Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.12.2012, 09:43   #1
theexciter
 
Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen - Standard

Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen



Hi,

habe hier ein Win7 32bit System auf dem sich schon zum 2x mal ein GVU-Trojaner eingeschlichen hat (trotz installiertem Avast) :-(

Der erste GVU-Trojaner hat sich im Juli eingeschlichen, und wurde mit Hilfe von MWAV und Malwarebytes entfernt....

Nun ist laut Bildinfo von forum.botfrei.de der GVU Trojaner 1.13 drauf (gewesen)...

Habe mit Malwarebytes das Teil in Quarantäne geschickt, so dass das System ohne den Sperrbildschirm ins Netz gelangt,
aber trotzdem ist das ganze System nicht wirklich clean (Anzeige Dateinamenerweiterung ist nach jedem Reboot wieder deaktiviert)

Ich poste mal die Logdateien aus den verschiedenen Scans:

OTL.txt - Extra.txt wurde nicht erstellt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.12.2012 09:47:37 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hobbit\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 60,65% Memory free
5,73 Gb Paging File | 4,58 Gb Available in Paging File | 79,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 190,06 Gb Free Space | 81,64% Space Free | Partition Type: NTFS
Drive F: | 14,84 Gb Total Space | 14,54 Gb Free Space | 98,00% Space Free | Partition Type: FAT32
 
Computer Name: PC | User Name: Hobbit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.01 09:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hobbit\Desktop\OTL.exe
PRC - [2012.11.30 19:51:47 | 006,527,128 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.08.31 15:10:30 | 006,952,872 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.08.31 15:10:30 | 002,759,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.31 14:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.04.08 23:20:52 | 000,134,416 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011.11.01 12:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011.11.01 12:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011.05.26 19:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.04.19 02:52:00 | 000,143,360 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011.04.19 02:52:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.04.04 11:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.06 06:55:30 | 000,805,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.19 02:52:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.30 12:37:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.08 19:55:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.08.31 15:10:30 | 002,759,080 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.05.11 16:02:38 | 000,034,104 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.03.10 12:41:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.11.01 12:19:00 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.11.01 12:03:54 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.10.20 17:33:22 | 000,103,184 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011.10.19 13:24:54 | 000,510,464 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.04.20 10:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.19 02:52:00 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.04.19 02:52:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.04.04 10:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 13:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.12.20 19:17:07 | 003,246,040 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.12.06 06:55:30 | 000,805,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.11.06 17:29:38 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010.08.05 16:47:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2011.12.28 21:48:24 | 000,129,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.12.28 21:48:24 | 000,022,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011.12.27 02:10:35 | 000,033,080 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011.12.16 16:53:28 | 000,013,304 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TVMonitor.sys -- (MonitorFunction)
DRV - [2011.10.31 14:56:36 | 007,522,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2011.10.19 13:18:38 | 000,140,800 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011.10.19 13:18:38 | 000,140,800 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2011.04.19 02:52:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010.12.20 19:17:07 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.12.20 19:17:05 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2010.12.20 19:17:00 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010.12.20 19:16:58 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010.12.13 10:30:50 | 000,144,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.08.18 10:53:42 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 6B C5 47 B2 7D CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.30 19:53:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 12:37:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 12:37:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.30 12:37:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 12:37:16 | 000,000,000 | ---D | M]
 
