| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: yahoo mailaccount versendet selbstständig einen linkWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.10.2012, 15:49
| #1 |
 |  yahoo mailaccount versendet selbstständig einen link Hallo zusammen, ich habe folgendes Problem: mein yahoo-mail ACC versendet Spam-mail an meine Adressliste mit nur einem link darin. Ich habe schon gesehen das einige betroffen sind von den Usern hier im Board. Der scan mit Avast hat nichts gebracht. Vll. kann mir einer von euch weiterhelfen. Danke schon im Voraus! defogger hat keine Fehlermeldung ausgegeben, die anderen 3 txt nun hier:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2012 14:17:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,01% Memory free 5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,58% Paging File free Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97,65 Gb Total Space | 76,42 Gb Free Space | 78,25% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 69,79 Gb Free Space | 71,47% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 76,78 Gb Free Space | 78,62% Space Free | Partition Type: NTFS Drive F: | 172,79 Gb Total Space | 98,05 Gb Free Space | 56,75% Space Free | Partition Type: NTFS Drive G: | 1,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KAY-UWE-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.18 14:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Downloads\OTL.exe PRC - [2012.10.10 12:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2012.09.09 13:41:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- D:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.09.05 05:40:26 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\mysqld.exe PRC - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () -- D:\Programme\apache2triad\mail\bin\xmail.exe PRC - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) -- D:\Programme\apache2triad\bin\apache.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.11.09 02:45:34 | 002,972,672 | ---- | M] () -- C:\Mouse driver\mouse_driver.exe PRC - [2010.10.05 01:54:56 | 000,147,456 | ---- | M] () -- C:\Mouse driver\wh_exec.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002.07.22 02:10:00 | 000,577,602 | ---- | M] (Logitech Inc. ) -- C:\Programme\Logitech\iTouch\iTouch.exe ========== Modules (No Company Name) ========== MOD - [2012.10.18 09:30:34 | 001,818,112 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\12101800\algo.dll MOD - [2012.10.17 17:37:48 | 001,817,600 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\12101701\algo.dll MOD - [2012.10.10 12:06:15 | 000,460,312 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll MOD - [2012.10.10 12:06:13 | 012,435,992 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll MOD - [2012.10.10 12:06:12 | 004,005,912 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\pdf.dll MOD - [2012.10.10 12:04:57 | 000,578,072 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\libglesv2.dll MOD - [2012.10.10 12:04:55 | 000,123,928 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\libegl.dll MOD - [2012.10.10 12:04:44 | 000,156,712 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\avutil-51.dll MOD - [2012.10.10 12:04:43 | 000,275,496 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\avformat-54.dll MOD - [2012.10.10 12:04:42 | 002,168,360 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll MOD - [2012.09.04 21:30:04 | 000,364,544 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\zendoptimizer.dll MOD - [2012.09.04 21:30:04 | 000,061,440 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_xmlrpc.dll MOD - [2012.09.04 21:30:04 | 000,032,768 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_xslt.dll MOD - [2012.09.04 21:30:03 | 000,225,280 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_sqlite.dll MOD - [2012.09.04 21:30:02 | 000,040,960 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_sockets.dll MOD - [2012.09.04 21:30:00 | 000,131,072 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_pgsql.dll MOD - [2012.09.04 21:29:59 | 000,024,576 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mime_magic.dll MOD - [2012.09.04 21:29:59 | 000,020,480 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mhash.dll MOD - [2012.09.04 21:29:58 | 001,531,904 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mbstring.dll MOD - [2012.09.04 21:29:58 | 000,036,864 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mcrypt.dll MOD - [2012.09.04 21:29:57 | 000,802,816 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_gd2.dll MOD - [2012.09.04 21:29:57 | 000,040,960 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_gettext.dll MOD - [2012.09.04 21:29:56 | 000,651,264 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_domxml.dll MOD - [2012.09.04 21:29:56 | 000,389,120 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dba.dll MOD - [2012.09.04 21:29:56 | 000,196,608 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_curl.dll MOD - [2012.09.04 21:29:56 | 000,061,440 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_bz2.dll MOD - [2012.09.04 21:29:56 | 000,049,152 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dbx.dll MOD - [2012.09.04 21:29:56 | 000,036,864 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_fdf.dll MOD - [2012.09.04 21:29:56 | 000,028,672 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dbase.dll MOD - [2012.09.04 21:29:53 | 000,166,912 | ---- | M] () -- D:\Programme\apache2triad\php\bin\libmcrypt.dll MOD - [2012.09.04 21:29:53 | 000,165,643 | ---- | M] () -- D:\Programme\apache2triad\php\bin\libmhash.dll MOD - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\mysqld.exe MOD - [2012.09.04 21:28:11 | 000,249,856 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\libmySQL.dll MOD - [2012.09.04 21:28:10 | 000,028,672 | ---- | M] () -- D:\Programme\apache2triad\modules\mod_php.so MOD - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () -- D:\Programme\apache2triad\mail\bin\xmail.exe MOD - [2012.09.04 21:27:46 | 000,385,024 | ---- | M] () -- D:\Programme\apache2triad\bin\sablot.dll MOD - [2012.09.04 21:27:43 | 000,135,168 | ---- | M] () -- D:\Programme\apache2triad\bin\expat.dll MOD - [2011.11.09 02:45:34 | 002,972,672 | ---- | M] () -- C:\Mouse driver\mouse_driver.exe MOD - [2010.10.05 01:54:58 | 000,036,864 | ---- | M] () -- C:\Mouse driver\wh_hook.dll MOD - [2010.10.05 01:54:56 | 000,147,456 | ---- | M] () -- C:\Mouse driver\wh_exec.exe MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.09 