| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java String Helper Add on versucht sich zu InstalierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.12.2011, 15:58
| #1 |
  |  Java String Helper Add on versucht sich zu Instalieren Hallo Liebe Trojaner Board Community Heute Morgen als ich mit dem Laptop über Mozilla meinen Stundenplan abrufen wollte.Wollte sich ein Addon mit dem Namen Java String Helper installieren worauf ich Mozilla sofort geschlossen habe weil es mir etwas spanisch vorkam.Habe nun einen Scan mit Malwarebytes vollzogen folgendes kam raus. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8363
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
13.12.2011 15:50:00
mbam-log-2011-12-13 (15-50-00).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 370275
Laufzeit: 1 Stunde(n), 3 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Games\minecraft\Extras\minecraft v1.2.3 +10 trainer.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
c:\Games\minecraft\Extras\minecraft v1.2.6 +10 trainer.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-944853165-136188656-2076384330-1007\Dc1\minecraft\Extras\minecraft v1.2.3 +10 trainer.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-944853165-136188656-2076384330-1007\Dc1\minecraft\Extras\minecraft v1.2.6 +10 trainer.exe (HackTool.GamesCheat.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\components\acroiehelpe.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Quarantined and deleted successfully.
OTL Log Folgt Geändert von Ryko (13.12.2011 um 16:12 Uhr) |
|
13.12.2011, 18:21
| #2 |
  | Java String Helper Add on versucht sich zu Instalieren Hi,
__________________gut reagiert...
 Code:
ATTFilter :OTL
[2011.12.12 21:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\components
[2011.12.12 21:55:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5056
[2011.12.12 21:55:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
Dateien Online überprüfen lassen:
Code:
ATTFilter C:\WINDOWS\System32\appconf32.exe
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ |
|
13.12.2011, 18:35
| #3 |
| | Java String Helper Add on versucht sich zu Instalieren Ich denke das ist der richtige otl log hat sich nämlich beim rebooten geöfnet
__________________Code:
ATTFilter All processes killed
========== OTL ==========
C:\WINDOWS\System32\components folder moved successfully.
C:\WINDOWS\System32\5056\components folder moved successfully.
C:\WINDOWS\System32\5056 folder moved successfully.
C:\WINDOWS\System32\kock folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Micha & Ingrid
->Temp folder emptied: 92613226 bytes
->Temporary Internet Files folder emptied: 349624409 bytes
->Java cache emptied: 174775 bytes
->FireFox cache emptied: 101831153 bytes
->Flash cache emptied: 6709 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: R2D2
->Temp folder emptied: 2521754965 bytes
->Temporary Internet Files folder emptied: 150770991 bytes
->Java cache emptied: 7236172 bytes
->FireFox cache emptied: 108896776 bytes
->Flash cache emptied: 3155609 bytes
User: Rico
->Temp folder emptied: 78751526 bytes
->Temporary Internet Files folder emptied: 39516781 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52623365 bytes
->Flash cache emptied: 14211 bytes
User: Svenja
->Temp folder emptied: 26441251 bytes
->Temporary Internet Files folder emptied: 51216990 bytes
->Java cache emptied: 10624880 bytes
->FireFox cache emptied: 99533805 bytes
->Flash cache emptied: 17420 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4339591 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 749552295 bytes
RecycleBin emptied: 698841917 bytes
Total Files Cleaned = 4.909,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: Micha & Ingrid
->Flash cache emptied: 0 bytes
User: NetworkService
User: R2D2
->Flash cache emptied: 456 bytes
User: Rico
->Flash cache emptied: 0 bytes
User: Svenja
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12132011_182603
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Geändert von Ryko (13.12.2011 um 18:41 Uhr) |
|
13.12.2011, 18:40
| #4 |
| | Java String Helper Add on versucht sich zu Instalieren TDSS Killer Log Code:
ATTFilter 18:37:58.0109 2436 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:37:58.0234 2436 ============================================================
18:37:58.0234 2436 Current date / time: 2011/12/13 18:37:58.0234
18:37:58.0234 2436 SystemInfo:
18:37:58.0234 2436
18:37:58.0234 2436 OS Version: 5.1.2600 ServicePack: 3.0
18:37:58.0234 2436 Product type: Workstation
18:37:58.0234 2436 ComputerName: SVENJAUNDRICO
18:37:58.0234 2436 UserName: R2D2
18:37:58.0234 2436 Windows directory: C:\WINDOWS
18:37:58.0234 2436 System windows directory: C:\WINDOWS
18:37:58.0234 2436 Processor architecture: Intel x86
18:37:58.0234 2436 Number of processors: 2
18:37:58.0234 2436 Page size: 0x1000
18:37:58.0234 2436 Boot type: Normal boot
18:37:58.0234 2436 ============================================================
18:37:59.0890 2436 Initialize success
18:38:09.0531 3656 ============================================================
18:38:09.0531 3656 Scan started
18:38:09.0531 3656 Mode: Manual;
18:38:09.0531 3656 ============================================================
18:38:10.0203 3656 Abiosdsk - ok
18:38:10.0218 3656 abp480n5 - ok
18:38:10.0281 3656 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:38:10.0281 3656 ACPI - ok
18:38:10.0359 3656 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:38:10.0359 3656 ACPIEC - ok
18:38:10.0390 3656 adpu160m - ok
18:38:10.0437 3656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:38:10.0437 3656 aec - ok
18:38:10.0500 3656 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:38:10.0500 3656 AFD - ok
18:38:10.0609 3656 Aha154x - ok
18:38:10.0625 3656 aic78u2 - ok
18:38:10.0640 3656 aic78xx - ok
18:38:10.0671 3656 AliIde - ok
18:38:10.0687 3656 amsint - ok
18:38:10.0765 3656 AR5416 (2774b0607acdad6e76f577ac85fa077d) C:\WINDOWS\system32\DRIVERS\athw.sys
18:38:10.0796 3656 AR5416 - ok
18:38:10.0890 3656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:38:10.0890 3656 Arp1394 - ok
18:38:10.0906 3656 asc - ok
18:38:10.0921 3656 asc3350p - ok
18:38:10.0937 3656 asc3550 - ok
18:38:10.0984 3656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:38:10.0984 3656 AsyncMac - ok
18:38:11.0078 3656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:38:11.0078 3656 atapi - ok
18:38:11.0093 3656 Atdisk - ok
18:38:11.0125 3656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:38:11.0125 3656 Atmarpc - ok
18:38:11.0218 3656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:38:11.0218 3656 audstub - ok
18:38:11.0265 3656 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS
18:38:11.0265 3656 AWINDIS5 - ok
18:38:11.0312 3656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:38:11.0312 3656 Beep - ok
18:38:11.0437 3656 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
18:38:11.0453 3656 btaudio - ok
18:38:11.0546 3656 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
18:38:11.0546 3656 BTDriver - ok
18:38:11.0640 3656 BTKRNL (49fd2960c0c5fe06dedf9560ad4c9547) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
18:38:11.0656 3656 BTKRNL - ok
18:38:11.0734 3656 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
18:38:11.0750 3656 BTWDNDIS - ok
18:38:11.0781 3656 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
18:38:11.0781 3656 btwhid - ok
18:38:11.0859 3656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:38:11.0859 3656 cbidf2k - ok
18:38:11.0875 3656 cd20xrnt - ok
18:38:11.0921 3656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:38:11.0921 3656 Cdaudio - ok
18:38:12.0015 3656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:38:12.0015 3656 Cdfs - ok
18:38:12.0046 3656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:38:12.0046 3656 Cdrom - ok
18:38:12.0078 3656 Changer - ok
18:38:12.0171 3656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:38:12.0171 3656 CmBatt - ok
18:38:12.0187 3656 CmdIde - ok