[2010.11.06 15:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Extensions
[2012.10.23 20:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Firefox\Profiles\7m5wtwu1.default\extensions
[2012.07.30 15:03:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hobbit\AppData\Roaming\mozilla\firefox\profiles\7m5wtwu1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.30 12:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.30 12:37:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.06 16:02:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.11 20:02:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.22 15:03:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.11 20:02:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.11 20:02:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.11 20:02:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.11 20:02:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.07 11:37:40 | 000,002,119 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C54B7CAA-A761-4993-A767-FD25B066DBBD}: DhcpNameServer = 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F97B27A2-D4C4-43B7-96EB-226448A695E0}: DhcpNameServer = 192.168.0.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{39d0da97-f4a8-11df-bd4b-60eb690bc809}\Shell - "" = AutoRun
O33 - MountPoints2\{39d0da97-f4a8-11df-bd4b-60eb690bc809}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d5942036-e9b3-11df-a05e-60eb690bc809}\Shell - "" = AutoRun
O33 - MountPoints2\{d5942036-e9b3-11df-a05e-60eb690bc809}\Shell\AutoRun\command - "" = E:\Set-up.exe
O33 - MountPoints2\{f1152d68-ea78-11df-8668-60eb690bc809}\Shell - "" = AutoRun
O33 - MountPoints2\{f1152d68-ea78-11df-8668-60eb690bc809}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f1152d77-ea78-11df-8668-60eb690bc809}\Shell - "" = AutoRun
O33 - MountPoints2\{f1152d77-ea78-11df-8668-60eb690bc809}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.01 09:11:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hobbit\Desktop\OTL.exe
[2012.11.30 23:47:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.30 22:42:02 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.11.30 22:42:02 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.11.30 21:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.30 21:26:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.30 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.13 21:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\vhpthzabkxttqln
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.01 09:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.01 09:35:04 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 09:35:04 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 09:33:01 | 000,680,532 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.01 09:33:01 | 000,636,962 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.01 09:33:01 | 000,141,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.01 09:33:01 | 000,114,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.01 09:12:19 | 000,000,000 | ---- | M] () -- C:\Users\Hobbit\defogger_reenable
[2012.12.01 09:09:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hobbit\Desktop\OTL.exe
[2012.12.01 09:08:38 | 000,050,477 | ---- | M] () -- C:\Users\Hobbit\Desktop\Defogger.exe
[2012.12.01 08:54:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.01 07:43:17 | 003,703,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.30 23:40:33 | 000,037,414 | ---- | M] () -- C:\Users\Hobbit\Documents\pinfect.zip
[2012.11.30 22:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx
[2012.11.30 21:26:33 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 19:53:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.13 21:22:23 | 000,076,348 | ---- | M] () -- C:\ProgramData\qpzyugiwsiayhaj
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.01 09:43:52 | 000,302,592 | ---- | C] () -- C:\Users\Hobbit\Desktop\gmer.exe
[2012.12.01 09:12:19 | 000,000,000 | ---- | C] () -- C:\Users\Hobbit\defogger_reenable
[2012.12.01 09:11:40 | 000,050,477 | ---- | C] () -- C:\Users\Hobbit\Desktop\Defogger.exe
[2012.11.30 23:44:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.30 23:43:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.30 21:26:33 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.13 21:22:18 | 000,076,348 | ---- | C] () -- C:\ProgramData\qpzyugiwsiayhaj
[2012.07.11 16:07:27 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012.07.03 12:52:20 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.14 14:23:09 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.14 14:22:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.29 13:47:42 | 000,000,156 | ---- | C] () -- C:\Windows\WDP_Server.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.12.20 19:17:07 | 000,000,000 | ---D | M] -- C:\Users\Hobbit\AppData\Roaming\6A30878C-029A-48A8-810A-CDEB93CC02CC
[2010.12.20 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Hobbit\AppData\Roaming\Acronis
[2011.05.14 16:15:08 | 000,000,000 | ---D | M] -- C:\Users\Hobbit\AppData\Roaming\PwrMgr
[2012.09.29 19:42:22 | 000,000,000 | ---D | M] -- C:\Users\Hobbit\AppData\Roaming\TeamViewer
[2012.07.11 17:05:19 | 000,000,000 | ---D | M] -- C:\Users\Hobbit\AppData\Roaming\TuneUp Software
[2010.11.07 15:06:42 | 000,000,000 | ---D | M] -- C:\Users\Hobbit\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
         

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:44 on 01/12/2012 (Hobbit)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Eine GMER Logdatei konnte ich nicht erstellen, gab nen BSOD :-(
Code:
ATTFilter
==================================================
Dump File         : 120112-15771-01.dmp
Crash Time        : 01.12.2012 10:17:59
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0x82f22ee9
Parameter 3       : 0xba979a78
Parameter 4       : 0x00000000
Caused By Driver  : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+121ee9
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+121ee9
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\120112-15771-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 146.352
==================================================
         
Hier mal die erste Log vom Malwarebytesscan im Juli:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1100
www.malwarebytes.org

Datenbank Version: v2012.07.11.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Hobbit :: PC [Administrator]

11.07.2012 14:51:20
mbam-log-2012-07-11 (14-51-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 316964
Laufzeit: 1 Stunde(n), 16 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2276 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.
C:\Users\Hobbit\AppData\Local\Temp\0_0u_l.exe.mwt (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hobbit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Und hier der von gestern Abend:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.26.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Hobbit :: PC [Administrator]

30.11.2012 21:28:14
mbam-log-2012-11-30 (21-28-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 312847
Laufzeit: 1 Stunde(n), 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Hobbit\0.9368733570250305.exe (Trojan.Weelsof.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
EDIT:
Warum klappt das mit der codebox net?