13:53:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.05 05:40:26 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.09.04 21:29:29 | 000,075,207 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- D:\Programme\apache2triad\pgsql\bin\pg_ctl.exe -- (PgSql) SRV - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () [Auto | Running] -- D:\Programme\apache2triad\mysql\bin\mysqld.exe -- (MySql) SRV - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () [Auto | Running] -- D:\Programme\apache2triad\mail\bin\xmail.exe -- (XMail) SRV - [2012.09.04 21:27:46 | 000,054,272 | ---- | M] () [Auto | Stopped] -- D:\Programme\apache2triad\ftp\SlimFTPd.exe -- (SlimFTPd) SRV - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Programme\apache2triad\bin\apache.exe -- (Apache2SSL) SRV - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\Programme\apache2triad\bin\apache.exe -- (Apache2) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.18 12:40:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.06.19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2012.04.18 19:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.09.16 19:19:16 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\whfltr2k.sys -- (whfltr2k) DRV - [2008.12.16 15:48:40 | 000,021,144 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt) DRV - [2008.12.16 15:47:00 | 000,013,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.03.09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2002.07.10 04:10:00 | 000,011,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=hp&exp=true IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2851647.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.selectedEngine: "uTorrentBar_DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13" FF - prefs.js..extensions.enabledAddons: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:10.10.27.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.09 13:42:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.15 17:44:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.09.28 17:01:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.10.10 12:52:20 | 000,000,000 | ---D | M] [2012.08.06 22:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Extensions [2012.09.08 12:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions [2012.09.08 12:29:32 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.08.10 19:59:02 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.28 16:43:56 | 000,000,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\searchplugins\conduit.xml ========== Chrome ========== CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48 CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: AdBlock = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\ CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2012.09.15 19:13:18 | 000,444,297 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15259 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] D:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] D:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uni mouse driver] C:\Mouse driver\mouse_driver.exe () O4 - HKLM..\Run: [uni mouse driver tilt] C:\Mouse driver\wh_exec.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. ) O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26FC5EC-2642-44C5-B980-53ACF0E27835}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.06 17:24:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011.11.14 03:19:03 | 000,000,065 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{449c3b4c-e96b-11e1-b529-001617da05eb}\Shell\AutoRun\command - "" = H:\DVAP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 12:35:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.10.18 12:35:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Malwarebytes [2012.10.18 12:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.17 16:16:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2012.10.16 17:08:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012.10.16 17:08:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager [2012.10.13 16:37:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVDVideoSoft [2012.10.13 15:52:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Youtube Downloader HD [2012.10.13 15:52:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Youtube Downloader HD [2012.10.13 15:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy [2012.10.10 12:52:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange PDF Viewer [2012.10.06 18:19:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wave Editor [2012.10.05 19:03:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kay\Recent [2012.09.29 11:51:19 | 000,040,960 | ---- | C] (Nenad Hrg SoftwareOK.com) -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.exe [2012.09.29 09:04:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Apple Computer [2012.09.28 18:04:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2012.09.28 17:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2012.09.28 17:00:29 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2012.09.28 17:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2012.09.28 17:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2012.09.28 16:59:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Apple [2012.09.28 16:59:55 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2012.09.28 16:59:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple [2012.09.28 16:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Apple Computer [2012.09.28 16:57:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2012.09.23 14:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\PhoenixViewer [2012.09.21 16:01:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mouse driver [2012.09.21 16:01:40 | 000,000,000 | ---D | C] -- C:\Mouse driver [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.18 14:16:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\defogger_reenable [2012.10.18 13:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.18 13:42:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.18 13:31:00 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003UA.job [2012.10.18 12:40:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.10.18 11:58:53 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.10.18 07:58:04 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-179605362-839522115-1003.job [2012.10.18 07:57:52 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.10.18 07:57:48 