Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.02.2014, 23:34   #1
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Hey verehrte TB-Gemeinde!

Ich warte seit langem auf einen Artikel von Amazon. Wie dem auch sei, ohne mir ordentlich den Briefkopf anzuschauen habe ich die perfekte Amazon-Mail einfach angeklickt (perfekt im Sinne von der typischen Amazon Email-Oberfläche). Mir ist aufgefallen, das beim Öffnen in Firefox in der Link-Zeile kurz "cajusa.ba/etc.pp...." stand bevor ich auf die vermeintliche amazon-website weitergeleitet wurde (beim bewegen des cursors über die vielen links der email sieht man ebenfalls den link, ist mir dann später aufgefallen). Dabei viel mir auch auf, das ich bestimmt kein iPhone 5S bestellt habe! haha
Also ums kurz zu machen! Ich habe keinerlei merklichen Probleme, aber bin mir einfach nicht sicher, was während der kurzen Umleitung passiert sein könnte! Seid so nett und schaut mal in die log-files nach untypischen sachen, die ich nach eurer Anleitung (defogger, frst, gmer) zusammengestellt habe oder attestiert mir anderweitig, bitte!


Danke Euch schonmal vielmals und nen schönen Abend!
YV


PS. Die logfiles sind leider zu lang um als Code eingefügt zu werden. Siehe Anhang.

PPS. Bei der gelegenheit wäre es nett, wenn mir vielleicht jemand beantworten könnte woher solche einträge unter "Hosts content" kommen? Besuche solche Seiten nämlich nicht, außer vielleicht mein... hab da ne Idee während ich schreibe! aber bevor ich ausraste und mein mitbewohner nen blaues auge bekommt kann mir vielleicht jemand die möglichkeiten eröffnen!

Geändert von YackVander (06.02.2014 um 23:47 Uhr) Grund: ein "a" fehlte

Alt 07.02.2014, 07:07   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.02.2014, 08:10   #3
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



danke dir!

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:02 on 06/02/2014 (Wolf)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2014
Ran by ***** (administrator) on *****-PC on 06-02-2014 22:08:09
Running from C:\Users\*****\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7719456 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-11-13] (Sophos Limited)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\MountPoints2: {e753da95-0dc7-11e0-aaba-0013779f5544} - G:\RunGame.exe
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2013-11-13] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31DD733B010CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 137.248.1.5 137.248.21.22 137.248.1.8

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\user.js
FF Homepage: hxxp://www.tagessschau.de
FF Keyword.URL: hxxp://www.google.com/search?q=
FF NetworkProxy: "ftp", "77.175.84.246"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "77.175.84.246"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "77.175.84.246"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @cambridgesoft.com/Chem3D,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\searchplugins\*****ramalpha.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\nostmp [2011-04-19]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-04]
FF Extension: Stealthy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-20]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-24]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Always on Top - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2011-05-27]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-09-25]

========================== Services (Whitelisted) =================

S4 bfs; C:\Bruker\Diskless\WinApp\bfsd.exe [111104 2008-11-28] ()
S4 bootparam; C:\Bruker\Diskless\WinApp\rpc.bootparamd.exe [24064 2004-03-04] ()
S4 Bruker Dhcp Server; C:\Bruker\Diskless\tftpboot\dhcpd.exe [530944 2009-10-30] ()
S4 Bruker FLEXlm License Server; C:\flexlm\Bruker\srvany.exe [13312 1996-08-30] ()
S4 Bruker tftpd32; C:\Bruker\Diskless\tftpboot\tftpd.exe [138752 2009-10-30] ()
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-11-13] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-11-13] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-11-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-10-09] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-11-13] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1471992 2013-11-13] (Sophos Limited)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-06-19] (Cisco Systems, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108480 2010-07-22] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-28] ()
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-28] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-11-13] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-10-09] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-11-13] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-10-09] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2010-03-28] (Duplex Secure Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-06-19] (Cisco Systems, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 StarOpen; No ImagePath
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [48384 2012-03-15] (SEIKO EPSON CORPORATION)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 22:08 - 2014-02-06 22:08 - 00015922 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-06 22:07 - 2014-02-06 22:08 - 00000000 ____D () C:\FRST
2014-02-06 22:06 - 2014-02-06 22:06 - 01136640 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-06 22:01 - 2014-02-06 22:02 - 00000630 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-02-06 22:01 - 2014-02-06 22:02 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 21:59 - 2014-02-06 22:01 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-05 21:56 - 2014-02-06 09:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-01 17:36 - 2014-02-01 17:36 - 00000000 _____ () C:\Users\*****\Desktop\Neue Bitmap.bmp
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-22 10:20 - 2014-01-22 10:21 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:37 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 19:37 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 19:37 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 10:29 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 10:28 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:28 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 10:28 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 10:27 - 2014-01-16 10:28 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon

==================== One Month Modified Files and Folders =======

2014-02-06 22:08 - 2014-02-06 22:08 - 00015922 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-06 22:08 - 2014-02-06 22:07 - 00000000 ____D () C:\FRST
2014-02-06 22:08 - 2010-03-05 23:07 - 01209579 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 22:06 - 2014-02-06 22:06 - 01136640 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-06 22:04 - 2012-10-03 13:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-06 22:04 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 22:04 - 2009-07-14 05:39 - 00255281 _____ () C:\Windows\setupact.log
2014-02-06 22:02 - 2014-02-06 22:01 - 00000630 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-02-06 22:02 - 2014-02-06 22:01 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 22:02 - 2013-11-05 23:40 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-02-06 22:01 - 2014-02-06 21:59 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-06 22:01 - 2010-03-05 23:14 - 00000000 ____D () C:\Users\*****
2014-02-06 19:50 - 2010-03-08 15:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-02-06 09:34 - 2014-02-05 21:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 09:31 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 09:31 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 11:42 - 2010-03-05 23:15 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 00:24 - 2010-03-06 13:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.purple
2014-02-01 17:36 - 2014-02-01 17:36 - 00000000 _____ () C:\Users\*****\Desktop\Neue Bitmap.bmp
2014-02-01 03:00 - 2010-11-05 09:34 - 00000392 _____ () C:\Windows\Tasks\At1.job
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-26 11:12 - 2010-03-06 14:11 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-01-26 11:04 - 2012-04-04 12:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-26 11:04 - 2011-05-15 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-22 10:21 - 2014-01-22 10:20 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:46 - 2009-07-14 05:33 - 00419608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 19:42 - 2013-07-13 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 19:38 - 2010-03-06 00:13 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 17:32 - 2012-12-22 21:08 - 00000695 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2014-01-16 10:29 - 2013-10-24 11:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 10:28 - 2014-01-16 10:27 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 10:28 - 2013-03-04 23:43 - 00000000 ____D () C:\Program Files\Java
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon
2014-01-10 08:37 - 2012-09-30 19:14 - 00007600 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-01-09 22:24 - 2010-11-27 14:41 - 00000000 ___RD () C:\Users\*****\Desktop\My Dropbox
2014-01-09 22:24 - 2010-11-27 14:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\20110620050100175jniverify.dll
C:\Users\*****\AppData\Local\Temp\20110620050144283jniverify.dll
C:\Users\*****\AppData\Local\Temp\20120221112511971jniverify.dll
C:\Users\*****\AppData\Local\Temp\AskSLib.dll
C:\Users\*****\AppData\Local\Temp\AutoRun.exe
C:\Users\*****\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\*****\AppData\Local\Temp\eauninstall.exe
C:\Users\*****\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\*****\AppData\Local\Temp\ffdshow_beta6_rev2527_20081219.exe
C:\Users\*****\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\*****\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\NFS UNDERGROUND_uninst.exe
C:\Users\*****\AppData\Local\Temp\PCW.EXE
C:\Users\*****\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\tbZone.dll
C:\Users\*****\AppData\Local\Temp\Uninstall.exe
C:\Users\*****\AppData\Local\Temp\utildel.exe
C:\Users\*****\AppData\Local\Temp\vcredist_x86-vc90.exe
C:\Users\*****\AppData\Local\Temp\zauninst.exe
C:\Users\*****\AppData\Local\Temp\~tmp1371164681410.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 11:05

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-02-2014
Ran by ***** at 2014-02-06 22:09:15
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: ZoneAlarm Firewall (Enabled) {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