Hier nun noch die log vom GMER Scan:
[codebox]

GMER Logfile:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-01 10:44:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.02.0
Running: gmer.exe; Driver: C:\Users\Hobbit\AppData\Local\Temp\fxlcyuoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwAddBootEntry [0x9004C4BA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwAllocateVirtualMemory [0x916AEC22]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwAssignProcessToJobObject [0x9004CED6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateEvent [0x90057FA8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateEventPair [0x90057FF4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateIoCompletion [0x90058176]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateMutant [0x90057F16]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwCreateSection [0x916AEFA6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateSemaphore [0x90057F5E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateThread [0x9004D11C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateThreadEx [0x9004D2F4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwCreateTimer [0x90058130]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwDebugActiveProcess [0x9004D93E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwDeleteBootEntry [0x9004C508]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwFreeVirtualMemory [0x916AECEA]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwLoadDriver [0x916AD3EC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwModifyBootEntry [0x9004C556]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwNotifyChangeKey [0x90051534]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwNotifyChangeMultipleKeys [0x9004E3A6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwOpenEvent [0x90057FD2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwOpenEventPair [0x90058016]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwOpenIoCompletion [0x9005819A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwOpenMutant [0x90057F3C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwOpenSection [0x900580BA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwOpenSemaphore [0x90057F86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwOpenTimer [0x90058154]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwProtectVirtualMemory [0x916AEE4A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwQueryObject [0x9004E272]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwQueueApcThreadEx [0x9004DF86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSetBootEntryOrder [0x9004C5A4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSetBootOptions [0x9004C5F2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSetContextThread [0x9004D7BE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSetSystemInformation [0x9004C1FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSetSystemPowerState [0x9004C3AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwShutdownSystem [0x9004C350]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSuspendProcess [0x9004DAF8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSuspendThread [0x9004DC54]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwSystemDebugControl [0x9004C41A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwTerminateProcess [0x916AEEFE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwTerminateThread [0x9004D636]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwUnloadDriver [0x916AD41C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                       ZwVdmControl [0x9004C640]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwWriteVirtualMemory [0x916AED96]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ZwCreateProcessEx [0x916C7E56]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                       ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                    82E55A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                      82E8F4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                         82E96500 4 Bytes  [BA, C4, 04, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                         82E96528 4 Bytes  [22, EC, 6A, 91] {AND CH, AH; PUSH -0x6f}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                         82E96588 4 Bytes  [D6, CE, 04, 90] {SALC ; INTO ; ADD AL, 0x90}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                         82E965DC 2 Bytes  [A8, 7F] {TEST AL, 0x7f}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11AA                                                                         82E965DF 5 Bytes  [90, F4, 7F, 05, 90] {NOP ; HLT ; JG 0x9; NOP }
.text           ...                                                                                                         
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                          83024C88 5 Bytes  JMP 916C4CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                            8303D2B0 5 Bytes  JMP 916C6828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                 830523F7 4 Bytes  CALL 9004EA8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                8306C20E 4 Bytes  CALL 9004EAA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                              830F610E 7 Bytes  JMP 916C7E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                         BDA35000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                         BDA35123 629 Bytes  [05, A3, BD, FE, 05, 34, 05, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                         BDA35399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                         BDA353FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                         BDA354AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                         

