Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?

JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?


Plagegeister aller Art und deren Bekämpfung: JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 10.10.2011, 15:44   #1
TanjaK
 
JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"? - Standard

JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?


Hallo liebes Trojaner-Board.

Obigen Virus hat Avira gestern beim Scan gemeldet. Ich habe ihn in Quarantäne verschoben. Mein Rechner funktioniert normal - aber das soll ja nichts heißen. Könntet Ihr bitte mal nachsehen, ob alles so ist, wie es sein soll, sprich kein Virus oder Trojaner sein Unwesen treibt?

1000 Dank im voraus,

Tanjak

P.S.: OTL hat bei mir nur 1 Datei ausgeworfen. Diese sowie die Gmer-Datei poste ich im Anschluss:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.10.2011 13:09:02 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Tanja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,75% Memory free
4,22 Gb Paging File | 2,20 Gb Available in Paging File | 52,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 4,12 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 70,98 Gb Free Space | 97,16% Space Free | Partition Type: NTFS
Drive F: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: TANJA-PC | User Name: Tanja Huberti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tanja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\Programme\MozyHome\mozystat.exe (Mozy, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\System32\HMXUtil6x.exe (Magic Control Technology Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\MoveIt.exe ()
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Windows\System32\mctudll.exe (TODO: <Company name>)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
PRC - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
PRC - C:\Programme\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Programme\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Programme\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBGE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\AccSys\accsvc.exe (AccSys GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Tanja\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Tanja\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Users\Tanja\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Users\Tanja\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll ()
MOD - C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll ()
MOD - C:\Windows\System32\Watch.dll ()
MOD - C:\Windows\System32\MoveIt.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\System32\UDLL.dll ()
MOD - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HWDeviceService.exe) -- File not found
SRV - (Mobile Partner. RunOuc) -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (AVG Anti-Spyware Guard) -- C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe (GRISOFT s.r.o.)
SRV - (ASLDRService) -- C:\Programme\ATK Hotkey\ASLDRSrv.exe ()
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (accsvc) -- C:\Programme\Common Files\AccSys\accsvc.exe (AccSys GmbH)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hmxproj) -- C:\Windows\System32\drivers\hmxusb.sys (Magic Control Technology Corp.)
DRV - (HMXProjMir) -- C:\Windows\System32\drivers\HMXMrGrp.sys (Magic Control Technology Corp.)
DRV - (HMXProjExt) -- C:\Windows\System32\drivers\HMXExGrp.sys (Magic Control Technology Corp.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AVG Anti-Spyware Driver) -- C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (AvgAsCln) -- C:\Windows\System32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)
DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)
DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)
DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)
DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD BD 0C 0E F6 D8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.23 08:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.03.28 22:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja Huberti\AppData\Roaming\mozilla\Extensions
[2011.03.28 22:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja Huberti\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.06.29 14:08:03 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2011.02.04 23:28:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HMXUtil6x] C:\Windows\System32\HMXUtil6x.exe (Magic Control Technology Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mctudll] C:\Windows\System32\mctudll.exe (TODO: <Company name>)
O4 - HKLM..\Run: [MoveIt] C:\Windows\System32\MoveIt.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKCU..\Run: [ABBYY Screenshot Reader Retail] "C:\Program Files\ABBYY Screenshot Reader\ScreenshotReader.exe" -autorun File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110526061118 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.fujidirekt.de/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67714390-5FE7-46B1-A808-9072A2D4EC7C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BC939B0-AD32-46CC-91A3-4FB07A92B431}: DhcpNameServer = 193.254.160.1 10.74.83.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B92FFF73-0C6C-49CF-8600-B8949315E859}: DhcpNameServer = 192.168.1.2 192.168.1.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.06 22:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2011.10.06 22:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner
[2011.10.06 22:19:21 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011.10.06 22:19:21 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.10.06 22:19:21 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.10.06 22:19:21 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2011.10.06 22:19:21 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2011.10.06 22:19:21 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2011.10.06 22:19:21 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2011.10.06 22:19:21 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2011.10.06 22:19:21 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.10.06 22:19:21 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2011.10.06 22:19:21 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2011.10.06 22:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner
[2011.10.06 22:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2008.01.21 13:29:49 | 058,619,176 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.10 13:12:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.10 13:12:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.10 11:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.10 11:11:59 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.07 12:53:08 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.07 12:53:08 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.07 12:53:08 | 000,128,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.07 12:53:08 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.06 22:20:51 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.10.06 22:20:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011.10.06 22:18:19 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011.10.06 22:18:19 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.10.06 22:18:19 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.10.06 22:18:19 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2011.10.06 22:18:19 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2011.10.06 22:18:19 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2011.10.06 22:18:19 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2011.10.06 22:18:19 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2011.10.06 22:18:19 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.10.06 22:18:19 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2011.10.06 22:18:19 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2011.09.14 11:46:30 | 000,005,584 | ---- | M] () -- C:\Windows\mozy.blk
[2011.09.14 11:46:30 | 000,001,844 | ---- | M] () -- C:\Windows\mozy.flt
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.06 22:20:51 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.10.06 22:20:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011.03.23 23:18:43 | 000,795,136 | ---- | C] () -- C:\Windows\System32\MoveIt.exe
[2011.03.23 23:18:43 | 000,430,080 | ---- | C] () -- C:\Windows\System32\UDLL.dll
[2011.03.23 23:18:43 | 000,054,272 | ---- | C] () -- C:\Windows\System32\Watch.dll
[2011.03.23 23:18:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\mctudll.dll
[2011.03.23 23:18:43 | 000,000,216 | ---- | C] () -- C:\Windows\System32\Himax.ini
[2011.02.04 23:09:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.04 23:09:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.04 23:09:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.04 23:09:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.04 23:09:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.12.03 22:51:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.02 13:37:51 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.11.03 09:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.05 14:17:55 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.10.05 13:02:31 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2009.09.17 08:57:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 08:57:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.25 12:48:00 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.01.07 17:13:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.12.08 14:51:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.25 11:24:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.01.02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.01.02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.01.02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.09.30 13:47:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.08.13 14:20:38 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.08.13 13:52:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.08.13 13:52:05 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.08.13 13:52:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.08.13 13:52:05 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.08.13 13:52:05 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.08.13 13:52:05 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.08.13 13:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.08.13 13:30:56 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.08.13 13:30:56 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.08.13 13:30:56 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.08.13 13:30:56 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.08.13 12:06:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.13 12:06:09 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.13 12:06:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006.11.02 17:33:31 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,128,796 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,317,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.03.02 18:20:55 | 000,000,000 | ---D | M] -- C:\Users\Tanja Huberti\AppData\Roaming\Grisoft
[2011.03.02 18:21:46 | 000,000,000 | ---D | M] -- C:\Users\Tanja Huberti\AppData\Roaming\Teleca
[2011.03.28 22:05:32 | 000,000,000 | ---D | M] -- C:\Users\Tanja Huberti\AppData\Roaming\TomTom
[2011.10.09 23:11:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-10 15:34:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0040
Running: 8yzh40tx.exe; Driver: C:\Users\TANJAH~1\AppData\Local\Temp\kwtoipow.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT 891DD0C6 ZwCreateSection
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0x8FB638AC]
SSDT 891DD0CB ZwSetContextThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FAC1620]
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!KeSetEvent + 215 824F4998 4 Bytes [C6, D0, 1D, 89]
.text ntkrnlpa.exe!KeSetEvent + 3F1 824F4B74 4 Bytes [AC, 38, B6, 8F]
.text ntkrnlpa.exe!KeSetEvent + 56D 824F4CF0 4 Bytes [CB, D0, 1D, 89]
.text ntkrnlpa.exe!KeSetEvent + 621 824F4DA4 4 Bytes [20, 16, AC, 8F]
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88751000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8879A000, 0x510, 0x40000040]