==================== Installed Programs ======================

7-Zip 4.65 (Version:  - ) <==== ATTENTION
Adobe Download Manager (Version: 1.6.2.91 - NOS Microsystems Ltd.) <==== ATTENTION
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated) <==== ATTENTION
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated) <==== ATTENTION
Adobe Shockwave Player 11.6 (Version: 11.6.3.633 - Adobe Systems, Inc.) <==== ATTENTION
Anleitung für Epson Connect (Version:  - ) <==== ATTENTION
AnyDVD (Version: 6.6.8.0 - SlySoft) <==== ATTENTION
Apple Application Support (Version: 2.3.6 - Apple Inc.) <==== ATTENTION
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) <==== ATTENTION
Apple Software Update (Version: 2.1.3.127 - Apple Inc.) <==== ATTENTION
Atheros Client Installation Program (Version: 1.0.1.0805 - Atheros) <==== ATTENTION
Bonjour (Version: 3.0.0.10 - Apple Inc.) <==== ATTENTION
Bruker Diskless 3.0.20091030 (Version:  - ) <==== ATTENTION
Bruker FLEXlm 9.5.0.p1 (Version:  - ) <==== ATTENTION
Bruker IconNMR 4.5.b.8 (Version:  - ) <==== ATTENTION
Bruker NMR-GLP 7.2 (Version:  - ) <==== ATTENTION
Bruker NMR-GUIDE 4.2 (Version:  - ) <==== ATTENTION
Bruker NMR-Sim 5.2.b (Version:  - ) <==== ATTENTION
Bruker TopSpin 3.0.b.7 (Version:  - ) <==== ATTENTION
BurnAware Free 6.6 (Version:  - Burnaware) <==== ATTENTION
CambridgeSoft Activation Client (Version: 11.0 - CambridgeSoft Corporation) <==== ATTENTION
CambridgeSoft ChemOffice Ultra 2008 (Version: 11.0 - CambridgeSoft Corporation) <==== ATTENTION
CambridgeSoft ChemOffice Ultra 2008 (Version: 11.0 - CambridgeSoft Corporation) Hidden <==== ATTENTION
CambridgeSoft ChemScript 11.0 (Version: 11.0 - CambridgeSoft Corporation) <==== ATTENTION
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.04059 - Cisco Systems, Inc.) <==== ATTENTION
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04059 - Cisco Systems, Inc.) Hidden <==== ATTENTION
CorelDRAW Graphics Suite X3 (Version: 13.0 - Corel Corporation) <==== ATTENTION
DE (Version: 13.0 - Corel Corporation) Hidden <==== ATTENTION
Diamond 3 (Version: 3.2.5 - Crystal Impact GbR, Bonn, Germany) <==== ATTENTION
DivX-Setup (Version: 1.0.1.5 - DivX, Inc. ) <==== ATTENTION
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.) <==== ATTENTION
Easy Display Manager (Version: 3.0 - Samsung Electronics Co., Ltd.) <==== ATTENTION
EAX Unified (Version:  - ) <==== ATTENTION
Epson Benutzerhandbuch WF-3520 Series (Version:  - ) <==== ATTENTION
Epson Event Manager (Version: 3.01.0005 - Seiko Epson Corporation) <==== ATTENTION
Epson FAX Utility (Version: 1.30.00 - SEIKO EPSON CORPORATION) <==== ATTENTION
Epson Netzwerkhandbuch WF-3520 Series (Version:  - ) <==== ATTENTION
Epson PC-FAX Driver (Version:  - ) <==== ATTENTION
EPSON Printer Finder (Version: 1.0.0 - SEIKO EPSON CORPORATION) <==== ATTENTION
EPSON Scan (Version:  - Seiko Epson Corporation) <==== ATTENTION
EPSON WF-3520 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation) <==== ATTENTION
EPSON-Drucker-Software (Version:  - ) <==== ATTENTION
EpsonNet Config V4 (Version: 4.0.0 - SEIKO EPSON CORPORATION) <==== ATTENTION
EpsonNet Print (Version: 2.5.00 - SEIKO EPSON CORPORATION) <==== ATTENTION
Extended Asian Language font pack for Adobe Reader XI (Version: 11.0.0 - Adobe Systems Incorporated) <==== ATTENTION
FontNav (Version: 5.0 - Corel Corporation) Hidden <==== ATTENTION
GooReader (Version: 3.2 - GooReader) <==== ATTENTION
GPL Ghostscript 9.00 (Version:  - ) <==== ATTENTION
GTK+ Runtime 2.14.7 rev a (nur entfernen) (Version:  - ) <==== ATTENTION
ImageJ 1.44p (Version:  - NIH) <==== ATTENTION
Inkscape 0.48.0 (Version: 0.48.0 - ) <==== ATTENTION
iTunes (Version: 11.1.3.8 - Apple Inc.) <==== ATTENTION
Java 7 Update 51 (Version: 7.0.510 - Oracle) <==== ATTENTION
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden <==== ATTENTION
K-Lite Mega Codec Pack 7.1.0 (Version: 7.1.0 - ) <==== ATTENTION
Mendeley Desktop 1.8 (Version: 1.8 - Mendeley Ltd.) <==== ATTENTION
MestReC 4.9.9 (Version:  - MestReC) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) <==== ATTENTION
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014 - Microsoft Corporation) <==== ATTENTION
Microsoft Silverlight (Version: 4.1.10329.0 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) <==== ATTENTION
MozBackup 1.4.10 (Version:  - Pavel Cvrcek) <==== ATTENTION
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla) <==== ATTENTION
Mozilla Maintenance Service (Version: 24.3.0 - Mozilla) <==== ATTENTION
Mozilla Thunderbird 24.3.0 (x86 de) (Version: 24.3.0 - Mozilla) <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) <==== ATTENTION
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) <==== ATTENTION
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1 - NVIDIA Corporation) <==== ATTENTION
NVIDIA Grafiktreiber 327.02 (Version: 327.02 - NVIDIA Corporation) <==== ATTENTION
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden <==== ATTENTION
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden <==== ATTENTION
NVIDIA Update 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) <==== ATTENTION
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden <==== ATTENTION
Origin8 (Version: 8.00.000 - OriginLab) Hidden <==== ATTENTION
OriginPro 8 (Version: 8.00.000 - OriginLab Corporation) <==== ATTENTION
PDF Architect (Version: 1.1.83.9982 - pdfforge GmbH) <==== ATTENTION
PDFCreator (Version: 1.7.1 - pdfforge) <==== ATTENTION
Pidgin (Version: 2.10.7 - ) <==== ATTENTION
POV-Ray for Windows v3.6.1 (Version: 3.6 - Persistence of Vision Raytracer Pty. Ltd.) <==== ATTENTION
PyMOL (Version:  - ) <==== ATTENTION
Python 2.5 (Version: 2.5.150 - Martin v. Löwis) <==== ATTENTION
Python 2.5 pywin32-210 (Version:  - ) <==== ATTENTION
QuickTime (Version: 7.73.80.64 - Apple Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (Version: 6.0.1.5923 - Realtek Semiconductor Corp.) <==== ATTENTION
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0 - Microsoft) <==== ATTENTION
Skype™ 6.10 (Version: 6.10.104 - Skype Technologies S.A.) <==== ATTENTION
Software Updater (Version: 4.1.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
Sophos Anti-Virus (Version: 10.3.1 - Sophos Limited) <==== ATTENTION
Sophos AutoUpdate (Version: 2.9.0.344 - Sophos Limited) <==== ATTENTION
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB) <==== ATTENTION
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (Version: 13.2.4.12 - Synaptics Incorporated) <==== ATTENTION
Uninstall 1.0.0.1 (Version:  - ) <==== ATTENTION
Update Manager (Version: 4.60 - Corel Corporation) Hidden <==== ATTENTION
VBA (Version: 6.2 - Corel Corporation) Hidden <==== ATTENTION
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden <==== ATTENTION
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden <==== ATTENTION
VLC media player 2.0.1 (Version: 2.0.1 - VideoLAN) <==== ATTENTION
Winamp (Version: 5.581  - Nullsoft, Inc) <==== ATTENTION
WinRAR (Version:  - ) <==== ATTENTION
ZoneAlarm LTD Toolbar (Version:  - Check Point Software Technologies) <==== ATTENTION