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[736] kernel32.dll!GetBinaryTypeW + 70                    779269F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] ntdll.dll!LdrUnloadDll                                   779FC86E 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] ntdll.dll!LdrLoadDll                                     77A0223E 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] KERNEL32.dll!GetBinaryTypeW + 70                         779269F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] USER32.dll!UnhookWindowsHookEx                           7640ADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] USER32.dll!UnhookWinEvent                                7640B750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] USER32.dll!SetWindowsHookExW                             7640E30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] USER32.dll!SetWinEventHook                               764124DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[764] USER32.dll!SetWindowsHookExA                             76436D0C 5 Bytes  JMP 00180600 
.text           C:\Windows\system32\csrss.exe[788] kernel32.dll!GetBinaryTypeW + 70                                         779269F4 1 Byte  [62]
.text           C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[824] kernel32.dll!GetBinaryTypeW + 70                           779269F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[828] kernel32.dll!GetBinaryTypeW + 70                                       779269F4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[840] kernel32.dll!GetBinaryTypeW + 70                                         779269F4 1 Byte  [62]
.text           C:\Windows\system32\services.exe[876] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           ...                                                                                                         
.text           C:\Windows\system32\SearchIndexer.exe[1520] ntdll.dll!LdrUnloadDll                                          779FC86E 5 Bytes  JMP 002203FC 
.text           C:\Windows\system32\SearchIndexer.exe[1520] ntdll.dll!LdrLoadDll                                            77A0223E 5 Bytes  JMP 002201F8 
.text           C:\Windows\system32\SearchIndexer.exe[1520] KERNEL32.dll!GetBinaryTypeW + 70                                779269F4 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[1520] USER32.dll!UnhookWindowsHookEx                                  7640ADF9 5 Bytes  JMP 00240A08 
.text           C:\Windows\system32\SearchIndexer.exe[1520] USER32.dll!UnhookWinEvent                                       7640B750 5 Bytes  JMP 002403FC 
.text           C:\Windows\system32\SearchIndexer.exe[1520] USER32.dll!SetWindowsHookExW                                    7640E30C 5 Bytes  JMP 00240804 
.text           C:\Windows\system32\SearchIndexer.exe[1520] USER32.dll!SetWinEventHook                                      764124DC 5 Bytes  JMP 002401F8 
.text           C:\Windows\system32\SearchIndexer.exe[1520] USER32.dll!SetWindowsHookExA                                    76436D0C 5 Bytes  JMP 00240600 
.text           C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1556] kernel32.dll!GetBinaryTypeW + 70                           779269F4 1 Byte  [62]
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] ntdll.dll!LdrUnloadDll                                      779FC86E 5 Bytes  JMP 001703FC 
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] ntdll.dll!LdrLoadDll                                        77A0223E 5 Bytes  JMP 001701F8 
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] KERNEL32.dll!GetBinaryTypeW + 70                            779269F4 1 Byte  [62]
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] USER32.dll!UnhookWindowsHookEx                              7640ADF9 5 Bytes  JMP 002F0A08 
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] USER32.dll!UnhookWinEvent                                   7640B750 5 Bytes  JMP 002F03FC 
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] USER32.dll!SetWindowsHookExW                                7640E30C 5 Bytes  JMP 002F0804 
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] USER32.dll!SetWinEventHook                                  764124DC 5 Bytes  JMP 002F01F8 
.text           C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe[1560] USER32.dll!SetWindowsHookExA                                76436D0C 5 Bytes  JMP 002F0600 
.text           C:\Windows\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1752] kernel32.dll!GetBinaryTypeW + 70         779269F4 1 Byte  [62]
.text           C:\Windows\system32\igfxext.exe[1788] ntdll.dll!LdrUnloadDll                                                779FC86E 5 Bytes  JMP 001703FC 
.text           C:\Windows\system32\igfxext.exe[1788] ntdll.dll!LdrLoadDll                                                  77A0223E 5 Bytes  JMP 001701F8 
.text           C:\Windows\system32\igfxext.exe[1788] KERNEL32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\system32\igfxext.exe[1788] USER32.dll!UnhookWindowsHookEx                                        7640ADF9 5 Bytes  JMP 00180A08 
.text           C:\Windows\system32\igfxext.exe[1788] USER32.dll!UnhookWinEvent                                             7640B750 5 Bytes  JMP 001803FC 
.text           C:\Windows\system32\igfxext.exe[1788] USER32.dll!SetWindowsHookExW                                          7640E30C 5 Bytes  JMP 00180804 
.text           C:\Windows\system32\igfxext.exe[1788] USER32.dll!SetWinEventHook                                            764124DC 5 Bytes  JMP 001801F8 
.text           C:\Windows\system32\igfxext.exe[1788] USER32.dll!SetWindowsHookExA                                          76436D0C 5 Bytes  JMP 00180600 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1824] kernel32.dll!SetUnhandledExceptionFilter          7790F4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1824] kernel32.dll!GetBinaryTypeW + 70                  779269F4 1 Byte  [62]