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] kernel32.dll!CreateThread 75B3CB2E 5 Bytes JMP 6D9571CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateDialogParamW 760272A2 5 Bytes JMP 6DAE61F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!GetAsyncKeyState 7602863C 5 Bytes JMP 6D93DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!SetWindowsHookExW 760287AD 5 Bytes JMP 6D99204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CallNextHookEx 76028E3B 5 Bytes JMP 6D9B7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!UnhookWindowsHookEx 760298DB 5 Bytes JMP 6D9DEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!EnableWindow 7602CD8B 5 Bytes JMP 6D9998BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DefWindowProcA 7602DB88 7 Bytes JMP 6D9593F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateWindowExA 7602DC2A 2 Bytes JMP 6D963223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateWindowExA + 3 7602DC2D 2 Bytes [93, F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateWindowExW 76031305 5 Bytes JMP 6D9BFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!GetKeyState 76038CB1 5 Bytes JMP 6D93DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DefWindowProcW 760403B4 7 Bytes JMP 6D9B7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!IsDialogMessageW 76040745 5 Bytes JMP 6DAE696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateDialogParamA 760417AA 5 Bytes JMP 6DAE61C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!IsDialogMessage 76041847 5 Bytes JMP 6DAE6944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateDialogIndirectParamA 760426F1 5 Bytes JMP 6DAE6230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!CreateDialogIndirectParamW 76049A62 5 Bytes JMP 6DAE6268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!SetKeyboardState 76050987 5 Bytes JMP 6DAE7235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxParamW 760510B0 5 Bytes JMP 6D8F15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxIndirectParamW 76052EF5 5 Bytes JMP 6DAE5E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!SendInput 76052F75 5 Bytes JMP 6DAE71DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!EndDialog 7605326E 5 Bytes JMP 6DAE6C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!SetCursorPos 76066FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!SetCursorPos 76066FB2 5 Bytes JMP 6DAE72B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxParamA 76068152 5 Bytes JMP 6DAE5E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!DialogBoxIndirectParamA 7606847D 5 Bytes JMP 6DAE5EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxIndirectA 7607D4D9 5 Bytes JMP 6DAE5DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxIndirectW 7607D5D3 5 Bytes JMP 6DAE5D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxExA 7607D639 5 Bytes JMP 6DAE5CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!MessageBoxExW 7607D65D 5 Bytes JMP 6DAE5C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] USER32.dll!keybd_event 7607D972 5 Bytes JMP 6DAE719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] SHELL32.dll!SHRestricted + D95 763089A8 4 Bytes [CF, 01, 0E, 6D] {IRET ; ADD [ESI], ECX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] SHELL32.dll!SHRestricted + D9D 763089B0 8 Bytes [E0, 61, 0D, 6D, 79, F7, 0D, ...] {LOOPNZ 0x63; OR EAX, 0xdf7796d; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[3084] ole32.dll!OleLoadFromStream 76DC1E80 5 Bytes JMP 6DAE6676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!EnableWindow 7602CD8B 5 Bytes JMP 6D9998BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamW 760510B0 5 Bytes JMP 6D8F15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamW 76052EF5 5 Bytes JMP 6DAE5E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamA 76068152 5 Bytes JMP 6DAE5E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamA 7606847D 5 Bytes JMP 6DAE5EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectA 7607D4D9 5 Bytes JMP 6DAE5DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectW 7607D5D3 5 Bytes JMP 6DAE5D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExA 7607D639 5 Bytes JMP 6DAE5CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExW 7607D65D 5 Bytes JMP 6DAE5C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateThread 75B3CB2E 5 Bytes JMP 6D9571CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateDialogParamW 760272A2 5 Bytes JMP 6DAE61F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!GetAsyncKeyState 7602863C 5 Bytes JMP 6D93DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetWindowsHookExW 760287AD 5 Bytes JMP 6D99204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CallNextHookEx 76028E3B 5 Bytes JMP 6D9B7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!UnhookWindowsHookEx 760298DB 5 Bytes JMP 6D9DEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!EnableWindow 7602CD8B 5 Bytes JMP 6D9998BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcA 7602DB88 7 Bytes JMP 6D9593F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExA 7602DC2A 2 Bytes JMP 6D963223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExA + 3 7602DC2D 2 Bytes [93, F7]
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExW 76031305 5 Bytes JMP 6D9BFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!GetKeyState 76038CB1 5 Bytes JMP 6D93DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcW 760403B4 7 Bytes JMP 6D9B7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!IsDialogMessageW 76040745 5 Bytes JMP 6DAE696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateDialogParamA 760417AA 5 Bytes JMP 6DAE61C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!IsDialogMessage 76041847 5 Bytes JMP 6DAE6944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateDialogIndirectParamA 760426F1 5 Bytes JMP 6DAE6230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateDialogIndirectParamW 76049A62 5 Bytes JMP 6DAE6268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetKeyboardState 76050987 5 Bytes JMP 6DAE7235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamW 760510B0 5 Bytes JMP 6D8F15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamW 76052EF5 5 Bytes JMP 6DAE5E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SendInput 76052F75 5 Bytes JMP 6DAE71DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!EndDialog 7605326E 5 Bytes JMP 6DAE6C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetCursorPos 76066FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetCursorPos 76066FB2 5 Bytes JMP 6DAE72B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamA 76068152 5 Bytes JMP 6DAE5E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamA 7606847D 5 Bytes JMP 6DAE5EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectA 7607D4D9 5 Bytes JMP 6DAE5DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectW 7607D5D3 5 Bytes JMP 6DAE5D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExA 7607D639 5 Bytes JMP 6DAE5CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExW 7607D65D 5 Bytes JMP 6DAE5C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!keybd_event 7607D972 5 Bytes JMP 6DAE719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] SHELL32.dll!SHRestricted + D95 763089A8 4 Bytes [CF, 01, 0E, 6D] {IRET ; ADD [ESI], ECX; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] SHELL32.dll!SHRestricted + D9D 763089B0 8 Bytes [E0, 61, 0D, 6D, 79, F7, 0D, ...] {LOOPNZ 0x63; OR EAX, 0xdf7796d; INSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 76DC1E80 5 Bytes JMP 6DAE6676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
 