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:04 - 2013-09-18 21:22 - 00460514 ____A C:\Windows\system32\Drivers\etc\hosts
149.236.99.1	ASP_ST2
149.236.99.99	spect
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {354DE6E4-7FE6-4586-9E72-5C44B0E24382} - System32\Tasks\{7111397C-1BE8-4BCE-8D08-2D46F152A07C} => C:\Downloads\pymol-1_1eval-bin-win32\pymol-1_1eval-bin-win32\SETUP.EXE
Task: {3BEA4AE7-AF76-4C4A-A3C2-90E10342D65C} - System32\Tasks\{0C0198CB-76A4-45A8-BF63-7FE602FFC463} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {3EC3E7DA-8496-4301-AA4B-F657216F4156} - System32\Tasks\{0F0388D4-9856-4E80-839C-1166DDB128E2} => E:\AUTORUN.EXE
Task: {453C754C-639B-4BB9-A40E-56BF39C430A7} - System32\Tasks\{BAA3A79B-40EE-4E8B-A272-890BCA693253} => D:\Spiele\THPS 4 Demo\Start.exe
Task: {460D8DD7-E193-49A1-B187-53C99526B790} - System32\Tasks\{4CD310B5-95DA-4535-8B88-AF435493C018} => C:\Downloads\Monkeyisland\MONKEY.EXE
Task: {4EB234CF-6E4B-426C-98CC-EDD7E21B431A} - System32\Tasks\{F6E12B37-B0DD-4504-94B1-A8828D230EFD} => F:\SETUP.EXE
Task: {5374E261-27EF-4F68-963F-255564DDE434} - System32\Tasks\{DEA49738-7A95-427C-83E1-8560F3292840} => E:\AUTORUN.EXE
Task: {7051AFC4-AA3E-4308-8EE9-E96D8A65D5F3} - System32\Tasks\{29457E13-850E-4ABF-9F4F-EA9B092E2D83} => C:\Downloads\Half-Life_1.0.1.6_No_CD\hl1016e_nocd_loader.exe
Task: {8431FE0E-9BC3-4CE0-9742-64C64BEEDC9E} - System32\Tasks\{B214730A-3EA7-4521-9F4A-D75EF9737255} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {8D8921A2-1BA0-4BD3-AD39-96940215C2F5} - System32\Tasks\{175A5693-A086-4CB9-B19D-AA7CBD43253F} => E:\SETUP.EXE
Task: {92E25EBA-04BB-4D0B-AD9D-5560312A4E06} - System32\Tasks\{9EAE1C60-C6D4-496A-8E73-4C332A135A29} => C:\Downloads\pymol-1_1eval-bin-win32\pymol-1_1eval-bin-win32\SETUP.EXE
Task: {A06BA889-4719-463B-A278-AAE4863EFDAC} - System32\Tasks\{47102ACC-A4EF-46BA-98B5-931060476E19} => F:\SETUP.EXE
Task: {A2FEAC9D-6DC7-44CB-8BA1-024AFA3D6DF4} - System32\Tasks\At1 => C:\Bruker\TopSpin3.0.b.7\prog\bin\helevtransfer.cmd [2013-08-05] ()
Task: {AC0E1F83-A399-4B8D-B8FF-9E8E86D14726} - System32\Tasks\{7A5024B2-441B-4CE3-B81D-65C57309036A} => E:\SETUP.EXE
Task: {B899332C-5FD7-4D77-BEFD-7695939910E4} - System32\Tasks\{13EF55AE-4C94-4D88-87A1-A6C4D0FBD338} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {C4CF8062-47D1-4569-B131-74A29B1A0EEF} - System32\Tasks\{C1468C96-2B25-4BFB-9BDC-BEE4BCB95602} => D:\Spiele\Half-life\SETUP.EXE
Task: {C8C2392C-0B40-4937-AD33-1744F9C75E43} - System32\Tasks\{DF0E6404-16A3-4532-9BD7-8D5923F39EC7} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {D9115690-BCCB-4FFF-BC09-83CD019F4A85} - System32\Tasks\{A5FCA1E2-1647-4756-87C4-73A4955F4E45} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {E4591581-80A6-4A2A-B21C-19AD6AED0834} - System32\Tasks\{1C7C5EA5-F135-4201-8579-6B1C600218C2} => C:\Downloads\pymol-1_1eval-bin-win32\pymol-1_1eval-bin-win32\SETUP.EXE
Task: {E5F8ED80-50B9-47A1-B97A-216D1A74DF0A} - System32\Tasks\{80F9D663-0064-451D-8676-11D4CCAD72C7} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {EC2D19B8-8CC8-456A-8C37-45F7B86FEAF4} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-24] (Samsung Electronics Co., Ltd.)
Task: {F091FECB-E56B-4A39-9FAF-28882ADBCEFD} - System32\Tasks\{8400AB2E-CCE7-44FB-9B38-C1C65F3F43E0} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {F53D5B80-0E69-4025-B8BB-9FB3568F7F3F} - System32\Tasks\{98826237-D852-4C1B-9388-316159DD92ED} => C:\Users\*****\Desktop\Bsc Arbeit\Programme\PyMol\pymol-0_99rc6-bin-win32\SETUP.EXE
Task: {F5E07962-7A0D-4E21-B002-83A10E687DA5} - System32\Tasks\{8955F6B9-3337-4AC3-B346-1B34C77392DE} => F:\SETUP.EXE
Task: {F86AF7E5-7C27-43DD-90A9-96F5BD8BA8EC} - System32\Tasks\{91D85762-9CE6-472C-AC55-AE7DF12D98F4} => F:\SETUP.EXE
Task: C:\Windows\Tasks\At1.job => ?

==================== Loaded Modules (whitelisted) =============

2011-10-19 15:33 - 2006-08-12 11:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-12-20 10:53 - 2013-12-20 10:53 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-26 11:04 - 2014-01-26 11:04 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2014 11:05:52 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/06/2014 11:01:53 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/06/2014 10:58:11 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2014 11:26:08 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/05/2014 11:23:08 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/05/2014 11:19:29 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/03/2014 03:43:42 PM) (Source: CXNRegistryLib) (User: )
Description: Error number: {-2147467259(An unspecified failure has occurred.)} 
 	 Error source: {CRegistryHelper::GetLongValue} 
 	 Error Description: {Unable to retrieve integer value for the specified registry key! ()}

Error: (02/03/2014 03:43:42 PM) (Source: CXNRegistryLib) (User: )
Description: Error number: {-2147467259(An unspecified failure has occurred.)} 
 	 Error source: {CRegistryHelper::Open} 
 	 Error Description: {Open the specified registry key failed! (Unable to open the specified registry key!)}

Error: (02/03/2014 02:14:16 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/03/2014 02:11:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (02/06/2014 10:06:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (02/06/2014 10:03:08 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/06/2014 07:14:56 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/06/2014 09:26:03 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (02/05/2014 09:33:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (02/05/2014 11:32:20 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/05/2014 09:33:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (02/04/2014 08:56:45 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079

Error: (02/03/2014 03:47:22 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/03/2014 00:33:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1079


Microsoft Office Sessions:
=========================
Error: (01/06/2014 11:37:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3614 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (12/28/2013 03:42:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 48862 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (06/20/2013 06:55:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37514 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/06/2012 06:40:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1778 seconds with 1320 seconds of active time.  This session ended with a crash.

Error: (02/10/2011 08:34:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14987 seconds with 6420 seconds of active time.  This session ended with a crash.

Error: (06/27/2010 00:43:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8558 seconds with 2760 seconds of active time.  This session ended with a crash.

Error: (06/03/2010 03:55:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8366 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-10-03 14:26:05.373
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 13:38:19.952
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 12:43:48.786
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 12:09:05.742
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 10:46:04.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 10:16:21.008
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 09:57:59.576
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 09:50:53.765
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-03 00:14:26.595
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-10-02 23:20:38.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 3066.61 MB
Available physical RAM: 1575.91 MB
Total Pagefile: 6129.45 MB
Available Pagefile: 4707.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50 GB) (Free:4.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:248.09 GB) (Free:37.53 GB) NTFS
Drive w: (ag*****) (Network) (Total:3.91 GB) (Free:3.91 GB) NTFS
Drive x: (software) (Network) (Total:3.91 GB) (Free:3.91 GB) NTFS
Drive y: (*****) (Network) (Total:3.91 GB) (Free:3.91 GB) NTFS
Drive z: (NMR) (Network) (Total:458.44 GB) (Free:177.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B6394A61)
Partition 1: (Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=248 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Geändert von YackVander (07.02.2014 um 08:11 Uhr) Grund: ein herzliches danke fehlt