.text           C:\Windows\system32\WLANExt.exe[1832] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\system32\conhost.exe[1840] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] ntdll.dll!LdrUnloadDll                                  779FC86E 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] ntdll.dll!LdrLoadDll                                    77A0223E 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] KERNEL32.dll!GetBinaryTypeW + 70                        779269F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] USER32.dll!UnhookWindowsHookEx                          7640ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] USER32.dll!UnhookWinEvent                               7640B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] USER32.dll!SetWindowsHookExW                            7640E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] USER32.dll!SetWinEventHook                              764124DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1856] USER32.dll!SetWindowsHookExA                            76436D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\System32\spoolsv.exe[2000] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2028] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[2224] kernel32.dll!GetBinaryTypeW + 70                                          779269F4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[2232] kernel32.dll!GetBinaryTypeW + 70                                     779269F4 1 Byte  [62]
.text           C:\Windows\Explorer.EXE[2284] kernel32.dll!GetBinaryTypeW + 70                                              779269F4 1 Byte  [62]
.text           ...                                                                                                         
.text           C:\Windows\System32\TpShocks.exe[2412] ntdll.dll!LdrUnloadDll                                               779FC86E 5 Bytes  JMP 002E03FC 
.text           C:\Windows\System32\TpShocks.exe[2412] ntdll.dll!LdrLoadDll                                                 77A0223E 5 Bytes  JMP 002E01F8 
.text           C:\Windows\System32\TpShocks.exe[2412] KERNEL32.dll!GetBinaryTypeW + 70                                     779269F4 1 Byte  [62]
.text           C:\Windows\System32\TpShocks.exe[2412] USER32.dll!UnhookWindowsHookEx                                       7640ADF9 5 Bytes  JMP 002F0A08 
.text           C:\Windows\System32\TpShocks.exe[2412] USER32.dll!UnhookWinEvent                                            7640B750 5 Bytes  JMP 002F03FC 
.text           C:\Windows\System32\TpShocks.exe[2412] USER32.dll!SetWindowsHookExW                                         7640E30C 5 Bytes  JMP 002F0804 
.text           C:\Windows\System32\TpShocks.exe[2412] USER32.dll!SetWinEventHook                                           764124DC 5 Bytes  JMP 002F01F8 
.text           C:\Windows\System32\TpShocks.exe[2412] USER32.dll!SetWindowsHookExA                                         76436D0C 5 Bytes  JMP 002F0600 
.text           C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe[2448] kernel32.dll!GetBinaryTypeW + 70                           779269F4 1 Byte  [62]
.text           C:\Windows\system32\igfxsrvc.exe[2460] ntdll.dll!LdrUnloadDll                                               779FC86E 5 Bytes  JMP 001E03FC 
.text           C:\Windows\system32\igfxsrvc.exe[2460] ntdll.dll!LdrLoadDll                                                 77A0223E 5 Bytes  JMP 001E01F8 
.text           C:\Windows\system32\igfxsrvc.exe[2460] KERNEL32.dll!GetBinaryTypeW + 70                                     779269F4 1 Byte  [62]
.text           C:\Windows\system32\igfxsrvc.exe[2460] USER32.dll!UnhookWindowsHookEx                                       7640ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Windows\system32\igfxsrvc.exe[2460] USER32.dll!UnhookWinEvent                                            7640B750 5 Bytes  JMP 001F03FC 
.text           C:\Windows\system32\igfxsrvc.exe[2460] USER32.dll!SetWindowsHookExW                                         7640E30C 5 Bytes  JMP 001F0804 
.text           C:\Windows\system32\igfxsrvc.exe[2460] USER32.dll!SetWinEventHook                                           764124DC 5 Bytes  JMP 001F01F8 
.text           C:\Windows\system32\igfxsrvc.exe[2460] USER32.dll!SetWindowsHookExA                                         76436D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] ntdll.dll!LdrUnloadDll            779FC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] ntdll.dll!LdrLoadDll              77A0223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] KERNEL32.dll!GetBinaryTypeW + 70  779269F4 1 Byte  [62]
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] USER32.dll!UnhookWindowsHookEx    7640ADF9 5 Bytes  JMP 00180A08 
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] USER32.dll!UnhookWinEvent         7640B750 5 Bytes  JMP 001803FC 
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] USER32.dll!SetWindowsHookExW      7640E30C 5 Bytes  JMP 00180804 
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] USER32.dll!SetWinEventHook        764124DC 5 Bytes  JMP 001801F8 
.text           C:\Program Files\Microsoft SQL Server\MSSQL$WDP30\Binn\sqlservr.exe[3076] USER32.dll!SetWindowsHookExA      76436D0C 5 Bytes  JMP 00180600 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] ntdll.dll!LdrUnloadDll                 779FC86E 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] ntdll.dll!LdrLoadDll                   77A0223E 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] KERNEL32.dll!GetBinaryTypeW + 70       779269F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] USER32.dll!UnhookWindowsHookEx         7640ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] USER32.dll!UnhookWinEvent              7640B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] USER32.dll!SetWindowsHookExW           7640E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] USER32.dll!SetWinEventHook             764124DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3108] USER32.dll!SetWindowsHookExA           76436D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\system32\svchost.exe[3132] ntdll.dll!LdrUnloadDll                                                779FC86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\svchost.exe[3132] ntdll.dll!LdrLoadDll                                                  77A0223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\svchost.exe[3132] KERNEL32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3132] USER32.dll!UnhookWindowsHookEx                                        7640ADF9 5 Bytes  JMP 000D0A08 