---- EOF - GMER 1.0.15 ----
--- --- ---
 

Themen zu JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?
adobe, antivir, avira, bho, bonjour, cdburnerxp, defender, ebay, error, explorer, firefox, format, google, home, iexplore.exe, langs, logfile, monitor, mozilla thunderbird, msvcrt, nodrives, picasa, plug-in, realtek, registry, safer networking, scan, sched.exe, senden, shell32.dll, software, staropen, superantispyware, t-mobile, temp, version=1.0, virus, vista


« Seltsame Dateien die leer sind, sonst keine Funde von vielen Scannern | Bundespolizeivirus (Win 7) »


Ähnliche Themen: JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?


  1. Malwarebytes hat "Babylon" entdeckt und beseitigt, ist mein Rechner jetzt sauber?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (15)
  2. Ist mein Rechner wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  3. "Polizei-Trojaner - österr. Variante" - Ist mein PC wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  4. PC wiederholt verseucht mit "Live Security Platinum", jetzt wieder sauber?
    Log-Analyse und Auswertung - 21.06.2012 (1)
  5. "Data Restore" entfernt - Rechner komplett sauber?
    Log-Analyse und Auswertung - 09.04.2012 (20)
  6. Nicht sicher, ob PC nach "System Fix" Entfernung wieder "sauber"
    Log-Analyse und Auswertung - 07.01.2012 (18)
  7. Befall durch TR/PSW.Zbot.2805 und JAVA/Exdoer.CU.2 und JAVA/Exdoer.CT.3
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (19)
  8. Wieder sauber nach "tUaaq+xN.exe.part"?
    Log-Analyse und Auswertung - 30.07.2010 (4)
  9. TR/Crypt.ZPACK.Gen ist mein Rechner jetzt "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2010 (15)
  10. Antivir findet mehrfach "tr/crypt.xpack.gen", is mein PC sauber?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (10)
  11. Ist mein System sauber? (hatte u.a. "flacor.dat"-Meldung)
    Log-Analyse und Auswertung - 14.04.2010 (15)
  12. Crypt.ZPACK.Gen - ist mein Rechner jetzt endlich wieder "sauber"
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (1)
  13. HP steht unter Quarantäne, obwohl die Seite "sauber" ist
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (6)
  14. "Ordentlicher" Befall nach Öffnen eines fremden Sticks. Wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2009 (15)
  15. Ist mein Rechner wieder sauber?
    Log-Analyse und Auswertung - 23.03.2009 (0)
  16. Trojaner "TDSS" / Antivirus 2009 Spyware -Ist das System jetzt wieder sauber???
    Log-Analyse und Auswertung - 15.02.2009 (3)
  17. Sytem (hoffentlich) wieder sauber aber Probleme mit der DLL "SHLWAPI.dll"
    Plagegeister aller Art und deren Bekämpfung - 26.07.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"? - Hallo liebes Trojaner-Board. Obigen Virus hat Avira gestern beim Scan gemeldet. Ich habe ihn in Quarantäne verschoben. Mein Rechner funktioniert normal - aber das soll ja nichts heißen. Könntet Ihr - JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"?...
Archiv
Du betrachtest: JAVA/Exdoer.CU.2 in Quarantäne. Ist mein Rechner wieder "sauber"? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19