Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira meldet EXP/JAVA.Ternub.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 08.07.2012, 16:21   #1
s1430
 
Avira meldet EXP/JAVA.Ternub.Gen - Standard

Avira meldet EXP/JAVA.Ternub.Gen



Hallo,
bei einem vollständigen Suchlauf meldete Avira AntiVir heute folgenden Fund:

Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen

Habe diese dann in Quarantäne verschoben...aber wie ich jetzt hier gelesen habe, ist der Trojaner wohl trotzdem noch irgendwie "auf meinem PC aktiv"?
Wie bekomme ich ihn entgültig aus meinem PC raus?

Mir war zuvor aufgefallen, dass ich vermutlich eine Spammail bekommen habe. (Ich habe eine email von meiner Freundin bekommen, die angeblich aber nichts verschickt hat..?)

Vorab noch: Ich kenn mich wirklich nicht wirklich gut aus mit "Computer-Fachbegriffen" ...bin eben ein reiner Anwender...
...und froh wenn mir hier jemand helfen könnte ...

Danke,
Grüßle,
Sandra


----------------------------------------------------------------

Nun habe ich defogger, OTL und GMER runtergeladen und folgende Meldungen bekommen:

OTL:

OTL logfile created on: 08.07.2012 13:32:56 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,46% Memory free
4,23 Gb Paging File | 2,96 Gb Available in Paging File | 70,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 286,09 Gb Free Space | 64,18% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.08 13:32:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
PRC - [2012.06.07 20:18:15 | 000,373,632 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.05.04 21:53:20 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.02 16:38:49 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.29 22:45:06 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008.05.29 22:45:04 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.exe
PRC - [2007.04.19 15:45:10 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007.04.19 15:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe


========== Modules (No Company Name) ==========

MOD - [2008.05.29 22:44:20 | 000,139,264 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\nsldap32v50.dll
MOD - [2007.12.19 15:23:10 | 000,292,864 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\libxmlsec.dll
MOD - [2007.12.19 15:10:06 | 000,152,064 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\libxslt.dll
MOD - [2007.12.19 15:04:24 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.06.07 20:18:15 | 000,373,632 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.05.04 21:53:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.02.23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100346&babsrc=SP_ss&mntrId=2a21be62000000000000000000000000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE429
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA879F20-483F-4559-B750-6C7C0D8B5A24}: NameServer = 217.0.43.129 217.0.43.145
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sandra\Pictures\2011\2011-04-04 Sandras Geburtstag\Originals\2011-03-26 10-28-41_0015.JPG
O24 - Desktop BackupWallPaper: C:\Users\Sandra\Pictures\2011\2011-04-04 Sandras Geburtstag\Originals\2011-03-26 10-28-41_0015.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c8e73f3-7885-11e0-a4a5-001d9261d782}\Shell - "" = AutoRun
O33 - MountPoints2\{0c8e73f3-7885-11e0-a4a5-001d9261d782}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.08 13:31:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012.07.08 12:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.06.25 08:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

========== Files - Modified Within 30 Days ==========

[2012.07.08 13:32:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe
[2012.07.08 13:30:26 | 000,000,000 | ---- | M] () -- C:\Users\Sandra\defogger_reenable
[2012.07.08 13:27:50 | 000,050,477 | ---- | M] () -- C:\Users\Sandra\Desktop\Defogger.exe
[2012.07.08 13:18:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.08 12:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.08 12:40:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 12:40:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 12:18:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.08 10:49:01 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.08 10:49:01 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.08 10:49:01 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.08 10:49:01 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.08 10:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.08 10:39:52 | 2146,738,176 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.07 22:17:39 | 000,026,639 | ---- | M] () -- C:\Users\Sandra\Documents\Gewinnspiele online 1.ods
[2012.07.07 18:25:26 | 002,328,201 | ---- | M] () -- C:\Users\Sandra\Desktop\Nesquik.pdf
[2012.06.30 11:04:05 | 000,508,558 | ---- | M] () -- C:\Users\Sandra\Desktop\Gedicht1.jpg
[2012.06.17 20:01:40 | 000,246,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 13:54:32 | 000,053,163 | ---- | M] () -- C:\Users\Sandra\Desktop\Freundebuch.odp
[2012.06.12 07:20:49 | 001,175,165 | ---- | M] () -- C:\Users\Sandra\Desktop\Akkordeon Mitgliedschaft.jpg