.text           C:\Windows\system32\svchost.exe[3132] USER32.dll!UnhookWinEvent                                             7640B750 5 Bytes  JMP 000D03FC 
.text           C:\Windows\system32\svchost.exe[3132] USER32.dll!SetWindowsHookExW                                          7640E30C 5 Bytes  JMP 000D0804 
.text           C:\Windows\system32\svchost.exe[3132] USER32.dll!SetWinEventHook                                            764124DC 5 Bytes  JMP 000D01F8 
.text           C:\Windows\system32\svchost.exe[3132] USER32.dll!SetWindowsHookExA                                          76436D0C 5 Bytes  JMP 000D0600 
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] ntdll.dll!LdrUnloadDll                    779FC86E 5 Bytes  JMP 000E03FC 
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] ntdll.dll!LdrLoadDll                      77A0223E 5 Bytes  JMP 000E01F8 
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] KERNEL32.dll!GetBinaryTypeW + 70          779269F4 1 Byte  [62]
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] USER32.dll!UnhookWindowsHookEx            7640ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] USER32.dll!UnhookWinEvent                 7640B750 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] USER32.dll!SetWindowsHookExW              7640E30C 5 Bytes  JMP 000F0804 
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] USER32.dll!SetWinEventHook                764124DC 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe[3192] USER32.dll!SetWindowsHookExA              76436D0C 5 Bytes  JMP 000F0600 
.text           C:\Windows\system32\vssvc.exe[3236] ntdll.dll!LdrUnloadDll                                                  779FC86E 5 Bytes  JMP 001203FC 
.text           C:\Windows\system32\vssvc.exe[3236] ntdll.dll!LdrLoadDll                                                    77A0223E 5 Bytes  JMP 001201F8 
.text           C:\Windows\system32\vssvc.exe[3236] KERNEL32.dll!GetBinaryTypeW + 70                                        779269F4 1 Byte  [62]
.text           C:\Windows\system32\vssvc.exe[3236] USER32.dll!UnhookWindowsHookEx                                          7640ADF9 5 Bytes  JMP 00140A08 
.text           C:\Windows\system32\vssvc.exe[3236] USER32.dll!UnhookWinEvent                                               7640B750 5 Bytes  JMP 001403FC 
.text           C:\Windows\system32\vssvc.exe[3236] USER32.dll!SetWindowsHookExW                                            7640E30C 5 Bytes  JMP 00140804 
.text           C:\Windows\system32\vssvc.exe[3236] USER32.dll!SetWinEventHook                                              764124DC 5 Bytes  JMP 001401F8 
.text           C:\Windows\system32\vssvc.exe[3236] USER32.dll!SetWindowsHookExA                                            76436D0C 5 Bytes  JMP 00140600 
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] ntdll.dll!LdrUnloadDll                               779FC86E 5 Bytes  JMP 001703FC 
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] ntdll.dll!LdrLoadDll                                 77A0223E 5 Bytes  JMP 001701F8 
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] KERNEL32.dll!GetBinaryTypeW + 70                     779269F4 1 Byte  [62]
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] USER32.dll!UnhookWindowsHookEx                       7640ADF9 5 Bytes  JMP 00190A08 
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] USER32.dll!UnhookWinEvent                            7640B750 5 Bytes  JMP 001903FC 
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] USER32.dll!SetWindowsHookExW                         7640E30C 5 Bytes  JMP 00190804 
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] USER32.dll!SetWinEventHook                           764124DC 5 Bytes  JMP 001901F8 
.text           C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE[3324] USER32.dll!SetWindowsHookExA                         76436D0C 5 Bytes  JMP 00190600 
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] ntdll.dll!LdrUnloadDll                                          779FC86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] ntdll.dll!LdrLoadDll                                            77A0223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] KERNEL32.dll!GetBinaryTypeW + 70                                779269F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] USER32.dll!UnhookWindowsHookEx                                  7640ADF9 5 Bytes  JMP 00080A08 
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] USER32.dll!UnhookWinEvent                                       7640B750 5 Bytes  JMP 000803FC 
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] USER32.dll!SetWindowsHookExW                                    7640E30C 5 Bytes  JMP 00080804 
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] USER32.dll!SetWinEventHook                                      764124DC 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\wbem\unsecapp.exe[3592] USER32.dll!SetWindowsHookExA                                    76436D0C 5 Bytes  JMP 00080600 
.text           C:\Users\Hobbit\Desktop\gmer.exe[3600] kernel32.dll!GetBinaryTypeW + 70                                       779269F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] ntdll.dll!LdrUnloadDll                                          779FC86E 5 Bytes  JMP 000E03FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] ntdll.dll!LdrLoadDll                                            77A0223E 5 Bytes  JMP 000E01F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70                                779269F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] USER32.dll!UnhookWindowsHookEx                                  7640ADF9 5 Bytes  JMP 00200A08 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] USER32.dll!UnhookWinEvent                                       7640B750 5 Bytes  JMP 002003FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] USER32.dll!SetWindowsHookExW                                    7640E30C 5 Bytes  JMP 00200804 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] USER32.dll!SetWinEventHook                                      764124DC 5 Bytes  JMP 002001F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[3684] USER32.dll!SetWindowsHookExA                                    76436D0C 5 Bytes  JMP 00200600 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] ntdll.dll!LdrUnloadDll                                779FC86E 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] ntdll.dll!LdrLoadDll                                  77A0223E 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] KERNEL32.dll!GetBinaryTypeW + 70                      779269F4 1 Byte  [62]