Alt 07.02.2014, 08:10   #4
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-06 22:42:47
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.00000009 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxldqpob.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                                     830369A5 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                       83056512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                       section is writeable [0x9FD73300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                       section is writeable [0x9FDB6300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\system32\lsass.exe[508] ntdll.dll!RtlExitUserThread                                                                               774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] ntdll.dll!KiUserExceptionDispatcher                                                                       77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] ntdll.dll!LdrLoadDll                                                                                      775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!CreateProcessA                                                                               75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!VirtualProtect                                                                               75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!LoadLibraryExA                                                                               75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!LoadLibraryExW                                                                               75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!GlobalAlloc                                                                                  75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!GetProcAddress                                                                               75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!LoadLibraryA                                                                                 75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!CreateFileA                                                                                  75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!LoadLibraryW                                                                                 75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!FreeLibrary                                                                                  75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!WriteFile                                                                                    75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!ExitProcess                                                                                  75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!CreateProcessInternalA                                                                       75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!WriteFileEx                                                                                  75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!GetThreadContext                                                                             75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!WriteProcessMemory                                                                           75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!WinExec                                                                                      75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!VirtualProtectEx                                                                             75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] kernel32.dll!SetThreadContext                                                                             75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!closesocket                                                                                    76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!WSAStartup                                                                                     76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!bind                                                                                           76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!accept                                                                                         764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!recv                                                                                           76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!connect                                                                                        76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!send                                                                                           76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!getpeername                                                                                    76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!listen                                                                                         7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\lsass.exe[508] WS2_32.dll!WSASocketA                                                                                     7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] ntdll.dll!RtlExitUserThread                                                                             774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] ntdll.dll!KiUserExceptionDispatcher                                                                     77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] ntdll.dll!LdrLoadDll                                                                                    775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!CreateProcessA                                                                             75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!VirtualProtect                                                                             75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!LoadLibraryExA                                                                             75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!LoadLibraryExW                                                                             75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!GlobalAlloc                                                                                75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!GetProcAddress                                                                             75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!LoadLibraryA                                                                               75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!CreateFileA                                                                                75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!LoadLibraryW                                                                               75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!FreeLibrary                                                                                75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!WriteFile                                                                                  75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!ExitProcess                                                                                75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!CreateProcessInternalA                                                                     75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!WriteFileEx                                                                                75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!GetThreadContext                                                                           75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!WriteProcessMemory                                                                         75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!WinExec                                                                                    75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!VirtualProtectEx                                                                           75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] kernel32.dll!SetThreadContext                                                                           75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!closesocket                                                                                  76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!WSAStartup                                                                                   76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!bind                                                                                         76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!accept                                                                                       764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!recv                                                                                         76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!connect                                                                                      76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!send                                                                                         76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!getpeername                                                                                  76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!listen                                                                                       7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[676] WS2_32.dll!WSASocketA                                                                                   7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] ntdll.dll!RtlExitUserThread                                                                             774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] ntdll.dll!KiUserExceptionDispatcher                                                                     77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] ntdll.dll!LdrLoadDll                                                                                    775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateProcessA                                                                             75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!VirtualProtect                                                                             75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryExA                                                                             75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW                                                                             75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!GlobalAlloc                                                                                75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!GetProcAddress                                                                             75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryA                                                                               75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateFileA                                                                                75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryW                                                                               75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!FreeLibrary                                                                                75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!WriteFile                                                                                  75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!ExitProcess                                                                                75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateProcessInternalA                                                                     75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!WriteFileEx                                                                                75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!GetThreadContext                                                                           75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!WriteProcessMemory                                                                         75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!WinExec                                                                                    75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx                                                                           75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] kernel32.dll!SetThreadContext                                                                           75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!closesocket                                                                                  76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!WSAStartup                                                                                   76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!bind                                                                                         76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!accept                                                                                       764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!recv                                                                                         76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!connect                                                                                      76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!send                                                                                         76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!getpeername                                                                                  76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!listen                                                                                       7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[780] WS2_32.dll!WSASocketA                                                                                   7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] ntdll.dll!RtlExitUserThread                                                                             774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] ntdll.dll!KiUserExceptionDispatcher                                                                     77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] ntdll.dll!LdrLoadDll                                                                                    775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!CreateProcessA                                                                             75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!VirtualProtect                                                                             75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!LoadLibraryExA                                                                             75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!LoadLibraryExW                                                                             75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!GlobalAlloc                                                                                75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!GetProcAddress                                                                             75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!LoadLibraryA                                                                               75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!CreateFileA                                                                                75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!LoadLibraryW                                                                               75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!FreeLibrary                                                                                75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!WriteFile                                                                                  75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!ExitProcess                                                                                75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!CreateProcessInternalA                                                                     75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!WriteFileEx                                                                                75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!GetThreadContext                                                                           75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!WriteProcessMemory                                                                         75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!WinExec                                                                                    75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!VirtualProtectEx                                                                           75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] kernel32.dll!SetThreadContext                                                                           75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!closesocket                                                                                  76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!WSAStartup                                                                                   76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!bind                                                                                         76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!accept                                                                                       764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!recv                                                                                         76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!connect                                                                                      76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!send                                                                                         76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!getpeername                                                                                  76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!listen                                                                                       7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[844] WS2_32.dll!WSASocketA                                                                                   7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] ntdll.dll!RtlExitUserThread                                                                             774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] ntdll.dll!KiUserExceptionDispatcher                                                                     77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrLoadDll                                                                                    775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!CreateProcessA                                                                             75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!VirtualProtect                                                                             75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!LoadLibraryExA                                                                             75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!LoadLibraryExW                                                                             75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!GlobalAlloc                                                                                75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!GetProcAddress                                                                             75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!LoadLibraryA                                                                               75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!CreateFileA                                                                                75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!LoadLibraryW                                                                               75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!FreeLibrary                                                                                75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!WriteFile                                                                                  75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!ExitProcess                                                                                75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!CreateProcessInternalA                                                                     75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!WriteFileEx                                                                                75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!GetThreadContext                                                                           75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!WriteProcessMemory                                                                         75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!WinExec                                                                                    75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!VirtualProtectEx                                                                           75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] kernel32.dll!SetThreadContext                                                                           75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!closesocket                                                                                  76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!WSAStartup                                                                                   76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!bind                                                                                         76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!accept                                                                                       764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!recv                                                                                         76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!connect                                                                                      76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!send                                                                                         76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!getpeername                                                                                  76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!listen                                                                                       7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\System32\svchost.exe[940] WS2_32.dll!WSASocketA                                                                                   7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] ntdll.dll!RtlExitUserThread                                                                             774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] ntdll.dll!KiUserExceptionDispatcher                                                                     77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] ntdll.dll!LdrLoadDll                                                                                    775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessA                                                                             75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!VirtualProtect                                                                             75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!LoadLibraryExA                                                                             75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW                                                                             75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!GlobalAlloc                                                                                75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!GetProcAddress                                                                             75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!LoadLibraryA                                                                               75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateFileA                                                                                75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!LoadLibraryW                                                                               75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!FreeLibrary                                                                                75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!WriteFile                                                                                  75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!ExitProcess                                                                                75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessInternalA                                                                     75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!WriteFileEx                                                                                75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!GetThreadContext                                                                           75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!WriteProcessMemory                                                                         75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!WinExec                                                                                    75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!VirtualProtectEx                                                                           75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] kernel32.dll!SetThreadContext                                                                           75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!closesocket                                                                                  76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!WSAStartup                                                                                   76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!bind                                                                                         76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!accept                                                                                       764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!recv                                                                                         76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!connect                                                                                      76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!send                                                                                         76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!getpeername                                                                                  76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!listen                                                                                       7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[984] WS2_32.dll!WSASocketA                                                                                   7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] ntdll.dll!RtlExitUserThread                                                                            774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] ntdll.dll!KiUserExceptionDispatcher                                                                    77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll                                                                                   775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessA                                                                            75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!VirtualProtect                                                                            75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA                                                                            75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW                                                                            75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!GlobalAlloc                                                                               75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetProcAddress                                                                            75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA                                                                              75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateFileA                                                                               75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW                                                                              75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!FreeLibrary                                                                               75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WriteFile                                                                                 75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!ExitProcess                                                                               75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!CreateProcessInternalA                                                                    75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WriteFileEx                                                                               75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetThreadContext                                                                          75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WriteProcessMemory                                                                        75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!WinExec                                                                                   75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!VirtualProtectEx                                                                          75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] kernel32.dll!SetThreadContext                                                                          75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!closesocket                                                                                 76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!WSAStartup                                                                                  76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!bind                                                                                        76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!accept                                                                                      764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!recv                                                                                        76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!connect                                                                                     76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!send                                                                                        76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!getpeername                                                                                 76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!listen                                                                                      7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1020] WS2_32.dll!WSASocketA                                                                                  7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] ntdll.dll!RtlExitUserThread                                                                            774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] ntdll.dll!KiUserExceptionDispatcher                                                                    77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll                                                                                   775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!CreateProcessA                                                                            75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!VirtualProtect                                                                            75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA                                                                            75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW                                                                            75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!GlobalAlloc                                                                               75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetProcAddress                                                                            75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA                                                                              75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!CreateFileA                                                                               75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW                                                                              75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!FreeLibrary                                                                               75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!WriteFile                                                                                 75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!ExitProcess                                                                               75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!CreateProcessInternalA                                                                    75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!WriteFileEx                                                                               75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetThreadContext                                                                          75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!WriteProcessMemory                                                                        75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!WinExec                                                                                   75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!VirtualProtectEx                                                                          75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1120] kernel32.dll!SetThreadContext                                                                          75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] ntdll.dll!RtlExitUserThread                                                                            774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] ntdll.dll!KiUserExceptionDispatcher                                                                    77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll                                                                                   775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessA                                                                            75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!VirtualProtect                                                                            75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExA                                                                            75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExW                                                                            75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!GlobalAlloc                                                                               75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetProcAddress                                                                            75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryA                                                                              75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateFileA                                                                               75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!LoadLibraryW                                                                              75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!FreeLibrary                                                                               75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!WriteFile                                                                                 75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!ExitProcess                                                                               75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!CreateProcessInternalA                                                                    75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!WriteFileEx                                                                               75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!GetThreadContext                                                                          75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!WriteProcessMemory                                                                        75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!WinExec                                                                                   75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!VirtualProtectEx                                                                          75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] kernel32.dll!SetThreadContext                                                                          75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!closesocket                                                                                 76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!WSAStartup                                                                                  76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!bind                                                                                        76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!accept                                                                                      764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!recv                                                                                        76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!connect                                                                                     76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!send                                                                                        76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!getpeername                                                                                 76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!listen                                                                                      7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1812] WS2_32.dll!WSASocketA                                                                                  7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] ntdll.dll!RtlExitUserThread                                                                            774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] ntdll.dll!KiUserExceptionDispatcher                                                                    77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] ntdll.dll!LdrLoadDll                                                                                   775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessA                                                                            75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!VirtualProtect                                                                            75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryExA                                                                            75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryExW                                                                            75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!GlobalAlloc                                                                               75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetProcAddress                                                                            75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryA                                                                              75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateFileA                                                                               75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!LoadLibraryW                                                                              75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!FreeLibrary                                                                               75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!WriteFile                                                                                 75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!ExitProcess                                                                               75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!CreateProcessInternalA                                                                    75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!WriteFileEx                                                                               75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetThreadContext                                                                          75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!WriteProcessMemory                                                                        75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!WinExec                                                                                   75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!VirtualProtectEx                                                                          75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] kernel32.dll!SetThreadContext                                                                          75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!closesocket                                                                                 76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!WSAStartup                                                                                  76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!bind                                                                                        76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!accept                                                                                      764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!recv                                                                                        76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!connect                                                                                     76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!send                                                                                        76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!getpeername                                                                                 76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!listen                                                                                      7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[1988] WS2_32.dll!WSASocketA                                                                                  7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!RtlExitUserThread                                                                            774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!KiUserExceptionDispatcher                                                                    77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] ntdll.dll!LdrLoadDll                                                                                   775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!CreateProcessA                                                                            75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!VirtualProtect                                                                            75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!LoadLibraryExA                                                                            75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!LoadLibraryExW                                                                            75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!GlobalAlloc                                                                               75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!GetProcAddress                                                                            75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!LoadLibraryA                                                                              75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!CreateFileA                                                                               75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!LoadLibraryW                                                                              75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!FreeLibrary                                                                               75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!WriteFile                                                                                 75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!ExitProcess                                                                               75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!CreateProcessInternalA                                                                    75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!WriteFileEx                                                                               75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!GetThreadContext                                                                          75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!WriteProcessMemory                                                                        75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!WinExec                                                                                   75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!VirtualProtectEx                                                                          75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] kernel32.dll!SetThreadContext                                                                          75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!closesocket                                                                                 76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!WSAStartup                                                                                  76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!bind                                                                                        76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!accept                                                                                      764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!recv                                                                                        76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!connect                                                                                     76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!send                                                                                        76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!getpeername                                                                                 76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!listen                                                                                      7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2064] WS2_32.dll!WSASocketA                                                                                  7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] ntdll.dll!RtlExitUserThread                                                                            774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] ntdll.dll!KiUserExceptionDispatcher                                                                    77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrLoadDll                                                                                   775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!CreateProcessA                                                                            75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!VirtualProtect                                                                            75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!LoadLibraryExA                                                                            75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!LoadLibraryExW                                                                            75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!GlobalAlloc                                                                               75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!GetProcAddress                                                                            75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!LoadLibraryA                                                                              75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!CreateFileA                                                                               75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!LoadLibraryW                                                                              75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!FreeLibrary                                                                               75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!WriteFile                                                                                 75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!ExitProcess                                                                               75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!CreateProcessInternalA                                                                    75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!WriteFileEx                                                                               75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!GetThreadContext                                                                          75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!WriteProcessMemory                                                                        75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!WinExec                                                                                   75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!VirtualProtectEx                                                                          75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\system32\svchost.exe[2240] kernel32.dll!SetThreadContext                                                                          75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] ntdll.dll!RtlExitUserThread                                                                                    774FF608 5 Bytes  JMP 754E50C0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] ntdll.dll!KiUserExceptionDispatcher                                                                            77517048 5 Bytes  JMP 754E86F0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] ntdll.dll!LdrLoadDll                                                                                           775322AE 5 Bytes  JMP 754E4EE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!CreateProcessA                                                                                    75A42082 5 Bytes  JMP 754E5120 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!CopyFileExW                                                                                       75A7B280 7 Bytes  JMP 754E9AC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!VirtualProtect                                                                                    75A82C15 5 Bytes  JMP 754E4FA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!LoadLibraryExA                                                                                    75A844AE 5 Bytes  JMP 754E5020 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!LoadLibraryExW                                                                                    75A850C1 5 Bytes  JMP 754E5000 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!MoveFileWithProgressW                                                                             75A88DD4 5 Bytes  JMP 754E9BE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!GlobalAlloc                                                                                       75A8A16D 5 Bytes  JMP 754E5060 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!GetProcAddress                                                                                    75A8CC84 5 Bytes  JMP 754E50A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!LoadLibraryA                                                                                      75A8DC55 5 Bytes  JMP 754E5040 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!CreateFileA                                                                                       75A8EA51 5 Bytes  JMP 754E5140 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!LoadLibraryW                                                                                      75A8EF32 5 Bytes  JMP 754E4FE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!FreeLibrary                                                                                       75A8EF57 5 Bytes  JMP 754E5310 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!WriteFile                                                                                         75A953DE 5 Bytes  JMP 754E4F40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!ExitProcess                                                                                       75A9BBD2 5 Bytes  JMP 754E50E0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!CreateProcessInternalA                                                                            75A9C88C 5 Bytes  JMP 754E5100 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!WriteFileEx                                                                                       75AA551D 5 Bytes  JMP 754E4F20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!GetThreadContext                                                                                  75AA8BC4 5 Bytes  JMP 754E5080 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!WriteProcessMemory                                                                                75AA958F 5 Bytes  JMP 754E4F00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!WinExec                                                                                           75ACED9E 5 Bytes  JMP 754E4F60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!VirtualProtectEx                                                                                  75ACFD39 5 Bytes  JMP 754E4F80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] kernel32.dll!SetThreadContext                                                                                  75AD08B3 5 Bytes  JMP 754E4FC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] ole32.dll!CoCreateInstance                                                                                     76039D0B 8 Bytes  JMP 754EA2B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WININET.dll!InternetQueryDataAvailable                                                                         75B48E2D 5 Bytes  JMP 754E4E80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WININET.dll!InternetReadFile                                                                                   75B4926F 5 Bytes  JMP 754E4E60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WININET.dll!InternetOpenA                                                                                      75B6ECAA 5 Bytes  JMP 754E4EC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WININET.dll!InternetOpenUrlA                                                                                   75BDD217 5 Bytes  JMP 754E4EA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!closesocket                                                                                         76413918 5 Bytes  JMP 754E4DC0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!WSAStartup                                                                                          76413AB2 7 Bytes  JMP 754E4E20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!bind                                                                                                76414582 5 Bytes  JMP 754E4DE0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!accept                                                                                              764168B6 5 Bytes  JMP 754E4E00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!recv                                                                                                76416B0E 5 Bytes  JMP 754E4D40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!connect                                                                                             76416BDD 5 Bytes  JMP 754E4DA0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!send                                                                                                76416F01 5 Bytes  JMP 754E4D20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!getpeername                                                                                         76417147 5 Bytes  JMP 754E4D80 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!listen                                                                                              7641B001 5 Bytes  JMP 754E4D60 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.text           C:\Windows\Explorer.EXE[3528] WS2_32.dll!WSASocketA                                                                                          7641C82A 5 Bytes  JMP 754E4E40 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                      Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                      Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AA747A65-75D4-417C-93F0-E8B76B02CB9C}\Connection@Name  isatap.{767020B9-E280-44B3-9D00-80EEA8D46FBE}
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind     \Device\{09C05DB5-1E4A-4B16-B329-E743B65535B9}?\Device\{AA747A65-75D4-417C-93F0-E8B76B02CB9C}?\Device\{EC143BFA-41BA-48D5-8427-4E4347E24019}?\Device\{F2028B4D-AFA1-4785-A79B-B9FA94972171}?\Device\{5E39A35C-34AD-4987-84B7-2386E18FC83E}?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route    "{09C05DB5-1E4A-4B16-B329-E743B65535B9}"?"{AA747A65-75D4-417C-93F0-E8B76B02CB9C}"?"{EC143BFA-41BA-48D5-8427-4E4347E24019}"?"{F2028B4D-AFA1-4785-A79B-B9FA94972171}"?"{5E39A35C-34AD-4987-84B7-2386E18FC83E}"?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export   \Device\TCPIP6TUNNEL_{09C05DB5-1E4A-4B16-B329-E743B65535B9}?\Device\TCPIP6TUNNEL_{AA747A65-75D4-417C-93F0-E8B76B02CB9C}?\Device\TCPIP6TUNNEL_{EC143BFA-41BA-48D5-8427-4E4347E24019}?\Device\TCPIP6TUNNEL_{F2028B4D-AFA1-4785-A79B-B9FA94972171}?\Device\TCPIP6TUNNEL_{5E39A35C-34AD-4987-84B7-2386E18FC83E}?
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA747A65-75D4-417C-93F0-E8B76B02CB9C}@InterfaceName                       isatap.{767020B9-E280-44B3-9D00-80EEA8D46FBE}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA747A65-75D4-417C-93F0-E8B76B02CB9C}@ReusableType                        0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                       0x1B 0xDB 0xF5 0xBC ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0xA7 0x56 0x4C 0x5E ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                         0x82 0x7F 0x95 0x57 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                         0x3A 0x58 0xBE 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                              C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                              0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                           0x1B 0xDB 0xF5 0xBC ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                     0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                  0xA7 0x56 0x4C 0x5E ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                             0x82 0x7F 0x95 0x57 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                             0x3A 0x58 0xBE 0xF7 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{112A092A-28A3-11DF-B053-806E6F6E6963}                       10343515304