18:38:12.0250 3656 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:38:12.0250 3656 Compbatt - ok
18:38:12.0281 3656 Cpqarray - ok
18:38:12.0328 3656 dac2w2k - ok
18:38:12.0343 3656 dac960nt - ok
18:38:12.0390 3656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:38:12.0390 3656 Disk - ok
18:38:12.0468 3656 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
18:38:12.0500 3656 dmboot - ok
18:38:12.0546 3656 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
18:38:12.0546 3656 DMICall - ok
18:38:12.0640 3656 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
18:38:12.0640 3656 dmio - ok
18:38:12.0687 3656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:38:12.0687 3656 dmload - ok
18:38:12.0718 3656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:38:12.0718 3656 DMusic - ok
18:38:12.0781 3656 dpti2o - ok
18:38:12.0843 3656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:38:12.0843 3656 drmkaud - ok
18:38:12.0906 3656 e1yexpress (96967facc0307093b9098f817a4409e6) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
18:38:12.0906 3656 e1yexpress - ok
18:38:12.0968 3656 EagleXNt - ok
18:38:13.0140 3656 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Programme\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
18:38:13.0156 3656 F-Secure Gatekeeper - ok
18:38:13.0203 3656 F-Secure HIPS (dc0720248dc4d1f303df94ccc3adff96) C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys
18:38:13.0203 3656 F-Secure HIPS - ok
18:38:13.0312 3656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:38:13.0312 3656 Fastfat - ok
18:38:13.0343 3656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:38:13.0359 3656 Fdc - ok
18:38:13.0453 3656 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
18:38:13.0453 3656 Fips - ok
18:38:13.0468 3656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:38:13.0468 3656 Flpydisk - ok
18:38:13.0500 3656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:38:13.0515 3656 FltMgr - ok
18:38:13.0609 3656 fsbts (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
18:38:13.0609 3656 fsbts - ok
18:38:13.0687 3656 FSFW (fe5918f5c839f7bbf74fb91743dd4262) C:\WINDOWS\system32\drivers\fsdfw.sys
18:38:13.0687 3656 FSFW - ok
18:38:13.0765 3656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:38:13.0765 3656 Fs_Rec - ok
18:38:13.0812 3656 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:38:13.0812 3656 Ftdisk - ok
18:38:13.0921 3656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:38:13.0921 3656 Gpc - ok
18:38:13.0953 3656 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:38:13.0953 3656 hamachi - ok
18:38:14.0046 3656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:38:14.0046 3656 HDAudBus - ok
18:38:14.0093 3656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:38:14.0093 3656 HidUsb - ok
18:38:14.0171 3656 hpn - ok
18:38:14.0218 3656 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:38:14.0218 3656 HSFHWAZL - ok
18:38:14.0312 3656 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:38:14.0328 3656 HSF_DPV - ok
18:38:14.0421 3656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:38:14.0421 3656 HTTP - ok
18:38:14.0437 3656 i2omgmt - ok
18:38:14.0453 3656 i2omp - ok
18:38:14.0500 3656 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:38:14.0500 3656 i8042prt - ok
18:38:14.0812 3656 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:38:14.0984 3656 ialm - ok
18:38:15.0109 3656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:38:15.0109 3656 Imapi - ok
18:38:15.0125 3656 ini910u - ok
18:38:15.0312 3656 IntcAzAudAddService (6708cfa52d71374371f61435845f3c9b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:38:15.0390 3656 IntcAzAudAddService - ok
18:38:15.0515 3656 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:38:15.0531 3656 IntelIde - ok
18:38:15.0593 3656 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:38:15.0593 3656 intelppm - ok
18:38:15.0609 3656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:38:15.0625 3656 Ip6Fw - ok
18:38:15.0671 3656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:38:15.0671 3656 IpFilterDriver - ok
18:38:15.0750 3656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:38:15.0750 3656 IpInIp - ok
18:38:15.0781 3656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:38:15.0781 3656 IpNat - ok
18:38:15.0796 3656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:38:15.0796 3656 IPSec - ok
18:38:15.0843 3656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:38:15.0843 3656 IRENUM - ok
18:38:15.0921 3656 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:38:15.0921 3656 isapnp - ok
18:38:15.0953 3656 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:38:15.0953 3656 Kbdclass - ok
18:38:16.0000 3656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:38:16.0015 3656 kmixer - ok
18:38:16.0078 3656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:38:16.0078 3656 KSecDD - ok
18:38:16.0125 3656 lbrtfdc - ok
18:38:16.0218 3656 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
18:38:16.0218 3656 massfilter - ok
18:38:16.0250 3656 MBAMSwissArmy - ok
18:38:16.0281 3656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:38:16.0281 3656 mdmxsdk - ok
18:38:16.0359 3656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:38:16.0359 3656 mnmdd - ok
18:38:16.0421 3656 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:38:16.0437 3656 Modem - ok
18:38:16.0453 3656 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:38:16.0453 3656 Mouclass - ok
18:38:16.0515 3656 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:38:16.0515 3656 mouhid - ok
18:38:16.0546 3656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:38:16.0546 3656 MountMgr - ok
18:38:16.0578 3656 mraid35x - ok
18:38:16.0640 3656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:38:16.0640 3656 MRxDAV - ok
18:38:16.0703 3656 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:38:16.0703 3656 MRxSmb - ok
18:38:16.0796 3656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:38:16.0796 3656 Msfs - ok
18:38:16.0828 3656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:38:16.0828 3656 MSKSSRV - ok
18:38:16.0859 3656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:38:16.0859 3656 MSPCLOCK - ok
18:38:16.0875 3656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:38:16.0875 3656 MSPQM - ok
18:38:17.0000 3656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:38:17.0000 3656 mssmbios - ok
18:38:17.0046 3656 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:38:17.0062 3656 Mup - ok
18:38:17.0140 3656 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\WINDOWS\system32\DRIVERS\NBVol.sys
18:38:17.0140 3656 NBVol - ok
18:38:17.0156 3656 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
18:38:17.0156 3656 NBVolUp - ok
18:38:17.0203 3656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:38:17.0203 3656 NDIS - ok
18:38:17.0296 3656 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:38:17.0296 3656 NdisTapi - ok
18:38:17.0343 3656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:38:17.0343 3656 Ndisuio - ok
18:38:17.0359 3656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:38:17.0359 3656 NdisWan - ok
18:38:17.0453 3656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:38:17.0453 3656 NDProxy - ok
18:38:17.0546 3656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:38:17.0562 3656 NetBIOS - ok
18:38:17.0593 3656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:38:17.0593 3656 NetBT - ok
18:38:17.0656 3656 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:38:17.0656 3656 NIC1394 - ok
18:38:17.0781 3656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:38:17.0781 3656 Npfs - ok
18:38:17.0796 3656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:38:17.0812 3656 Ntfs - ok
18:38:17.0968 3656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:38:17.0968 3656 Null - ok
18:38:18.0015 3656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:38:18.0015 3656 NwlnkFlt - ok
18:38:18.0093 3656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:38:18.0093 3656 NwlnkFwd - ok
