Hey Cosinus,
hier ist schon mal die Logdatei von Gmer: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-31 23:24:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE3O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Grant\AppData\Local\Temp\fgtyypog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800035fe000 45 bytes [00, 00, 13, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800035fe02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076861465 2 bytes [86, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768614bb 2 bytes [86, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000771e08fc 4 bytes [68, A0, CF, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000771e0901 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000771f25fd 6 bytes [68, BD, 57, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 6 bytes [68, CB, D0, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077202a63 6 bytes [68, 03, 58, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077224128 6 bytes [68, 49, 58, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007722e659 6 bytes [68, 8F, 58, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 000000007659455c 6 bytes [68, 34, D3, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 00000000765979f8 6 bytes [68, F3, D2, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetDC 00000000762172c4 4 bytes [68, 92, 18, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000762172c9 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076217446 6 bytes [68, 10, 19, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076217809 6 bytes [68, A5, 5D, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762178e2 6 bytes [68, 22, DE, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076217bd3 6 bytes [68, 4A, DE, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076218048 4 bytes [68, D1, 18, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007621804d 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076218a65 6 bytes [68, C1, 5A, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007621b17d 6 bytes [68, 5B, 5B, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007621db98 6 bytes [68, AD, 5B, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762205ba 6 bytes [68, 72, DE, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076220d32 6 bytes [68, F3, 59, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076221218 6 bytes [68, 55, DC, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076221341 4 bytes [68, F7, 17, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076221346 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076221361 4 bytes [68, 87, 17, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076221366 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076222a8d 6 bytes [68, 23, DC, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076222aac 6 bytes [68, 83, DD, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076223391 4 bytes [68, 37, 18, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076223396 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007622434b 6 bytes [68, 0E, 5B, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076225f74 6 bytes [68, 9D, DE, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076226222 6 bytes [68, E3, 19, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007622792f 6 bytes [68, 3C, 5A, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076227fbb 6 bytes [68, 1E, 59, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007622810c 6 bytes [68, AD, 59, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762285c1 6 bytes [68, D5, 58, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762286b4 6 bytes [68, 67, 59, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007623d41f 6 bytes [68, 50, 19, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007623ed49 6 bytes [68, 33, DD, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!SetCapture 000000007623ed56 4 bytes [68, D9, DC, 25]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007623ed5b 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076259854 6 bytes [68, 9F, 57, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076259cfd 6 bytes [68, 9C, DC, 25, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076259f1d 6 bytes [68, 54, 5F, 26, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000762787cb 4 bytes [68, 4F, 57, 26]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4260] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000762787d0 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000771e08fc 4 bytes [68, A0, CF, 06]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000771e0901 1 byte [C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000771f25fd 6 bytes [68, BD, 57, 07, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 6 bytes [68, CB, D0, 06, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077202a63 6 bytes [68, 03, 58, 07, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077224128 6 bytes [68, 49, 58, 07, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007722e659 6 bytes [68, 8F, 58, 07, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007659455c 6 bytes [68, 34, D3, 06, 00, C3]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5012] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000765979f8 6 bytes [68, F3, D2, 06, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000771e08fc 4 bytes [68, A0, CF, 43]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000771e0901 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000771f25fd 6 bytes [68, BD, 57, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771fc45a 6 bytes [68, CB, D0, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077202a63 6 bytes [68, 03, 58, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077224128 6 bytes [68, 49, 58, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007722e659 6 bytes [68, 8F, 58, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 000000007659455c 6 bytes [68, 34, D3, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000765979f8 6 bytes [68, F3, D2, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetDC 00000000762172c4 4 bytes [68, 92, 18, 43]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetDC + 5 00000000762172c9 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076217446 6 bytes [68, 10, 19, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076217809 6 bytes [68, A5, 5D, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000762178e2 6 bytes [68, 22, DE, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076217bd3 6 bytes [68, 4A, DE, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetWindowDC 0000000076218048 4 bytes [68, D1, 18, 43]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 000000007621804d 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076218a65 6 bytes [68, C1, 5A, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!RegisterClassExW 000000007621b17d 6 bytes [68, 5B, 5B, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007621db98 6 bytes [68, AD, 5B, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000762205ba 6 bytes [68, 72, DE, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076220d32 6 bytes [68, F3, 59, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076221218 6 bytes [68, 55, DC, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076221341 4 bytes [68, F7, 17, 43]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076221346 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076221361 4 bytes [68, 87, 17, 43]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076221366 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076222a8d 6 bytes [68, 23, DC, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076222aac 6 bytes [68, 83, DD, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076223391 4 bytes [68, 37, 18, 43]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076223396 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007622434b 6 bytes [68, 0E, 5B, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076225f74 6 bytes [68, 9D, DE, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 0000000076226222 6 bytes [68, E3, 19, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!CallWindowProcA 000000007622792f 6 bytes [68, 3C, 5A, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!DefFrameProcA 0000000076227fbb 6 bytes [68, 1E, 59, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 000000007622810c 6 bytes [68, AD, 59, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!DefFrameProcW 00000000762285c1 6 bytes [68, D5, 58, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 00000000762286b4 6 bytes [68, 67, 59, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007623d41f 6 bytes [68, 50, 19, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!ReleaseCapture 000000007623ed49 6 bytes [68, 33, DD, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!SetCapture 000000007623ed56 4 bytes [68, D9, DC, 43]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!SetCapture + 5 000000007623ed5b 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!SwitchDesktop 0000000076259854 6 bytes [68, 9F, 57, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076259cfd 6 bytes [68, 9C, DC, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076259f1d 6 bytes [68, 54, 5F, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 00000000762787cb 4 bytes [68, 4F, 57, 44]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 00000000762787d0 1 byte [C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007591c592 6 bytes [68, B1, D3, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075952538 6 bytes [68, 9A, D3, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075c83918 6 bytes [68, 27, E3, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000075c84296 6 bytes [68, 38, DF, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075c84406 6 bytes [68, 80, E3, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WS2_32.dll!send 0000000075c86f01 6 bytes [68, 5F, E3, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075c97673 6 bytes [68, C8, DE, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000075db1224 6 bytes [68, 89, 7E, 43, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 0000000076053cc2 6 bytes [68, DC, 08, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 0000000076056ab7 6 bytes [68, 7C, 0A, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000760576e6 6 bytes [68, 62, 06, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 0000000076057e1d 6 bytes [68, DA, 05, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000760aa1ad 6 bytes [68, 50, 0A, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000760aa5ef 6 bytes [68, 49, 09, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000760b1aa2 6 bytes [68, 77, 09, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000760ba74d 6 bytes [68, 0C, 07, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000760bad40 6 bytes [68, 46, 08, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 00000000760dad1d 6 bytes [68, F6, 09, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 00000000761256ed 6 bytes [68, 91, 08, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000761257a6 6 bytes [68, A9, 07, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076125876 6 bytes [68, B7, 06, 44, 00, C3]
.text C:\Program Files\Sony\VAIO Care\listener.exe[2180] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076125b15 6 bytes [68, 1E, 06, 44, 00, C3]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9b5b596
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb9b9519a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9b5b596 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb9b9519a (not active ControlSet)
---- EOF - GMER 2.1 ---- Ich führe jetzt dann noch MBAR aus.
Bei MBAR wurde nichts "bösartiges" gefunden, so die Meldung...
Hier die Logdatei: Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.31.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Grant :: GRANT-VAIO [administrator]
31.05.2013 23:33:33
mbar-log-2013-05-31 (23-33-33).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 247465
Time elapsed: 31 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end) |