---- EOF - GMER 2.1 ----
         

Alt 08.02.2014, 10:29   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.02.2014, 13:39   #6
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



danke für die hilfe!

malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16750
****** :: WOLF-PC [Administrator]

08.02.2014 11:49:18
mbam-log-2014-02-08 (11-49-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 240386
Laufzeit: 12 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bösartig: (hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 2
C:\Users\******\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\Roaming\OpenCandy\OpenCandy_DF024C39D7524D2E8D5627E7E6A5870A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Users\******\AppData\Roaming\OpenCandy\OpenCandy_DF024C39D7524D2E8D5627E7E6A5870A\743.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\******\AppData\Roaming\OpenCandy\OpenCandy_DF024C39D7524D2E8D5627E7E6A5870A\registrybooster(9).exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
adwcleaner:
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 08/02/2014 um 13:03:17
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Users\*****\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\StumbleUpon
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader76279_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader76279_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ikea-home-planer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_ikea-home-planer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Security Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}");

*************************

AdwCleaner[R0].txt - [3202 octets] - [08/02/2014 13:02:26]
AdwCleaner[S0].txt - [3137 octets] - [08/02/2014 13:03:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3197 octets] ##########
         
jrt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x86
Ran by ***** on 08.02.2014 at 13:13:37,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\vo6705k9.default\minidumps [217 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2014 at 13:16:56,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und abschließend frst:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2014
Ran by ***** (administrator) on *****-PC on 08-02-2014 13:22:53
Running from C:\Users\*****\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7719456 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-11-13] (Sophos Limited)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\MountPoints2: {e753da95-0dc7-11e0-aaba-0013779f5544} - G:\RunGame.exe
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2013-11-13] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31DD733B010CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default
FF Homepage: hxxp://www.tagessschau.de
FF Keyword.URL: hxxp://www.google.com/search?q=
FF NetworkProxy: "ftp", "77.175.84.246"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "77.175.84.246"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "77.175.84.246"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @cambridgesoft.com/Chem3D,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\searchplugins\*****ramalpha.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\nostmp [2011-04-19]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-04]
FF Extension: Stealthy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-20]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-24]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Always on Top - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2011-05-27]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-09-25]