18:38:18.0125 3656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:38:18.0125 3656 ohci1394 - ok
18:38:18.0234 3656 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
18:38:18.0234 3656 Parport - ok
18:38:18.0281 3656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:38:18.0281 3656 PartMgr - ok
18:38:18.0312 3656 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:38:18.0312 3656 ParVdm - ok
18:38:18.0406 3656 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:38:18.0406 3656 PCI - ok
18:38:18.0421 3656 PCIDump - ok
18:38:18.0468 3656 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:38:18.0468 3656 PCIIde - ok
18:38:18.0500 3656 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:38:18.0500 3656 Pcmcia - ok
18:38:18.0609 3656 PDCOMP - ok
18:38:18.0625 3656 PDFRAME - ok
18:38:18.0640 3656 PDRELI - ok
18:38:18.0671 3656 PDRFRAME - ok
18:38:18.0687 3656 perc2 - ok
18:38:18.0703 3656 perc2hib - ok
18:38:18.0734 3656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:38:18.0734 3656 PptpMiniport - ok
18:38:18.0828 3656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:38:18.0828 3656 PSched - ok
18:38:18.0875 3656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:38:18.0875 3656 Ptilink - ok
18:38:18.0921 3656 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:38:18.0921 3656 PxHelp20 - ok
18:38:18.0984 3656 ql1080 - ok
18:38:19.0000 3656 Ql10wnt - ok
18:38:19.0015 3656 ql12160 - ok
18:38:19.0031 3656 ql1240 - ok
18:38:19.0046 3656 ql1280 - ok
18:38:19.0109 3656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:38:19.0109 3656 RasAcd - ok
18:38:19.0218 3656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:38:19.0218 3656 Rasl2tp - ok
18:38:19.0234 3656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:38:19.0234 3656 RasPppoe - ok
18:38:19.0281 3656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:38:19.0281 3656 Raspti - ok
18:38:19.0390 3656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:38:19.0406 3656 Rdbss - ok
18:38:19.0453 3656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:38:19.0453 3656 RDPCDD - ok
18:38:19.0578 3656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:38:19.0593 3656 rdpdr - ok
18:38:19.0656 3656 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:38:19.0656 3656 RDPWD - ok
18:38:19.0828 3656 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:38:19.0843 3656 redbook - ok
18:38:19.0921 3656 rimsptsk (f2993908be03181c781228daadc55230) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
18:38:19.0921 3656 rimsptsk - ok
18:38:19.0984 3656 risdptsk (5ac9f12ecd96ff7ea52881fced254191) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
18:38:19.0984 3656 risdptsk - ok
18:38:20.0046 3656 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:38:20.0046 3656 sdbus - ok
18:38:20.0109 3656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:38:20.0109 3656 Secdrv - ok
18:38:20.0187 3656 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
18:38:20.0187 3656 Serial - ok
18:38:20.0296 3656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:38:20.0296 3656 Sfloppy - ok
18:38:20.0359 3656 Simbad - ok
18:38:20.0421 3656 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\DRIVERS\SonyNC.sys
18:38:20.0421 3656 SNC - ok
18:38:20.0453 3656 Sparrow - ok
18:38:20.0515 3656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:38:20.0515 3656 splitter - ok
18:38:20.0593 3656 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
18:38:20.0593 3656 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:38:20.0593 3656 sptd ( LockedFile.Multi.Generic ) - warning
18:38:20.0593 3656 sptd - detected LockedFile.Multi.Generic (1)
18:38:20.0718 3656 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:38:20.0718 3656 sr - ok
18:38:20.0781 3656 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:38:20.0781 3656 Srv - ok
18:38:20.0890 3656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:38:20.0890 3656 swenum - ok
18:38:20.0906 3656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:38:20.0921 3656 swmidi - ok
18:38:20.0937 3656 symc810 - ok
18:38:20.0953 3656 symc8xx - ok
18:38:20.0968 3656 sym_hi - ok
18:38:20.0984 3656 sym_u3 - ok
18:38:21.0046 3656 SynTP (3108828e2c4cb40a88cbb92d33cd47bb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:38:21.0046 3656 SynTP - ok
18:38:21.0140 3656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:38:21.0140 3656 sysaudio - ok
18:38:21.0203 3656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:38:21.0218 3656 Tcpip - ok
18:38:21.0296 3656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:38:21.0296 3656 TDPIPE - ok
18:38:21.0328 3656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:38:21.0328 3656 TDTCP - ok
18:38:21.0359 3656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:38:21.0359 3656 TermDD - ok
18:38:21.0437 3656 TosIde - ok
18:38:21.0500 3656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:38:21.0500 3656 Udfs - ok
18:38:21.0562 3656 UIUSys - ok
18:38:21.0578 3656 ultra - ok
18:38:21.0640 3656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:38:21.0640 3656 Update - ok
18:38:21.0750 3656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:38:21.0750 3656 usbccgp - ok
18:38:21.0796 3656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:38:21.0796 3656 usbehci - ok
18:38:21.0890 3656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:38:21.0890 3656 usbhub - ok
18:38:21.0921 3656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:38:21.0921 3656 USBSTOR - ok
18:38:21.0953 3656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:38:21.0953 3656 usbuhci - ok
18:38:22.0046 3656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:38:22.0062 3656 VgaSave - ok
18:38:22.0062 3656 ViaIde - ok
18:38:22.0093 3656 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:38:22.0093 3656 VolSnap - ok
18:38:22.0203 3656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:38:22.0218 3656 Wanarp - ok
18:38:22.0218 3656 WDICA - ok
18:38:22.0250 3656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:38:22.0250 3656 wdmaud - ok
18:38:22.0375 3656 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:38:22.0390 3656 winachsf - ok
18:38:22.0562 3656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:38:22.0562 3656 WudfPf - ok
18:38:22.0609 3656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:38:22.0609 3656 WudfRd - ok
18:38:22.0734 3656 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
18:38:22.0750 3656 ZTEusbmdm6k - ok
18:38:22.0765 3656 ZTEusbnet (9862f9d2ff50ae748ed42c022e6aac15) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
18:38:22.0765 3656 ZTEusbnet - ok
18:38:22.0796 3656 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
18:38:22.0796 3656 ZTEusbnmea - ok
18:38:22.0890 3656 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
18:38:22.0890 3656 ZTEusbser6k - ok
18:38:22.0906 3656 ZTEusbvoice (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
18:38:22.0921 3656 ZTEusbvoice - ok
18:38:22.0953 3656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:38:23.0125 3656 \Device\Harddisk0\DR0 - ok
18:38:23.0140 3656 Boot (0x1200) (d0ca57fcca5cd3145e29b27150815d69) \Device\Harddisk0\DR0\Partition0
18:38:23.0140 3656 \Device\Harddisk0\DR0\Partition0 - ok
18:38:23.0140 3656 ============================================================
18:38:23.0140 3656 Scan finished
18:38:23.0140 3656 ============================================================
18:38:23.0156 3504 Detected object count: 1
18:38:23.0156 3504 Actual detected object count: 1
18:39:27.0515 3504 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
18:39:27.0515 3504 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
|
|
13.12.2011, 20:54
| #5 |
| | Java String Helper Add on versucht sich zu Instalieren Hi, prüfen wir noch den Bootblock... (virustotal.com scheint tatsächlich "down" zu sein) MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
Will mal was probieren...
Code:
ATTFilter
:regfind
virustotal.com