========== Files Created - No Company Name ==========

[2012.07.08 13:30:26 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\defogger_reenable
[2012.07.08 13:27:50 | 000,050,477 | ---- | C] () -- C:\Users\Sandra\Desktop\Defogger.exe
[2012.07.07 18:25:26 | 002,328,201 | ---- | C] () -- C:\Users\Sandra\Desktop\Nesquik.pdf
[2012.06.30 11:04:05 | 000,508,558 | ---- | C] () -- C:\Users\Sandra\Desktop\Gedicht1.jpg
[2012.06.13 11:28:47 | 000,053,163 | ---- | C] () -- C:\Users\Sandra\Desktop\Freundebuch.odp
[2012.06.12 07:20:49 | 001,175,165 | ---- | C] () -- C:\Users\Sandra\Desktop\Akkordeon Mitgliedschaft.jpg
[2011.10.17 12:07:59 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.05.15 15:15:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.14 18:43:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.14 18:43:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.03 11:50:29 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2011.05.03 11:50:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011.05.03 11:50:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011.05.03 11:50:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011.05.03 11:50:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2011.05.03 11:50:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011.05.03 11:50:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011.05.03 11:50:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011.05.03 11:50:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011.05.03 11:50:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011.05.03 11:50:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011.05.03 11:50:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011.05.03 11:50:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011.05.03 11:50:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011.05.03 11:50:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011.05.03 11:50:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011.05.03 11:50:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2011.05.02 10:16:03 | 000,000,232 | ---- | C] () -- C:\Windows\lexstat.ini
[2011.04.28 18:54:04 | 000,130,560 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.28 18:44:01 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012.06.07 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Babylon
[2012.01.03 00:52:05 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Canon
[2011.12.05 07:34:23 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.04.29 21:38:04 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\fotobuch.de AG
[2011.12.18 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PhotoScape
[2012.07.08 10:38:49 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
--------------------------------------------------------------------

Extras

OTL Extras logfile created on: 08.07.2012 13:32:56 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sandra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,46% Memory free
4,23 Gb Paging File | 2,96 Gb Available in Paging File | 70,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 286,09 Gb Free Space | 64,18% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32

Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23F66941-68F4-4FDE-ABC8-FC3D91C816A9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{8DF2F874-4885-4782-94F2-FE22D3AAF14A}" = rport=5357 | protocol=6 | dir=out | app=system |
"{9819EE5A-F01F-4356-B222-29FBA9DF353F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{9F5352E2-324A-4B71-8B35-B8AAF292FE11}" = rport=5358 | protocol=6 | dir=out | app=system |
"{CAFD99C0-9DB5-49AA-841E-A108EA8D77EB}" = lport=5357 | protocol=6 | dir=in | app=system |
"{F7449B9E-471E-4E92-AE36-0A33236514AF}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{44C9529C-9261-4C21-972E-D122F58C958A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{672593DC-E6FF-4B83-8E4C-6BEE6EC40ABD}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{7ED2ADEA-D3F2-4173-B397-24863B0A2402}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{9E4A545B-44C5-4A20-A44B-065623DB16F9}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{C4563E82-6657-4C0A-A8C7-D2FDAFD3F19A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe |
"{DF7E1197-83CE-4BDB-8738-C050F4C8CF3D}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43721D86-16D1-46BF-8353-37CD82333BC3}" = OpenOffice.org 2.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6474E823-3AB2-FFE2-08B2-D1AF0DA1AAA7}" = myphotobook.de
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Lexmark 1200 Series" = Lexmark 1200 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"PIXresizer_is1" = PIXresizer
"Recuva" = Recuva
"Updater Service" = Updater Service
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.06.2012 03:26:44 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227
Description =

Error - 20.06.2012 03:27:11 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227
Description =

Error - 20.06.2012 03:27:52 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227
Description =

Error - 20.06.2012 14:55:23 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel
0x4fb57c8f, fehlerhaftes Modul AVIRAB~1.DLL, Version 3.0.0.1000, Zeitstempel 0x4fb9bbff,
Ausnahmecode 0xc0000005, Fehleroffset 0x00014a6a, Prozess-ID 0xd48, Anwendungsstartzeit
01cd4f15f521fe11.

Error - 21.06.2012 15:52:32 | Computer Name = Sandra-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: f10 Anfangszeit: 01cd4fd94d411817 Zeitpunkt
der Beendigung: 0

Error - 23.06.2012 15:15:00 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel
0x4fb57c8f, fehlerhaftes Modul AVIRAB~1.DLL, Version 3.0.0.1000, Zeitstempel 0x4fb9bbff,
Ausnahmecode 0xc0000005, Fehleroffset 0x00014a6a, Prozess-ID 0x9fc, Anwendungsstartzeit
01cd5173cb286520.

Error - 23.06.2012 15:17:48 | Computer Name = Sandra-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 13c0 Anfangszeit: 01cd51747d9a1ca8 Zeitpunkt
der Beendigung: 0

Error - 02.07.2012 15:15:39 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel
0x4fb57c8f, fehlerhaftes Modul MSHTML.dll, Version 9.0.8112.16446, Zeitstempel
0x4fb58407, Ausnahmecode 0xc0000005, Fehleroffset 0x0041f030, Prozess-ID 0x1680,
Anwendungsstartzeit 01cd588612014720.