========================== Services (Whitelisted) =================

S4 bfs; C:\Bruker\Diskless\WinApp\bfsd.exe [111104 2008-11-28] ()
S4 bootparam; C:\Bruker\Diskless\WinApp\rpc.bootparamd.exe [24064 2004-03-04] ()
S4 Bruker Dhcp Server; C:\Bruker\Diskless\tftpboot\dhcpd.exe [530944 2009-10-30] ()
S4 Bruker FLEXlm License Server; C:\flexlm\Bruker\srvany.exe [13312 1996-08-30] ()
S4 Bruker tftpd32; C:\Bruker\Diskless\tftpboot\tftpd.exe [138752 2009-10-30] ()
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-11-13] (Sophos Limited)
S2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-11-13] (Sophos Limited)
S2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-11-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-10-09] (Sophos Limited)
S2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-11-13] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1471992 2013-11-13] (Sophos Limited)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-06-19] (Cisco Systems, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108480 2010-07-22] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-28] ()
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-28] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-11-13] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-10-09] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-11-13] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-10-09] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2010-03-28] (Duplex Secure Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-06-19] (Cisco Systems, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 StarOpen; No ImagePath
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [48384 2012-03-15] (SEIKO EPSON CORPORATION)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 13:22 - 2014-02-08 13:22 - 00014533 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-08 13:16 - 2014-02-08 13:16 - 00001079 _____ () C:\Users\*****\Desktop\JRT.txt
2014-02-08 13:13 - 2014-02-08 13:13 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:09 - 2014-02-08 13:09 - 01037530 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-08 13:00 - 2014-02-08 13:03 - 00000000 ____D () C:\AdwCleaner
2014-02-08 12:59 - 2014-02-08 13:00 - 01166132 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-08 11:46 - 2014-02-08 11:46 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 11:46 - 2014-02-08 11:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 11:46 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 11:45 - 2014-02-08 11:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-07 19:30 - 2014-02-07 19:31 - 00029148 _____ () C:\Users\*****\Desktop\SAV.txt
2014-02-06 23:33 - 2014-02-06 23:33 - 00000000 ____D () C:\Users\*****\AppData\Local\Sophos
2014-02-06 23:26 - 2014-02-08 13:18 - 00000000 ____D () C:\Users\*****\Desktop\Logfiles
2014-02-06 23:23 - 2014-02-06 23:24 - 01110476 _____ () C:\Users\*****\Desktop\7z920.exe
2014-02-06 22:17 - 2014-02-06 22:17 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-02-06 22:07 - 2014-02-08 13:22 - 00000000 ____D () C:\FRST
2014-02-06 22:06 - 2014-02-06 22:06 - 01136640 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-06 22:01 - 2014-02-06 22:02 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 21:59 - 2014-02-06 22:01 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-05 21:56 - 2014-02-06 09:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-01 17:36 - 2014-02-01 17:36 - 00000000 _____ () C:\Users\*****\Desktop\Neue Bitmap.bmp
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-22 10:20 - 2014-01-22 10:21 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:37 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 19:37 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 19:37 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 10:29 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 10:28 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:28 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 10:28 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 10:27 - 2014-01-16 10:28 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon

==================== One Month Modified Files and Folders =======

2014-02-08 13:23 - 2014-02-08 13:22 - 00014533 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-08 13:22 - 2014-02-06 22:07 - 00000000 ____D () C:\FRST
2014-02-08 13:18 - 2014-02-06 23:26 - 00000000 ____D () C:\Users\*****\Desktop\Logfiles
2014-02-08 13:16 - 2014-02-08 13:16 - 00001079 _____ () C:\Users\*****\Desktop\JRT.txt
2014-02-08 13:13 - 2014-02-08 13:13 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:11 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 13:11 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 13:09 - 2014-02-08 13:09 - 01037530 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-08 13:08 - 2010-03-05 23:07 - 01323057 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 13:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 13:04 - 2009-07-14 05:39 - 00255729 _____ () C:\Windows\setupact.log
2014-02-08 13:03 - 2014-02-08 13:00 - 00000000 ____D () C:\AdwCleaner
2014-02-08 13:00 - 2014-02-08 12:59 - 01166132 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-08 12:20 - 2010-03-05 23:27 - 00258344 _____ () C:\Windows\PFRO.log
2014-02-08 11:46 - 2014-02-08 11:46 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 11:46 - 2014-02-08 11:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 11:45 - 2014-02-08 11:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-08 03:00 - 2010-11-05 09:34 - 00000392 _____ () C:\Windows\Tasks\At1.job
2014-02-07 23:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-07 20:46 - 2009-07-27 16:48 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-07 20:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-07 19:31 - 2014-02-07 19:30 - 00029148 _____ () C:\Users\*****\Desktop\SAV.txt
2014-02-06 23:33 - 2014-02-06 23:33 - 00000000 ____D () C:\Users\*****\AppData\Local\Sophos
2014-02-06 23:24 - 2014-02-06 23:23 - 01110476 _____ () C:\Users\*****\Desktop\7z920.exe
2014-02-06 22:17 - 2014-02-06 22:17 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-02-06 22:06 - 2014-02-06 22:06 - 01136640 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-06 22:04 - 2012-10-03 13:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-06 22:02 - 2014-02-06 22:01 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 22:02 - 2013-11-05 23:40 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-02-06 22:01 - 2014-02-06 21:59 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-06 22:01 - 2010-03-05 23:14 - 00000000 ____D () C:\Users\*****
2014-02-06 19:50 - 2010-03-08 15:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-02-06 09:34 - 2014-02-05 21:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-02 11:42 - 2010-03-05 23:15 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 00:24 - 2010-03-06 13:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.purple
2014-02-01 17:36 - 2014-02-01 17:36 - 00000000 _____ () C:\Users\*****\Desktop\Neue Bitmap.bmp
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-26 11:12 - 2010-03-06 14:11 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-01-26 11:04 - 2012-04-04 12:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-26 11:04 - 2011-05-15 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-22 10:21 - 2014-01-22 10:20 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:46 - 2009-07-14 05:33 - 00419608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 19:42 - 2013-07-13 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 19:38 - 2010-03-06 00:13 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 17:32 - 2012-12-22 21:08 - 00000695 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2014-01-16 10:29 - 2013-10-24 11:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 10:28 - 2014-01-16 10:27 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 10:28 - 2013-03-04 23:43 - 00000000 ____D () C:\Program Files\Java
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon
2014-01-10 08:37 - 2012-09-30 19:14 - 00007600 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-01-09 22:24 - 2010-11-27 14:41 - 00000000 ___RD () C:\Users\*****\Desktop\My Dropbox
2014-01-09 22:24 - 2010-11-27 14:37 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 00:57

==================== End Of Log ============================
         
--- --- ---

Alt 09.02.2014, 08:58   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.02.2014, 14:59   #8
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



sieht gut aus?!