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert. Prüfe ob auch die Seiten weiterer Antivirenhersteller geblockt werden: z.B. Kaspersky Lab: Anti-Virus, Internet Security, Mobile Security & Antiviren-Software und Services für Unternehmen Poste bitte ein neues OTL-Log... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
13.12.2011, 22:12
| #6 |
| | Java String Helper Add on versucht sich zu InstalierenCode:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 138):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9EB4000 spuc.sys
0xBA5AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB9E6D000 ACPI.sys
0xB9E5C000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xB9E3E000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9E1F000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9DF9000 dmio.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9DE1000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DC1000 fltmgr.sys
0xB9DAF000 sr.sys
0xBA118000 PxHelp20.sys
0xB9D98000 KSecDD.sys
0xB9D0B000 Ntfs.sys
0xB9CF9000 fsdfw.sys
0xB9CCC000 \WINDOWS\System32\drivers\NDIS.SYS
0xBA128000 NBVol.sys
0xBA5B0000 NBVolUp.sys
0xB9CB2000 Mup.sys
0xBA138000 fsbts.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9C72000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB8A19000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8A05000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB89C7000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xBA440000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB89A3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB897B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8839000 \SystemRoot\system32\DRIVERS\athw.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8828000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0xB880E000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xBA208000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA460000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB87DC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA488000 \SystemRoot\system32\DRIVERS\SonyNC.sys
0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB86EB000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA6F7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA238000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C49000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB86D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA498000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB86C3000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA288000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA340000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA378000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB8693000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8670000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8612000 \SystemRoot\system32\DRIVERS\update.sys
0xB8FF3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA380000 \SystemRoot\system32\DRIVERS\btport.sys
0xBA2E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA308000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA76A7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA7683000 \SystemRoot\system32\drivers\portcls.sys
0xB918D000 \SystemRoot\system32\drivers\drmk.sys
0xA764F000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA755D000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA74AA000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA388000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA74E000 \SystemRoot\System32\Drivers\Null.SYS
0xBA612000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3C0000 \SystemRoot\System32\drivers\vga.sys
0xBA616000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA61A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA7B8D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA7427000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA73CE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA73A6000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA7380000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB914D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA735E000 \SystemRoot\System32\drivers\afd.sys
0xB912D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB910D000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA726B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA71FB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA1C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA218000 \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys
0xBA762000 \SystemRoot\system32\DRIVERS\DMICall.sys
0xBA278000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA590000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA74A2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA71E3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA628000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA748E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA418000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA68C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF25B000 \SystemRoot\System32\igxpdx32.DLL
0xBF562000 \SystemRoot\System32\ATMFD.DLL
0xA70D7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6E36000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6FAB000 \SystemRoot\system32\drivers\sysaudio.sys
0xA6C23000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6F1F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA6AB3000 \SystemRoot\system32\DRIVERS\srv.sys
0xA64EB000 \??\C:\Programme\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
0xA640A000 \SystemRoot\System32\Drivers\HTTP.sys
0xA5BE9000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 49):
0 System Idle Process
4 System
820 C:\WINDOWS\system32\smss.exe
868 csrss.exe
892 C:\WINDOWS\system32\winlogon.exe
936 C:\WINDOWS\system32\services.exe
948 C:\WINDOWS\system32\lsass.exe
1120 C:\WINDOWS\system32\svchost.exe
1168 svchost.exe
1312 C:\WINDOWS\system32\svchost.exe
1364 svchost.exe
1516 svchost.exe
1780 C:\WINDOWS\system32\spoolsv.exe
280 C:\WINDOWS\explorer.exe
524 svchost.exe
628 C:\Programme\Sicherheitspaket\Anti-Virus\fsgk32st.exe
640 C:\Programme\Sicherheitspaket\Common\FSMA32.EXE
648 C:\Programme\Sicherheitspaket\Anti-Virus\fsgk32.exe
676 C:\Programme\LogMeIn Hamachi\hamachi-2.exe
732 C:\Programme\Sicherheitspaket\Common\FSHDLL32.EXE
720 C:\Programme\Java\jre6\bin\jqs.exe
1376 C:\Programme\Sony\VAIO Event Service\VESMgr.exe
1488 C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
2140 igfxext.exe
2296 igfxsrvc.exe
2504 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3844 C:\Programme\Sicherheitspaket\FWES\program\fsdfwd.exe
3876 fsorsp.exe
3884 C:\Programme\Sicherheitspaket\Anti-Virus\fssm32.exe
4068 alg.exe
336 C:\WINDOWS\system32\svchost.exe
3136 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2676 C:\PROGRA~1\SICHER~1\ANTI-V~1\fsav32.exe
2312 C:\WINDOWS\system32\hkcmd.exe
2164 C:\WINDOWS\system32\igfxsrvc.exe
2104 C:\WINDOWS\system32\igfxpers.exe
2444 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2736 C:\Programme\Sony\VAIO Power Management\SPMgr.exe
2744 C:\Programme\Sony\ISB Utility\ISBMgr.exe
2980 C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
2988 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
3704 C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
3712 C:\Programme\Sicherheitspaket\Common\FSM32.EXE
3860 C:\WINDOWS\system32\ctfmon.exe
212 C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
1092 C:\Programme\Windows Media Player\wmplayer.exe
1788 C:\Programme\Mozilla Firefox\firefox.exe
692 C:\Programme\Mozilla Firefox\plugin-container.exe
3172 C:\Dokumente und Einstellungen\R2D2\Eigene Dateien\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`2a14c000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG001A
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Edit: Virustotal geht wieder |
|
13.12.2011, 22:16
| #7 |
| | Java String Helper Add on versucht sich zu Instalieren Hi, hier kommt der Link... http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe chris Denke aber er wird nichts (relevantest) finden.. MBR sieht gut aus..
