\Conduit ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2481020 --> hxxp://www.google.com -\\ Google Chrome v23.0.1271.64 Datei : C:\Users\Ronny\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1693 octets] - [14/11/2012 21:19:38] ########## EOF - C:\AdwCleaner[S1].txt - [1753 octets] ########## Hab Probleme mit der Emisoft Anti-Malware. Habe das Programm gerade runtergeladen, beim Öffnen kommt aber die Meldung, das: "Es scheint, das dieses Programm bereits vorhanden ist. Geht nur mit der kostenpflichtigen Version etc. ... |
|
15.11.2012, 00:46
| #10 | |
| /// Helfer-Team | GVU Trojaner Logfiles Vista 32bitZitat:
|
|
15.11.2012, 08:56
| #11 |
| | GVU Trojaner Logfiles Vista 32bit Emsisoft Anti-Malware - Version 7.0 Letztes Update: 14.11.2012 22:11:28 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 14.11.2012 22:12:01 C:\Users\Ronny\Desktop\Neuer Ordner\tools\bin\zergRush gefunden: Android.Exploit.ZergRush.A (B) Gescannt 491896 Gefunden 1 Scan Ende: 14.11.2012 23:42:48 Scan Zeit: 1:30:47 habe den Freeware-Button nicht gesehen. Mt Brille wär das nicht passiert. |
|
15.11.2012, 11:21
| #12 |
| /// Helfer-Team | GVU Trojaner Logfiles Vista 32bit Sehr gut!  Lasse die Funde in Quarantaene verschieben, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
16.11.2012, 05:22
| #13 |
| | GVU Trojaner Logfiles Vista 32bit ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=abbe51c006f95f429ba8bd019a35f0c0 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-16 12:53:43 # local_time=2012-11-16 01:53:43 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=2304 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776573 100 100 135491 190548095 0 0 # compatibility_mode=8192 67108863 100 0 3714 3714 0 0 # scanned=183017 # found=3 # cleaned=3 # scan_time=11855 C:\Users\Ronny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SZM0CNXF\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Ronny\AppData\Local\Temp\V.class a variant of Java/Exploit.CVE-2011-3544.BQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Ronny\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\d935585-5c876a92 Java/Exploit.CVE-2012-0507.CY trojan (deleted - quarantined) 00000000000000000000000000000000 C |
|
16.11.2012, 23:51
| #14 |
| /// Helfer-Team | GVU Trojaner Logfiles Vista 32bit Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
17.11.2012, 08:14
| #15 |
| | GVU Trojaner Logfiles Vista 32bit PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Chrome 23.0.1271.64 ist aktuell Flash (11,5,31,2) ist aktuell. Java (1,7,0,9) ist aktuell. undefined PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Chrome 23.0.1271.64 ist aktuell Flash (11,5,31,2) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. undefined |
|
| Themen zu GVU Trojaner Logfiles Vista 32bit |
| adobe, audacity, autorun, bho, browser, defender, expert pdf, explorer, firefox, helper, home, homepage, install.exe, logfile, malwarebytes, microsoft, ntdll.dll, nvidia, object, picasa, programme, realtek, registry, scan, trojaner, usb, usb 2.0, vista, vodafone-sicherheitspaket, wmp |
Linear-Darstellung