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b297c2bc82664744a6e0782ad030aaf7
# engine=17000
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-09 12:38:10
# local_time=2014-02-09 01:38:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 54391 143580681 0 0
# compatibility_mode=8449 16775165 50 96 18280 10635322 8726 0
# scanned=333605
# found=0
# cleaned=0
# scan_time=12146
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
AntiVir Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.44  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Mozilla Thunderbird (24.3.0) 
````````Process Check: objlist.exe by Laurent````````  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014
Ran by ***** (administrator) on *****-PC on 09-02-2014 14:50:37
Running from C:\Users\*****\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7719456 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-11-13] (Sophos Limited)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\MountPoints2: {e753da95-0dc7-11e0-aaba-0013779f5544} - G:\RunGame.exe
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2013-11-13] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31DD733B010CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default
FF Homepage: hxxp://www.tagessschau.de
FF Keyword.URL: hxxp://www.google.com/search?q=
FF NetworkProxy: "ftp", "77.175.84.246"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "77.175.84.246"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "77.175.84.246"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @cambridgesoft.com/Chem3D,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\searchplugins\*****ramalpha.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\nostmp [2011-04-19]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-04]
FF Extension: Stealthy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-20]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-24]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Always on Top - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2011-05-27]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-09-25]

========================== Services (Whitelisted) =================

S4 bfs; C:\Bruker\Diskless\WinApp\bfsd.exe [111104 2008-11-28] ()
S4 bootparam; C:\Bruker\Diskless\WinApp\rpc.bootparamd.exe [24064 2004-03-04] ()
S4 Bruker Dhcp Server; C:\Bruker\Diskless\tftpboot\dhcpd.exe [530944 2009-10-30] ()
S4 Bruker FLEXlm License Server; C:\flexlm\Bruker\srvany.exe [13312 1996-08-30] ()
S4 Bruker tftpd32; C:\Bruker\Diskless\tftpboot\tftpd.exe [138752 2009-10-30] ()
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-11-13] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-11-13] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-11-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-10-09] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-11-13] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1471992 2013-11-13] (Sophos Limited)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-06-19] (Cisco Systems, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108480 2010-07-22] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-28] ()
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-28] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-11-13] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-10-09] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-11-13] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-10-09] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2010-03-28] (Duplex Secure Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-06-19] (Cisco Systems, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 StarOpen; No ImagePath
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [48384 2012-03-15] (SEIKO EPSON CORPORATION)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 14:02 - 2014-02-09 14:02 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-02-09 13:42 - 2014-02-09 13:42 - 00987425 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-02-09 10:10 - 2014-02-09 10:10 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2014-02-08 13:22 - 2014-02-09 14:50 - 00014663 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-08 13:13 - 2014-02-08 13:13 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:09 - 2014-02-08 13:09 - 01037530 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-08 13:00 - 2014-02-08 13:03 - 00000000 ____D () C:\AdwCleaner
2014-02-08 12:59 - 2014-02-08 13:00 - 01166132 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-08 11:46 - 2014-02-08 11:46 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 11:46 - 2014-02-08 11:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 11:46 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 11:45 - 2014-02-08 11:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-06 23:33 - 2014-02-06 23:33 - 00000000 ____D () C:\Users\*****\AppData\Local\Sophos
2014-02-06 23:26 - 2014-02-09 13:40 - 00000000 ____D () C:\Users\*****\Desktop\Logfiles
2014-02-06 22:17 - 2014-02-06 22:17 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-02-06 22:07 - 2014-02-09 14:50 - 00000000 ____D () C:\FRST
2014-02-06 22:06 - 2014-02-09 14:02 - 01137664 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-06 22:01 - 2014-02-06 22:02 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 21:59 - 2014-02-06 22:01 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-05 21:56 - 2014-02-06 09:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-01 17:36 - 2014-02-01 17:36 - 00000000 _____ () C:\Users\*****\Desktop\Neue Bitmap.bmp
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-22 10:20 - 2014-01-22 10:21 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:37 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 19:37 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 19:37 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 10:29 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 10:28 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:28 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 10:28 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 10:27 - 2014-01-16 10:28 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon

==================== One Month Modified Files and Folders =======

2014-02-09 14:51 - 2014-02-08 13:22 - 00014663 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-09 14:50 - 2014-02-06 22:07 - 00000000 ____D () C:\FRST
2014-02-09 14:02 - 2014-02-09 14:02 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-02-09 14:02 - 2014-02-06 22:06 - 01137664 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-09 13:42 - 2014-02-09 13:42 - 00987425 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-02-09 13:40 - 2014-02-06 23:26 - 00000000 ____D () C:\Users\*****\Desktop\Logfiles
2014-02-09 12:25 - 2010-03-05 23:07 - 01347798 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 10:13 - 2010-03-05 23:15 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 10:10 - 2014-02-09 10:10 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2014-02-09 08:34 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 08:34 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 08:31 - 2012-04-04 12:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-09 08:31 - 2011-05-15 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-09 08:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 08:27 - 2009-07-14 05:39 - 00255841 _____ () C:\Windows\setupact.log
2014-02-08 22:31 - 2013-11-05 23:40 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-02-08 20:22 - 2010-03-06 13:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.purple
2014-02-08 13:13 - 2014-02-08 13:13 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:09 - 2014-02-08 13:09 - 01037530 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-08 13:03 - 2014-02-08 13:00 - 00000000 ____D () C:\AdwCleaner
2014-02-08 13:03 - 2010-05-28 21:33 - 00000000 ____D () C:\Users\*****\AppData\Roaming\CheckPoint
2014-02-08 13:00 - 2014-02-08 12:59 - 01166132 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-08 12:20 - 2010-03-05 23:27 - 00258344 _____ () C:\Windows\PFRO.log
2014-02-08 11:46 - 2014-02-08 11:46 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 11:46 - 2014-02-08 11:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 11:45 - 2014-02-08 11:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-08 03:00 - 2010-11-05 09:34 - 00000392 _____ () C:\Windows\Tasks\At1.job
2014-02-07 23:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-07 20:46 - 2009-07-27 16:48 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-07 20:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-06 23:33 - 2014-02-06 23:33 - 00000000 ____D () C:\Users\*****\AppData\Local\Sophos
2014-02-06 22:17 - 2014-02-06 22:17 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-02-06 22:04 - 2012-10-03 13:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-06 22:02 - 2014-02-06 22:01 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 22:01 - 2014-02-06 21:59 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-06 22:01 - 2010-03-05 23:14 - 00000000 ____D () C:\Users\*****
2014-02-06 19:50 - 2010-03-08 15:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-02-06 09:34 - 2014-02-05 21:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-01 17:36 - 2014-02-01 17:36 - 00000000 _____ () C:\Users\*****\Desktop\Neue Bitmap.bmp
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-26 11:12 - 2010-03-06 14:11 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-01-22 10:21 - 2014-01-22 10:20 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:46 - 2009-07-14 05:33 - 00419608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 19:42 - 2013-07-13 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 19:38 - 2010-03-06 00:13 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 17:32 - 2012-12-22 21:08 - 00000695 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2014-01-16 10:29 - 2013-10-24 11:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 10:28 - 2014-01-16 10:27 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 10:28 - 2013-03-04 23:43 - 00000000 ____D () C:\Program Files\Java
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon
2014-01-10 08:37 - 2012-09-30 19:14 - 00007600 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 00:57

==================== End Of Log ============================
         
--- --- ---

Alt 10.02.2014, 10:05   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



kurz Dienste checken

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.02.2014, 13:16   #10
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Code:
ATTFilter
Farbar Service Scanner Version: 02-02-2014
Ran by ***** (administrator) on 10-02-2014 at 13:10:25
Running from "C:\Users\******\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-09 18:14] - [2013-09-14 01:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-09 18:14] - [2013-09-08 03:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 16:35] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-12 18:35] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

Geändert von YackVander (10.02.2014 um 13:16 Uhr) Grund: *****

Alt 11.02.2014, 09:07   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.



Frisches FSS und FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.02.2014, 15:11   #12
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



gesagt, getan!

Code:
ATTFilter
Farbar Service Scanner Version: 02-02-2014
Ran by ***** (administrator) on 11-02-2014 at 15:02:52
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-09 18:14] - [2013-09-14 01:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-09 18:14] - [2013-09-08 03:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 16:35] - [2013-07-09 05:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-12 18:35] - [2013-05-27 05:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by ***** (administrator) on *****-PC on 11-02-2014 15:04:44
Running from C:\Users\*****\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7719456 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [929272 2013-11-13] (Sophos Limited)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2267090253-4006930157-440547460-1000\...\MountPoints2: {e753da95-0dc7-11e0-aaba-0013779f5544} - G:\RunGame.exe
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2013-11-13] (Sophos Limited)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31DD733B010CCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKCU - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} -  No File
URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 51 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 137.248.1.5 137.248.21.22 137.248.1.8

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default
FF Homepage: hxxp://www.tagessschau.de
FF Keyword.URL: hxxp://www.google.com/search?q=
FF NetworkProxy: "ftp", "77.175.84.246"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "77.175.84.246"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "77.175.84.246"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @cambridgesoft.com/Chem3D,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin: @cambridgesoft.com/ChemDraw,version=11.0 - C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\searchplugins\*****ramalpha.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\nostmp [2011-04-19]
FF Extension: Grooveshark Unlocker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-12-04]