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
13.12.2011, 22:20
| #8 |
| | Java String Helper Add on versucht sich zu Instalieren Okay grade wollte ich bei virus total die appconfig hochladen schon meldet sich aufeinmal f-secure das appconfig ein virus sei und entfernte es wie soll ich weitergehen? Hier was von SystemLook Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 22:22 on 13/12/2011 by R2D2
Administrator - Elevation successful
========== regfind ==========
Searching for "virustotal.com"
No data found.
-= EOF =-
|
|
13.12.2011, 22:24
| #9 |
| | Java String Helper Add on versucht sich zu Instalieren Hier auch der Bericht von F-Secure Code:
ATTFilter Scan-Bericht
Dienstag, 13. Dezember 2011 22:16:58 - 22:18:32
Computername: SVENJAUNDRICO
Scan-Methode: Ziel scannen
Ziel: C:\WINDOWS\system32\appconf32.exe
Ergebnis: 1 Malware gefunden
Neustart des Systems erforderlich, um den Desinfektionsvorgang abzuschließen!
Trojan.Generic.7023096 (Virus)
C:\WINDOWS\system32\appconf32.exe Aktion: unter Quarantäne
Statistiken
Gescannt:
Dateien: 3545
Nicht gescannt: 0
Ergebnis:
Viren: 1
Spyware: 0
Verdächtige Elemente: 0
Riskware: 0
Aktionen:
Desinfiziert: 0
Umbenannt: 0
Gelöscht: 1
In Quarantäne: 1
Fehlgeschl.: 0
Boot-Sektoren:
Gescannt: 0
Infiziert: 0
Verdächtige Elemente: 0
Desinfiziert: 0
Optionen
Version der Definitionen:
Viren: 2011-12-13_03
Spyware: 2011-12-13_03
Scan-Module:
F-Secure Aquarius: 11.00.01, 2011-12-13
F-Secure Hydra: 5.05.7110, 2011-12-13
F-Secure Online: 10.50.17252, 2011-11-07
F-Secure Gemini: 3.01.46, 2011-11-11
Scan-Optionen:
Definierte Dateien scannen: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML CLASS ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Archive scannen
Aktionen:
Viren: Infizierte Dateien desinfizieren
Spyware: Nach Scannen fragen
|
|
13.12.2011, 22:31
| #10 |
| | Java String Helper Add on versucht sich zu Instalieren Hi, hmm, das gefällt mir nicht, wieso wurde sie erst jetzt erkannt... erst als man den Scanner mit der Nase... äh, ja... Neu starten lassen und ein neues OTL-Log posten... Bemühen wir mal Prevx... Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen) Prevx 3.0 for Home and Family Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
13.12.2011, 22:32
| #11 |
| | Java String Helper Add on versucht sich zu Instalieren Darf ich ne vermutung aufstellen ?Velleicht weils von nem rootkit getarnt wurde...oder es selber eins ist. |
|
13.12.2011, 22:38
| #12 |
| | Java String Helper Add on versucht sich zu Instalieren ;o) Oder Du nie einen Fullscan hast laufen lassen ... We will see... Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren! chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
13.12.2011, 22:40
| #13 |
| | Java String Helper Add on versucht sich zu InstalierenCode:
ATTFilter OTL logfile created on: 13.12.2011 22:35:10 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\R2D2\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 79,23% Memory free 4,77 Gb Paging File | 4,32 Gb Available in Paging File | 90,52% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 228,23 Gb Total Space | 156,28 Gb Free Space | 68,48% Space Free | Partition Type: NTFS Computer Name: SVENJAUNDRICO | User Name: R2D2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\R2D2\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Sicherheitspaket\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Programme\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\Sicherheitspaket\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Programme\Sicherheitspaket\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Programme\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Sicherheitspaket\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\Programme\Sicherheitspaket\Anti-Virus\fm4av.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Programme\Sicherheitspaket\Spam Control\fsas.dll () MOD - C:\Programme\Sicherheitspaket\FSPC\fspcfsm.eng () MOD - \\?\c:\programme\sicherheitspaket\hips\fsumi.dll () MOD - C:\Programme\Sicherheitspaket\FSGUI\strres.eng () MOD - C:\Programme\Sicherheitspaket\FSGUI\gres.dll () MOD - C:\Programme\Sicherheitspaket\FSGUI\fsavures.eng () MOD - C:\Programme\Sicherheitspaket\FSGUI\flyerres.eng () MOD - C:\Programme\Sicherheitspaket\FSGUI\aboutres.dll () MOD - C:\Programme\Sicherheitspaket\FSGUI\about.dll () MOD - C:\Programme\Sicherheitspaket\Anti-Virus\fsavhres.eng () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () ========== Win32 Services (SafeList) ========== SRV - (FSORSPClient) -- C:\Programme\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (FSMA) -- C:\Programme\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Programme\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (F-Secure Gatekeeper) -- C:\Programme\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys () DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys () DRV - (NBVol) -- C:\WINDOWS\system32\DRIVERS\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\WINDOWS\system32\DRIVERS\NBVolUp.sys (Nero AG) DRV - (F-Secure HIPS) -- C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.64.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Programme\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2011.12.08 07:06:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5056 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.12 07:31:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.11 06:50:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5056 [2010.05.09 13:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Mozilla\Extensions [2011.11.29 22:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Mozilla\Firefox\Profiles\1cx0py09.default\extensions [2010.05.19 18:39:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Mozilla\Firefox\Profiles\1cx0py09.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.29 22:51:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Mozilla\Firefox\Profiles\1cx0py09.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.09.06 19:44:29 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Mozilla\Firefox\Profiles\1cx0py09.default\extensions\battlefieldplay4free@ea.com [2011.12.12 07:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.12 07:31:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.12.12 07:31:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.12 07:31:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.12.12 07:31:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.12 07:31:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.12 07:31:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.12 07:31:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.13 22:18:32 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Programme\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32D8C29A-6498-4098-A2A1-2247EA9183F4}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E1CFEC1-7F1C-47F7-B3AF-2CB864120A50}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 08:59:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{909dc723-636c-11df-9d66-00265ef1bc27}\Shell - "" = AutoRun O33 - MountPoints2\{909dc723-636c-11df-9d66-00265ef1bc27}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{909dc723-636c-11df-9d66-00265ef1bc27}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.13 18:39:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011.12.13 18:37:54 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe [2011.12.13 18:26:03 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.13 07:12:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Malwarebytes [2011.12.13 07:11:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.12.13 07:11:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.12.13 07:11:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.12.13 07:11:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.12.11 06:49:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.09 21:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\TS3Client [2011.12.09 21:45:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\R2D2\Startmenü\Programme\TeamSpeak 3 Client [2011.12.09 21:45:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\R2D2\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client [2011.12.01 12:27:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\R2D2\dwhelper [2011.11.29 23:55:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\aTube Catcher [2011.11.29 23:55:19 | 000,000,000 | ---D | C] -- C:\Programme\DsNET Corp ========== Files - Modified Within 30 Days ========== [2011.12.13 22:34:42 | 000,000,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2011.12.13 22:34:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.13 22:18:32 | 000,000,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.12.13 18:37:06 | 001,557,791 | ---- | M] () -- C:\tdsskiller.zip [2011.12.13 10:41:02 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe [2011.12.13 07:20:45 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res [2011.12.13 07:11:54 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.12 22:26:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.11 06:50:08 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2011.12.10 22:17:57 | 000,000,032 | ---- | M] () -- C:\WINDOWS\Terraria.INI [2011.12.10 22:17:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI [2011.12.10 08:33:58 | 002,109,126 | ---- | M] () -- C:\Dokumente und Einstellungen\R2D2\Eigene Dateien\AuA1.pdf [2011.12.10 08:32:38 | 005,157,134 | ---- | M] () -- C:\Dokumente und Einstellungen\R2D2\Eigene Dateien\Messelberg2010.pdf [2011.12.09 21:45:47 | 000,001,273 | ---- | M] () -- C:\Dokumente und Einstellungen\R2D2\Desktop\TeamSpeak 3 Client.lnk [2011.12.01 19:33:30 | 000,008,704 | ---- | M] () -- C:\Dokumente und Einstellungen\R2D2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.29 23:55:41 | 000,000,815 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\aTube Catcher.lnk [2011.11.29 02:08:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.11.28 15:50:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== Files Created - No Company Name ========== [2011.12.13 18:37:50 | 001,557,791 | ---- | C] () -- C:\tdsskiller.zip [2011.12.13 07:11:54 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.12 21:55:50 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res [2011.12.10 08:33:58 | 002,109,126 | ---- | C] () -- C:\Dokumente und Einstellungen\R2D2\Eigene Dateien\AuA1.pdf [2011.12.10 08:32:37 | 005,157,134 | ---- | C] () -- C:\Dokumente und Einstellungen\R2D2\Eigene Dateien\Messelberg2010.pdf [2011.12.09 21:45:47 | 000,001,273 | ---- | C] () -- C:\Dokumente und Einstellungen\R2D2\Desktop\TeamSpeak 3 Client.lnk [2011.11.29 23:55:41 | 000,000,815 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\aTube Catcher.lnk [2011.11.22 23:45:31 | 000,225,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-944853165-136188656-2076384330-1007-0.dat [2011.11.22 23:45:30 | 000,189,558 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.10.25 22:11:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.10.09 13:05:33 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Terraria.INI [2011.08.19 15:20:54 | 000,042,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2011.08.07 17:49:02 | 000,001,023 | ---- | C] () -- C:\WINDOWS\eReg.dat [2011.04.01 22:40:21 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2011.04.01 18:44:18 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2011.01.09 21:20:54 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\R2D2\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.20 15:34:47 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat [2010.05.30 20:06:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.05.28 08:33:00 | 000,284,160 | ---- | C] () -- C:\WINDOWS\unin0407.exe [2010.05.09 13:50:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.09 12:49:40 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll [2010.05.09 12:36:20 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2010.05.09 12:36:19 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2010.05.09 12:36:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2010.05.09 12:35:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2009.03.23 16:40:06 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.04.25 09:54:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.04.25 09:54:00 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.04.25 09:20:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.04.25 09:02:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.04.25 08:58:21 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.04.25 01:49:08 | 000,004,848 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.04.25 01:48:56 | 000,528,536 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.04.25 01:48:56 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.04.25 01:48:56 | 000,106,022 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.04.25 01:48:56 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.04.25 01:48:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.04.25 01:48:40 | 000,504,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.04.25 01:48:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.04.25 01:48:40 | 000,089,094 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.04.25 01:48:40 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.04.25 01:48:38 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.04.25 01:48:37 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.04.25 01:48:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008.04.25 01:48:32 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.04.25 01:48:32 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.04.25 01:48:25 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.04.25 01:48:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2011.08.19 15:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\f-secure [2011.08.19 15:18:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg [2011.12.13 21:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.05.09 12:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB [2010.05.19 18:33:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.02.05 04:31:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\.minecraft [2010.06.06 02:15:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Blender Foundation [2010.11.20 17:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Dev-Cpp [2011.01.29 16:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\LolClient [2010.09.11 16:13:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Skip-Bo [2011.12.09 21:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\TS3Client [2011.10.08 16:09:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\uTorrent [2010.05.19 18:34:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\R2D2\Anwendungsdaten\Vodafone ========== Purity Check ========== < End of report > |
|
13.12.2011, 22:49
| #14 |
| | Java String Helper Add on versucht sich zu Instalieren Hi, mach das sofort, das dürfte das nächste sein: C:\WINDOWS\unin0407.exe Bzw. lass gleich prevx von der leine... mach für heute schluß, chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
14.12.2011, 06:59
| #15 |
| | Java String Helper Add on versucht sich zu InstalierenCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-14 06:59:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK2555GSX rev.FG001A
Running: ikqv00nv.exe; Driver: C:\DOKUME~1\R2D2\LOKALE~1\Temp\kwtyyuob.sys
---- System - GMER 1.0.15 ----
SSDT spkr.sys ZwCreateKey [0xB9EB50E0]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcess [0xBA25ACC6]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateProcessEx [0xBA25ACE0]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwCreateThread [0xBA259E7C]
SSDT spkr.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spkr.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwLoadDriver [0xBA25A1AC]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwMapViewOfSection [0xBA259BBC]
SSDT spkr.sys ZwOpenKey [0xB9EB50C0]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwOpenSection [0xBA25A5DE]
SSDT spkr.sys ZwQueryKey [0xB9ECE20A]
SSDT spkr.sys ZwQueryValueKey [0xB9ECE08A]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwRenameKey [0xBA25B87C]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSetSystemInformation [0xBA25A42E]
SSDT spkr.sys ZwSetValueKey [0xB9ECE29C]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendProcess [0xBA259A3C]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSuspendThread [0xBA259EB0]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwSystemDebugControl [0xBA25A032]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateProcess [0xBA259996]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwTerminateThread [0xBA259AF6]
SSDT \??\C:\Programme\Sicherheitspaket\HIPS\drivers\fshs.sys (HIPS 32-bit kernel module/F-Secure Corporation) ZwWriteVirtualMemory [0xBA259F76]
INT 0x63 ? 8AA40BF8
INT 0x74 ? 8AA40BF8
INT 0x83 ? 8AD34BF8
INT 0x83 ? 8AD34BF8
INT 0x83 ? 8AD34BF8
INT 0x83 ? 8AD34BF8
INT 0x83 ? 8AA40BF8
INT 0x83 ? 8AA40BF8
INT 0x83 ? 8AD34BF8
INT 0x94 ? 8AA40BF8
INT 0x94 ? 8AA40BF8
Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [3C, 9A, 25, BA, B0, 9E, 25, ...] {CMP AL, 0x9a; AND EAX, 0x259eb0ba; MOV EDX, 0xba25a032}
PAGE ntkrnlpa.exe!IoCreateDevice 80575912 5 Bytes JMP B9D03FFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
? spkr.sys Das System kann die angegebene Datei nicht finden. !
PAGENPNP NDIS.SYS!NdisRegisterProtocol B9CD417F 5 Bytes JMP B9D03E0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter B9CD4399 5 Bytes JMP B9D04394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter B9CDE642 5 Bytes JMP B9D03F18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol B9CDE821 5 Bytes JMP B9D041B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets B9CE1810 5 Bytes JMP B9D04C0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest B9CE197B 5 Bytes JMP B9D045AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend B9CE4986 5 Bytes JMP B9D0558C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets B9CE49A3 5 Bytes JMP B9D0565E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData B9CE49BE 5 Bytes JMP B9D04D0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc B9CEB186 5 Bytes JMP B9D03E76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc B9CEC557 5 Bytes JMP B9D03EE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets B9CECAF1 5 Bytes JMP B9D05376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