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] USER32.dll!UnhookWindowsHookEx                        7640ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] USER32.dll!UnhookWinEvent                             7640B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] USER32.dll!SetWindowsHookExW                          7640E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] USER32.dll!SetWinEventHook                            764124DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[4024] USER32.dll!SetWindowsHookExA                          76436D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\System32\rundll32.exe[4040] ntdll.dll!LdrUnloadDll                                               779FC86E 5 Bytes  JMP 001303FC 
.text           C:\Windows\System32\rundll32.exe[4040] ntdll.dll!LdrLoadDll                                                 77A0223E 5 Bytes  JMP 001301F8 
.text           C:\Windows\System32\rundll32.exe[4040] KERNEL32.dll!GetBinaryTypeW + 70                                     779269F4 1 Byte  [62]
.text           C:\Windows\System32\rundll32.exe[4040] USER32.dll!UnhookWindowsHookEx                                       7640ADF9 5 Bytes  JMP 00140A08 
.text           C:\Windows\System32\rundll32.exe[4040] USER32.dll!UnhookWinEvent                                            7640B750 5 Bytes  JMP 001403FC 
.text           C:\Windows\System32\rundll32.exe[4040] USER32.dll!SetWindowsHookExW                                         7640E30C 5 Bytes  JMP 00140804 
.text           C:\Windows\System32\rundll32.exe[4040] USER32.dll!SetWinEventHook                                           764124DC 5 Bytes  JMP 001401F8 
.text           C:\Windows\System32\rundll32.exe[4040] USER32.dll!SetWindowsHookExA                                         76436D0C 5 Bytes  JMP 00140600 
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] ntdll.dll!LdrUnloadDll                                       779FC86E 5 Bytes  JMP 001D03FC 
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] ntdll.dll!LdrLoadDll                                         77A0223E 5 Bytes  JMP 001D01F8 
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] KERNEL32.dll!GetBinaryTypeW + 70                             779269F4 1 Byte  [62]
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] USER32.dll!UnhookWindowsHookEx                               7640ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] USER32.dll!UnhookWinEvent                                    7640B750 5 Bytes  JMP 001E03FC 
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] USER32.dll!SetWindowsHookExW                                 7640E30C 5 Bytes  JMP 001E0804 
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] USER32.dll!SetWinEventHook                                   764124DC 5 Bytes  JMP 001E01F8 
.text           C:\Program Files\FreePDF_XP\fpassist.exe[4088] USER32.dll!SetWindowsHookExA                                 76436D0C 5 Bytes  JMP 001E0600 
.text           C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4196] kernel32.dll!GetBinaryTypeW + 70               779269F4 1 Byte  [62]
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] ntdll.dll!LdrUnloadDll                               779FC86E 5 Bytes  JMP 001E03FC 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] ntdll.dll!LdrLoadDll                                 77A0223E 5 Bytes  JMP 001E01F8 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] KERNEL32.dll!GetBinaryTypeW + 70                     779269F4 1 Byte  [62]
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] USER32.dll!UnhookWindowsHookEx                       7640ADF9 5 Bytes  JMP 001F0A08 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] USER32.dll!UnhookWinEvent                            7640B750 5 Bytes  JMP 001F03FC 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] USER32.dll!SetWindowsHookExW                         7640E30C 5 Bytes  JMP 001F0804 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] USER32.dll!SetWinEventHook                           764124DC 5 Bytes  JMP 001F01F8 
.text           C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4220] USER32.dll!SetWindowsHookExA                         76436D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\System32\mobsync.exe[4252] ntdll.dll!LdrUnloadDll                                                779FC86E 5 Bytes  JMP 000F03FC 
.text           C:\Windows\System32\mobsync.exe[4252] ntdll.dll!LdrLoadDll                                                  77A0223E 5 Bytes  JMP 000F01F8 
.text           C:\Windows\System32\mobsync.exe[4252] KERNEL32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\System32\mobsync.exe[4252] USER32.dll!UnhookWindowsHookEx                                        7640ADF9 5 Bytes  JMP 00110A08 
.text           C:\Windows\System32\mobsync.exe[4252] USER32.dll!UnhookWinEvent                                             7640B750 5 Bytes  JMP 001103FC 
.text           C:\Windows\System32\mobsync.exe[4252] USER32.dll!SetWindowsHookExW                                          7640E30C 5 Bytes  JMP 00110804 
.text           C:\Windows\System32\mobsync.exe[4252] USER32.dll!SetWinEventHook                                            764124DC 5 Bytes  JMP 001101F8 
.text           C:\Windows\System32\mobsync.exe[4252] USER32.dll!SetWindowsHookExA                                          76436D0C 5 Bytes  JMP 00110600 
.text           C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4396] kernel32.dll!GetBinaryTypeW + 70             779269F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[4556] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]
.text           C:\Windows\system32\sppsvc.exe[4608] kernel32.dll!GetBinaryTypeW + 70                                       779269F4 1 Byte  [62]
.text           C:\Program Files\Lenovo\System Update\SUService.exe[4640] KERNEL32.dll!GetBinaryTypeW + 70                  779269F4 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[5620] kernel32.dll!GetBinaryTypeW + 70                                      779269F4 1 Byte  [62]