FF Extension: Stealthy - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-20]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-06-24]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Always on Top - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\vo6705k9.default\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2011-05-27]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-09-25]

========================== Services (Whitelisted) =================

S4 bfs; C:\Bruker\Diskless\WinApp\bfsd.exe [111104 2008-11-28] ()
S4 bootparam; C:\Bruker\Diskless\WinApp\rpc.bootparamd.exe [24064 2004-03-04] ()
S4 Bruker Dhcp Server; C:\Bruker\Diskless\tftpboot\dhcpd.exe [530944 2009-10-30] ()
S4 Bruker FLEXlm License Server; C:\flexlm\Bruker\srvany.exe [13312 1996-08-30] ()
S4 Bruker tftpd32; C:\Bruker\Diskless\tftpboot\tftpd.exe [138752 2009-10-30] ()
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-11-13] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-11-13] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [237048 2013-11-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-10-09] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-11-13] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1471992 2013-11-13] (Sophos Limited)
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-06-19] (Cisco Systems, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108480 2010-07-22] (SlySoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-12-28] ()
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2010-01-01] (Elaborate Bytes AG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-12-28] ()
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [132424 2013-11-13] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2013-10-09] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33096 2013-11-13] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2013-10-09] (Sophos Plc)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2010-03-28] (Duplex Secure Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-06-19] (Cisco Systems, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 StarOpen; No ImagePath
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [48384 2012-03-15] (SEIKO EPSON CORPORATION)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 15:04 - 2014-02-11 15:04 - 00014758 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-11 14:12 - 2014-02-11 14:12 - 00003424 ____N () C:\bootsqm.dat
2014-02-11 14:03 - 2014-02-11 14:03 - 02903255 _____ () C:\Users\*****\Desktop\tweaking.com_windows_repair_aio.zip
2014-02-11 14:03 - 2014-02-11 14:03 - 00000000 ____D () C:\Users\*****\Desktop\tweaking.com_windows_repair_aio
2014-02-10 13:10 - 2014-02-11 15:02 - 00002480 _____ () C:\Users\*****\Desktop\FSS.txt
2014-02-10 13:09 - 2014-02-10 13:09 - 00453632 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2014-02-09 16:58 - 2014-02-09 16:58 - 01059840 _____ () C:\Users\*****\Desktop\MicrosoftFixit50981(2).msi
2014-02-09 16:57 - 2014-02-09 16:57 - 01059840 _____ () C:\Users\*****\Desktop\MicrosoftFixit50981(1).msi
2014-02-09 16:56 - 2014-02-09 16:56 - 01059840 _____ () C:\Users\*****\Desktop\MicrosoftFixit50981.msi
2014-02-09 14:02 - 2014-02-11 15:04 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-02-09 13:42 - 2014-02-09 13:42 - 00987425 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-02-09 10:10 - 2014-02-09 10:10 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2014-02-08 13:13 - 2014-02-08 13:13 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:09 - 2014-02-08 13:09 - 01037530 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-08 13:00 - 2014-02-08 13:03 - 00000000 ____D () C:\AdwCleaner
2014-02-08 12:59 - 2014-02-08 13:00 - 01166132 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-08 11:46 - 2014-02-08 11:46 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 11:46 - 2014-02-08 11:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 11:46 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 11:45 - 2014-02-08 11:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-06 23:33 - 2014-02-06 23:33 - 00000000 ____D () C:\Users\*****\AppData\Local\Sophos
2014-02-06 23:26 - 2014-02-11 15:03 - 00000000 ____D () C:\Users\*****\Desktop\Logfiles
2014-02-06 22:17 - 2014-02-06 22:17 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-02-06 22:07 - 2014-02-11 15:04 - 00000000 ____D () C:\FRST
2014-02-06 22:06 - 2014-02-11 15:04 - 01139712 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-06 22:01 - 2014-02-06 22:02 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 21:59 - 2014-02-06 22:01 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-05 21:56 - 2014-02-06 09:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-22 10:20 - 2014-01-22 10:21 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:37 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-18 19:37 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-18 19:37 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-18 19:37 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 10:29 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 10:28 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:28 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 10:28 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 10:27 - 2014-01-16 10:28 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon

==================== One Month Modified Files and Folders =======

2014-02-11 15:05 - 2014-02-11 15:04 - 00014758 _____ () C:\Users\*****\Desktop\FRST.txt
2014-02-11 15:04 - 2014-02-09 14:02 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-02-11 15:04 - 2014-02-06 22:07 - 00000000 ____D () C:\FRST
2014-02-11 15:04 - 2014-02-06 22:06 - 01139712 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-02-11 15:03 - 2014-02-06 23:26 - 00000000 ____D () C:\Users\*****\Desktop\Logfiles
2014-02-11 15:02 - 2014-02-10 13:10 - 00002480 _____ () C:\Users\*****\Desktop\FSS.txt
2014-02-11 15:00 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 15:00 - 2009-07-14 05:34 - 00016384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 14:59 - 2010-03-05 23:15 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 14:54 - 2010-03-05 23:27 - 00259478 _____ () C:\Windows\PFRO.log
2014-02-11 14:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 14:54 - 2009-07-14 05:39 - 00256177 _____ () C:\Windows\setupact.log
2014-02-11 14:53 - 2010-03-05 23:07 - 01393294 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 14:12 - 2014-02-11 14:12 - 00003424 ____N () C:\bootsqm.dat
2014-02-11 14:03 - 2014-02-11 14:03 - 02903255 _____ () C:\Users\*****\Desktop\tweaking.com_windows_repair_aio.zip
2014-02-11 14:03 - 2014-02-11 14:03 - 00000000 ____D () C:\Users\*****\Desktop\tweaking.com_windows_repair_aio
2014-02-10 18:30 - 2010-03-08 15:09 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-02-10 13:09 - 2014-02-10 13:09 - 00453632 _____ (Farbar) C:\Users\*****\Desktop\FSS.exe
2014-02-09 22:59 - 2010-03-06 13:05 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.purple
2014-02-09 16:58 - 2014-02-09 16:58 - 01059840 _____ () C:\Users\*****\Desktop\MicrosoftFixit50981(2).msi
2014-02-09 16:57 - 2014-02-09 16:57 - 01059840 _____ () C:\Users\*****\Desktop\MicrosoftFixit50981(1).msi
2014-02-09 16:56 - 2014-02-09 16:56 - 01059840 _____ () C:\Users\*****\Desktop\MicrosoftFixit50981.msi
2014-02-09 13:42 - 2014-02-09 13:42 - 00987425 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-02-09 10:10 - 2014-02-09 10:10 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_enu.exe
2014-02-09 08:31 - 2012-04-04 12:20 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-09 08:31 - 2011-05-15 21:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-08 22:31 - 2013-11-05 23:40 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-02-08 13:13 - 2014-02-08 13:13 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 13:09 - 2014-02-08 13:09 - 01037530 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-02-08 13:03 - 2014-02-08 13:00 - 00000000 ____D () C:\AdwCleaner
2014-02-08 13:03 - 2010-05-28 21:33 - 00000000 ____D () C:\Users\*****\AppData\Roaming\CheckPoint
2014-02-08 13:00 - 2014-02-08 12:59 - 01166132 _____ () C:\Users\*****\Desktop\adwcleaner.exe
2014-02-08 11:46 - 2014-02-08 11:46 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 11:46 - 2014-02-08 11:46 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 11:45 - 2014-02-08 11:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\*****\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-08 03:00 - 2010-11-05 09:34 - 00000392 _____ () C:\Windows\Tasks\At1.job
2014-02-07 23:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-02-07 20:46 - 2009-07-27 16:48 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-02-07 20:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-02-06 23:33 - 2014-02-06 23:33 - 00000000 ____D () C:\Users\*****\AppData\Local\Sophos
2014-02-06 22:17 - 2014-02-06 22:17 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-02-06 22:04 - 2012-10-03 13:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-06 22:02 - 2014-02-06 22:01 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-02-06 22:01 - 2014-02-06 21:59 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-02-06 22:01 - 2010-03-05 23:14 - 00000000 ____D () C:\Users\*****
2014-02-06 09:34 - 2014-02-05 21:56 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-01-27 01:04 - 2014-01-27 01:04 - 00143276 ____H () C:\Windows\system32\mlfcache.dat
2014-01-26 11:12 - 2010-03-06 14:11 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-01-22 10:21 - 2014-01-22 10:20 - 00000000 ____D () C:\Users\*****\Desktop\knf bilder pumpe
2014-01-18 19:46 - 2009-07-14 05:33 - 00419608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-18 19:42 - 2013-07-13 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 19:38 - 2010-03-06 00:13 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-18 17:32 - 2012-12-22 21:08 - 00000695 _____ () C:\Users\*****\AppData\Roaming\burnaware.ini
2014-01-16 10:29 - 2013-10-24 11:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 10:28 - 2014-01-16 10:27 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 10:28 - 2013-03-04 23:43 - 00000000 ____D () C:\Program Files\Java
2014-01-15 09:11 - 2014-01-15 09:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\ChemAxon

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 00:57

==================== End Of Log ============================
         
--- --- ---

Alt 12.02.2014, 17:34   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.02.2014, 09:51   #14
YackVander
 
Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



so schrauber! vielen, vielen dank für deine mühe und zeit! ist nicht selbstverständlich und ich habe auch einiges gelernt!

eine frage hätte ich dennoch! kann man sagen, ob irgendetwas schadhaftes meinen laptop befallen hatte, oder bestanden einfach sicherheitslücken meinerseits, die wir jetzt gemeinsam behoben haben?

beste grüße

Alt 14.02.2014, 10:42   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Standard

Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet



Wir haben schon einiges an Adware entfernt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet
amazon, anleitung, backlink, code, content, ebenfalls, einfach, einträge, firefox, gmer, hosts, iphone 5s, kurze, links, logfiles, perfekte, phishing, probleme, sache, sachen, schonmal, schöne, schönen, seite, seiten, spammail, thunderbird, umleitung, weitergeleitet, worte



Ähnliche Themen: Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet


  1. Phishing Mail Amazon geöffnet und Link "gedrückt", dadurch schädliche Software eingefangen?
    Log-Analyse und Auswertung - 15.07.2015 (5)
  2. Phishing Mail unter Android angeklickt und ZIP-Datei geöffnet / XPERIA Z1
    Smartphone, Tablet & Handy Security - 03.06.2015 (1)
  3. DHL Phishing Mail - Link angeklickt - ZIP-Datei NICHT geöffnet / gelöscht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (8)
  4. Phishing Mail DHL Link angeklickt
    Log-Analyse und Auswertung - 26.03.2015 (13)
  5. DHL Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (7)
  6. Amazon Phishing Link angeklickt...
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (6)
  7. Phishing-Mail-Link angeklickt (Paypal-Phishing-Mail)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2014 (9)
  8. Amazon-Phishing Mail-Anhang .rtf geöffnet
    Log-Analyse und Auswertung - 18.11.2014 (15)
  9. Phishing-Mail von amazon
    Plagegeister aller Art und deren Bekämpfung - 04.10.2014 (5)
  10. Amazon Phishing Mail Link angeklickt
    Plagegeister aller Art und deren Bekämpfung - 24.06.2014 (11)
  11. WINDOWS 7: Phishing-Mail von Bank angeklickt
    Log-Analyse und Auswertung - 12.06.2014 (9)
  12. Amazon Spam Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (7)
  13. Phishing Mail von Amazon geöffnet!!!
    Log-Analyse und Auswertung - 07.04.2014 (9)
  14. Phishing-Mail von Amazon geöffnet
    Plagegeister aller Art und deren Bekämpfung - 08.03.2014 (5)
  15. Windows 7: Amazon Phishing-Mail Link angeklickt
    Log-Analyse und Auswertung - 16.02.2014 (11)
  16. Phishing Mail von WoW Link angeklickt!
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (4)
  17. Phishing/Spam email geöffnet und angeklickt
    Überwachung, Datenschutz und Spam - 05.10.2010 (1)

Zum Thema Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet - Hey verehrte TB-Gemeinde! Ich warte seit langem auf einen Artikel von Amazon. Wie dem auch sei, ohne mir ordentlich den Briefkopf anzuschauen habe ich die perfekte Amazon-Mail einfach angeklickt (perfekt - Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet...
Archiv
Du betrachtest: Spam/Phishing-Mail von Amazon in Thunderbird angeklickt und in Firefox geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.