.text USBPORT.SYS!DllUnload B89298AC 5 Bytes JMP 8AA401D8
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00DF000C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 00DF100C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DF200C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00DF300C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 00DF700C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 00DF500C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 00DF600C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00DF800C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00DF400C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00DFA00C
.text C:\Programme\LogMeIn Hamachi\hamachi-2.exe[272] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 00DF900C
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0203000C
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0203100C
.text C:\WINDOWS\Explorer.EXE[284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0203200C
.text C:\WINDOWS\Explorer.EXE[284] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0203300C
.text C:\WINDOWS\Explorer.EXE[284] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0203700C
.text C:\WINDOWS\Explorer.EXE[284] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0203500C
.text C:\WINDOWS\Explorer.EXE[284] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0203600C
.text C:\WINDOWS\Explorer.EXE[284] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0203800C
.text C:\WINDOWS\Explorer.EXE[284] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0203400C
.text C:\WINDOWS\Explorer.EXE[284] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0203A00C
.text C:\WINDOWS\Explorer.EXE[284] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0203900C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0297000C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0297100C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0297200C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0297300C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0297400C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0297A00C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0297700C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0297500C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0297600C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0297800C
.text C:\WINDOWS\system32\igfxsrvc.exe[568] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0297900C
.text C:\WINDOWS\system32\hkcmd.exe[600] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0260000C
.text C:\WINDOWS\system32\hkcmd.exe[600] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0260100C
.text C:\WINDOWS\system32\hkcmd.exe[600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0260200C
.text C:\WINDOWS\system32\hkcmd.exe[600] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0260300C
.text C:\WINDOWS\system32\hkcmd.exe[600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0260400C
.text C:\WINDOWS\system32\hkcmd.exe[600] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0260A00C
.text C:\WINDOWS\system32\hkcmd.exe[600] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0260700C
.text C:\WINDOWS\system32\hkcmd.exe[600] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0260500C
.text C:\WINDOWS\system32\hkcmd.exe[600] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0260600C
.text C:\WINDOWS\system32\hkcmd.exe[600] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0260800C
.text C:\WINDOWS\system32\hkcmd.exe[600] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0260900C
.text C:\WINDOWS\system32\igfxpers.exe[604] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0268000C
.text C:\WINDOWS\system32\igfxpers.exe[604] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0268100C
.text C:\WINDOWS\system32\igfxpers.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0268200C
.text C:\WINDOWS\system32\igfxpers.exe[604] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0268300C
.text C:\WINDOWS\system32\igfxpers.exe[604] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0268400C
.text C:\WINDOWS\system32\igfxpers.exe[604] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0268A00C
.text C:\WINDOWS\system32\igfxpers.exe[604] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0268700C
.text C:\WINDOWS\system32\igfxpers.exe[604] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0268500C
.text C:\WINDOWS\system32\igfxpers.exe[604] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0268600C
.text C:\WINDOWS\system32\igfxpers.exe[604] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0268800C
.text C:\WINDOWS\system32\igfxpers.exe[604] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0268900C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 025F000C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 025F100C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025F200C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 025F300C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 025F700C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 025F500C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 025F600C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 025F800C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 025F400C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 025FA00C
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[616] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 025F900C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0274000C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0274100C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0274200C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0274300C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0274700C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0274500C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0274600C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0274800C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0274400C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0274A00C
.text C:\Programme\Sony\VAIO Power Management\SPMgr.exe[624] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0274900C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0240000C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0240100C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0240200C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0240300C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0240700C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0240500C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0240600C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0240800C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0240400C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0240A00C
.text C:\Programme\Sony\ISB Utility\ISBMgr.exe[632] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0240900C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 003F000C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003F100C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003F200C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003F300C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 003F700C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 003F500C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 003F600C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003F800C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F400C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 003FA00C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[700] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 003F900C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0284000C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0284100C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0284200C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0284300C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0284700C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0284500C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0284600C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0284800C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0284400C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0284A00C
.text C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe[764] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0284900C
.text C:\Programme\Sicherheitspaket\Common\FSM32.EXE[776] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 02FF000C
.text C:\Programme\Sicherheitspaket\Common\FSM32.EXE[776] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 02FF100C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 02F2000C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 02F2100C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02F2200C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 02F2300C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 02F2700C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 02F2500C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 02F2600C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 02F2800C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 02F2400C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 02F2A00C