---- Devices - GMER 1.0.15 ----

Device                                                                                                                      aswSP.SYS (avast! self protection module/AVAST Software)
Device                                                                                                                      Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                              tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device                                                                                                                      fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000051                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device                                                                                                                      volmgr.sys (Volume Manager Driver/Microsoft Corporation)

AttachedDevice                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78dd08a7b88c                                 
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78dd08a7b88c (not active ControlSet)             

---- EOF - GMER 1.0.15 ----
         
--- --- ---

--- --- ---
[/codebox]



Frag mich gerade, ob es nicht gleich besser ist das System neu aufzusetzen??!!

Wie würdet Ihr vorgehen?

Gruß

theexciter

Geändert von theexciter (01.12.2012 um 09:49 Uhr)

Alt 01.12.2012, 11:38   #2
ryder
/// TB-Ausbilder
 
Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen - Standard

Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen



Du weißt nicht wie sich das eingeschlichen hat?

Ich schon ...
Zitat:
C:\Windows\KMService.exe (RiskWare.Tool.CK)
... macht nur dann Sinn, wenn man eine illegale Kopie betreiben will.

Supportstopp: Cracks oder Keygens
Zitat:
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du Cracks oder Keygeneratoren einsetzt oder den Kopierschutz von installierten Programmen umgehst. Bitte habe Verständnis dafür, dass wir dies nicht unterstützen können und dürfen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne.
Damit ist das Thema beendet.
__________________

__________________

Alt 01.12.2012, 12:04   #3
theexciter
 
Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen - Standard

Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen



????

Was ist das? Wie kommt das da rauf?
__________________

Antwort

Themen zu Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen
adobe, adobe flash player, antivirus, avast, bho, defender, explorer, firefox, flash player, format, helper, hotkey, lenovo, logfile, löschen, malwarebytes, microsoft, minidump, mozilla, ntdll.dll, opera, registry, rundll, software, system, system neu, trojaner, windows



Ähnliche Themen: Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen


  1. Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
    Log-Analyse und Auswertung - 04.11.2014 (3)
  2. Interpol-Trojaner (ukash) auf Windows XP-Rechner (32Bit)
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (28)
  3. Windows 8.1 32bit Email der Anwalt Ebay GmbH Anhang geöffnet -> Trojaner?
    Log-Analyse und Auswertung - 09.07.2014 (13)
  4. Windows Vista 32Bit Interpol-Trojaner, Österr.
    Log-Analyse und Auswertung - 05.03.2014 (21)
  5. Windows 7 (32bit): Virenfund und Windows Firewall kann nicht aktiviert werden
    Log-Analyse und Auswertung - 03.02.2014 (9)
  6. BKA-Trojaner Sperrbildschirm Windows Vista (32bit) kein abgesicherter Modus
    Log-Analyse und Auswertung - 07.01.2014 (14)
  7. Windows 7 - 32bit: Windows Explorer schließt von selbst.
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (6)
  8. Windows 8: 32bit. Trojaner/Virenproblem, extrem langsam, Dropbox aktualisiert ständig.
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (9)
  9. Windows 7, 32Bit, Trojaner: Notebookbildschirm schwarz
    Log-Analyse und Auswertung - 04.11.2013 (20)
  10. GVU Trojaner Windows 7 32bit
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (28)
  11. GVU-Trojaner - Windows XP 32Bit
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (39)
  12. Laptop mit Windows Vista (32bit) infiziert mit JS/Agent.480412 (BKA-Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (12)
  13. GVU Trojaner Windows XP 32bit
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (15)
  14. GVU Trojaner - Windows 7 - 32bit
    Log-Analyse und Auswertung - 15.11.2012 (17)
  15. GVU Trojaner 2.07 Windows 7 32bit
    Log-Analyse und Auswertung - 26.09.2012 (9)
  16. GVU-Trojaner auf Laptop (Windows Vista / 32bit System)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  17. GVU Trojaner Windows XP 32bit
    Log-Analyse und Auswertung - 02.04.2012 (16)

Zum Thema Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen - Hi, habe hier ein Win7 32bit System auf dem sich schon zum 2x mal ein GVU-Trojaner eingeschlichen hat (trotz installiertem Avast) :-( Der erste GVU-Trojaner hat sich im Juli eingeschlichen, - Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen...
Archiv
Du betrachtest: Windows 7 32bit - GVU Trojaner 11.3 - Trojan.Wheelsof.gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.