Error - 03.07.2012 09:10:10 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227
Description =

Error - 04.07.2012 08:44:45 | Computer Name = Sandra-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 10e8 Anfangszeit: 01cd59e206c335f0 Zeitpunkt
der Beendigung: 68

[ Media Center Events ]
Error - 08.04.2012 06:17:54 | Computer Name = Sandra-PC | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 08.07.2012 04:43:53 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 08.07.2012 04:43:53 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08.07.2012 04:45:26 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 08.07.2012 04:47:18 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

--------------------------------------------------------

gmer.txt

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-08 17:02:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AACS-00ZUB0 rev.01.01B01
Running: v9ws0zld.exe; Driver: C:\Users\Sandra\AppData\Local\Temp\uwdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT 8A1D340E ZwCreateSection
SSDT 8A1D3418 ZwRequestWaitReplyPort
SSDT 8A1D3413 ZwSetContextThread
SSDT 8A1D341D ZwSetSecurityObject
SSDT 8A1D3422 ZwSystemDebugControl
SSDT 8A1D33AF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 81CBE8D8 4 Bytes [0E, 34, 1D, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 81CBEBFC 4 Bytes [18, 34, 1D, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 81CBEC30 4 Bytes [13, 34, 1D, 8A]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81CBEC94 4 Bytes CALL 9F000A1A
.text ntkrnlpa.exe!KeSetEvent + 619 81CBECDC 4 Bytes [22, 34, 1D, 8A]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1744] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f}
.text C:\Program Files\Internet Explorer\iexplore.exe[1744] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f}
.text C:\Program Files\Internet Explorer\iexplore.exe[2280] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f}
.text C:\Program Files\Internet Explorer\iexplore.exe[2448] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f}
.text C:\Program Files\Internet Explorer\iexplore.exe[3820] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

Themen zu Avira meldet EXP/JAVA.Ternub.Gen
7-zip, adobe, antivir, autorun, avira, avira searchfree toolbar, bho, defender, email, error, explorer, firefox, flash player, format, google, helper, home, ibupdaterservice, install.exe, logfile, nvidia, opera, plug-in, recuva, registry, rundll, scan, searchscopes, security, software, trojaner, vista




Ähnliche Themen: Avira meldet EXP/JAVA.Ternub.Gen


  1. Windows 7 - Avira meldet Java-Virus JAVA/Jogek.MQ
    Log-Analyse und Auswertung - 29.01.2014 (14)
  2. Avira meldet EXP/Dldr.Java.O
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (13)
  3. Virenfund EXP/JAVA.Ternub.Gen, entfernt nach Deinstallation von Java?
    Log-Analyse und Auswertung - 22.07.2013 (13)
  4. Avira meldet JAVA/Lamar.teq.69 uvm.
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (13)
  5. Avira Fund exp/java.ternub.gen
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (15)
  6. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  7. EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (20)
  8. Avira meldet Fund EXP/Java.AM
    Log-Analyse und Auswertung - 23.01.2013 (31)
  9. Avira Antivir findet JAVA/Agent.LP, EXP/JAVA.Ternub.Gen und EXP/CVE-2012-0507.AR
    Log-Analyse und Auswertung - 21.01.2013 (1)
  10. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  11. Avira-Quarantäneordner mit EXP/JAVA.Ternub.Gen und EXP/08-5353.AJ
    Log-Analyse und Auswertung - 28.09.2012 (9)
  12. Mehrere Funde! EXP/JAVA.Ternub.Gen - JAVA/Dldr.Small.CI - JAVA/Dldr.OpenC.A - EXP/08-5353.AI.5.A
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (29)
  13. Avira hat "EXP/JAVA.Ternub.Gen" gemeldet und es wurde eine Spam Mail vom GMX Account versendet
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (8)
  14. Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (27)
  15. AVIRA meldet Erkennung des Java-Virus Java/Exdoer.O
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (2)
  16. Avira meldet Befall mit TR/Dldr.Carberp.C.51 und Java/Agent.HT.2 bzw. Java/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 26.11.2010 (14)
  17. Avira meldet JAVA/Agent.M.1
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (6)

Zum Thema Avira meldet EXP/JAVA.Ternub.Gen - Hallo, bei einem vollständigen Suchlauf meldete Avira AntiVir heute folgenden Fund: Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen Habe diese dann in Quarantäne verschoben...aber wie ich jetzt hier gelesen habe, ist der - Avira meldet EXP/JAVA.Ternub.Gen...

Alle Zeitangaben in WEZ +1. Es ist jetzt 16:46 Uhr.


Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Avira meldet EXP/JAVA.Ternub.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.