.text C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe[872] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 02F2900C
.text C:\WINDOWS\system32\winlogon.exe[892] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00CC000C
.text C:\WINDOWS\system32\winlogon.exe[892] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 00CC100C
.text C:\WINDOWS\system32\winlogon.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC200C
.text C:\WINDOWS\system32\winlogon.exe[892] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00CC300C
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 00CC700C
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 00CC500C
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 00CC600C
.text C:\WINDOWS\system32\winlogon.exe[892] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00CC800C
.text C:\WINDOWS\system32\winlogon.exe[892] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CC400C
.text C:\WINDOWS\system32\winlogon.exe[892] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00CCA00C
.text C:\WINDOWS\system32\winlogon.exe[892] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 00CC900C
.text C:\WINDOWS\system32\lsass.exe[948] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 00DA000C
.text C:\WINDOWS\system32\lsass.exe[948] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 00DA100C
.text C:\WINDOWS\system32\lsass.exe[948] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DA200C
.text C:\WINDOWS\system32\lsass.exe[948] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 00DA300C
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 00DA700C
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 00DA500C
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 00DA600C
.text C:\WINDOWS\system32\lsass.exe[948] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00DA800C
.text C:\WINDOWS\system32\lsass.exe[948] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00DA400C
.text C:\WINDOWS\system32\lsass.exe[948] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 00DAA00C
.text C:\WINDOWS\system32\lsass.exe[948] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 00DA900C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0356000C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0356100C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0356200C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0356300C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0356400C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0356A00C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0356700C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0356500C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0356600C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0356800C
.text C:\Programme\Sony\VAIO Event Service\VESMgr.exe[1260] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0356900C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 03A2000C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 03A2100C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03A2200C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 03A2300C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 03A2700C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 03A2500C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 03A2600C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 03A2800C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 03A2900C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 03A2400C
.text C:\Programme\Java\jre6\bin\jqs.exe[1916] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 03A2A00C
.text C:\WINDOWS\system32\igfxext.exe[2928] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0269000C
.text C:\WINDOWS\system32\igfxext.exe[2928] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0269100C
.text C:\WINDOWS\system32\igfxext.exe[2928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0269200C
.text C:\WINDOWS\system32\igfxext.exe[2928] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0269300C
.text C:\WINDOWS\system32\igfxext.exe[2928] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0269400C
.text C:\WINDOWS\system32\igfxext.exe[2928] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0269A00C
.text C:\WINDOWS\system32\igfxext.exe[2928] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0269700C
.text C:\WINDOWS\system32\igfxext.exe[2928] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0269500C
.text C:\WINDOWS\system32\igfxext.exe[2928] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0269600C
.text C:\WINDOWS\system32\igfxext.exe[2928] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0269800C
.text C:\WINDOWS\system32\igfxext.exe[2928] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0269900C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 0277000C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 0277100C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0277200C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 0277300C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 0277400C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 0277A00C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 0277700C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 0277500C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 0277600C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 0277800C
.text C:\WINDOWS\system32\igfxsrvc.exe[2952] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 0277900C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] ntdll.dll!NtCreateProcess 7C91D14E 5 Bytes JMP 003D000C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] ntdll.dll!NtCreateProcessEx 7C91D15E 5 Bytes JMP 003D100C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003D200C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 003D300C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] ADVAPI32.dll!CloseServiceHandle 77DB6CE5 5 Bytes JMP 003D700C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 003D500C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 003D600C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003D800C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D400C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] USER32.dll!DdeConnect 7E3A81C3 5 Bytes JMP 003DA00C
.text C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe[3412] ole32.dll!CoCreateInstanceEx 774CF154 5 Bytes JMP 003D900C
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spkr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spkr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spkr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spkr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spkr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spkr.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AD331F8
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 8AA351F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AD8D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AD8D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AD8D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AD8D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8AA351F8
Device \Driver\usbehci \Device\USBPDO-2 8AA1D500
Device \Driver\usbehci \Device\USBPDO-3 8AA1D500
Device \Driver\usbuhci \Device\USBPDO-4 8AA351F8
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 8AA351F8
Device \Driver\usbuhci \Device\USBPDO-6 8AA351F8
Device \Driver\usbuhci \Device\USBPDO-7 8AA351F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AD351F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AD351F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
Device \Driver\NetBT \Device\NetBT_Tcpip_{1FC38D05-D48E-4DCC-8A24-CCF192BB1A48} 8AAAF500
Device \Driver\Cdrom \Device\CdRom0 8A9BD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AAAF500
Device \Driver\NetBT \Device\NetbiosSmb 8AAAF500
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{4621500B-33B8-4EC2-9483-C4A6B5E0FF28} 8AAAF500
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 8AA351F8
Device \Driver\usbuhci \Device\USBFDO-1 8AA351F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AB85500
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\usbehci \Device\USBFDO-2 8AA1D500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AB85500
Device \Driver\usbuhci \Device\USBFDO-3 8AA351F8
Device \Driver\usbuhci \Device\USBFDO-4 8AA351F8
Device \Driver\Ftdisk \Device\FtControl 8AD351F8
Device \Driver\usbuhci \Device\USBFDO-5 8AA351F8
Device \Driver\usbuhci \Device\USBFDO-6 8AA351F8
Device \Driver\usbehci \Device\USBFDO-7 8AA1D500
Device \FileSystem\Cdfs \Cdfs 8A9BA500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu Java String Helper Add on versucht sich zu Instalieren |
| acroiehelpe.dll, add on, anti-malware, c:\windows, code, dateien, explorer, folge, hack, hacktool.gamescheat.gen, helper, hijack.userinit, java, laptop, malwarebytes, microsoft, mozilla, namen, recycler, scan, software, spanisch, system, system32, trojan.passwords, trojaner, trojaner board, userinit, winlogon, xmldm |
Linear-Darstellung