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-179605362-839522115-1003.job [2012.10.18 07:57:32 | 000,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012.10.18 07:57:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.18 07:57:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.17 18:31:00 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003Core.job [2012.10.17 16:26:17 | 000,126,663 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vorsicht bei gespraechen.png [2012.10.16 12:41:44 | 000,061,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vielen dank.png [2012.10.16 12:40:07 | 000,034,485 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Erinnerungen.png [2012.10.14 09:01:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.13 15:52:43 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Youtube Downloader HD.lnk [2012.10.12 18:04:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.10.11 13:45:49 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.10.10 12:52:18 | 000,000,700 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PDF-Viewer.lnk [2012.10.08 05:27:24 | 000,736,038 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Auge geschwollen.jpg [2012.10.06 18:19:40 | 000,000,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Wave Editor.lnk [2012.10.06 07:56:08 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.05 19:02:52 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.10.04 18:41:32 | 000,915,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PA040057.JPG [2012.09.29 12:20:31 | 000,000,056 | -H-- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.ini [2012.09.28 17:00:50 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.09.24 19:42:06 | 000,000,869 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Singularity Viewer.lnk [2012.09.23 13:47:16 | 000,753,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Rettich.jpg [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.18 14:16:38 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\defogger_reenable [2012.10.17 16:26:17 | 000,126,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vorsicht bei gespraechen.png [2012.10.16 12:41:44 | 000,061,925 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vielen dank.png [2012.10.16 12:40:07 | 000,034,485 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Erinnerungen.png [2012.10.13 15:52:43 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Youtube Downloader HD.lnk [2012.10.10 12:52:18 | 000,000,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PDF-Viewer.lnk [2012.10.08 07:38:57 | 000,736,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Auge geschwollen.jpg [2012.10.06 18:19:40 | 000,000,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Wave Editor.lnk [2012.10.06 07:56:08 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.04 18:51:22 | 000,915,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PA040057.JPG [2012.09.29 11:55:05 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.ini [2012.09.28 17:00:50 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.09.28 16:59:58 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.09.28 16:59:57 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk [2012.09.28 16:58:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.23 15:58:06 | 000,753,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Rettich.jpg [2012.09.08 12:33:39 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2012.09.04 21:31:35 | 000,040,652 | ---- | C] () -- C:\WINDOWS\php.ini [2012.09.04 21:31:35 | 000,002,714 | ---- | C] () -- C:\WINDOWS\my.ini [2012.09.04 21:31:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\odbc.ini [2012.09.01 09:15:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.08.25 15:02:54 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini [2012.08.19 15:21:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVAP.set [2012.08.19 15:21:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012.08.19 08:48:17 | 000,064,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.08.10 21:04:32 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.06 18:30:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll [2012.08.06 18:25:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2012.08.06 18:21:12 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2012.08.06 18:14:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.08.06 18:10:43 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT [2012.08.06 17:45:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012.08.06 17:37:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012.08.06 17:33:48 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.08.06 17:33:48 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.08.06 17:33:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.08.06 17:33:38 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.08.06 17:26:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.08.06 17:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.08.06 17:55:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008.04.14 07:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.15 17:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.09 00:32:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firebird [2012.08.06 17:59:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2012.10.16 17:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012.09.15 17:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.10.13 16:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVDVideoSoft [2012.09.09 17:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens [2012.10.13 15:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy [2012.08.10 20:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Oracle [2012.09.08 16:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\SecondLife [2012.09.15 17:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\TestApp [2012.09.09 00:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\uTorrent [2012.10.13 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Youtube Downloader HD ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.10.2012 14:17:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,01% Memory free
5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 76,42 Gb Free Space | 78,25% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 69,79 Gb Free Space | 71,47% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 76,78 Gb Free Space | 78,62% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 98,05 Gb Free Space | 56,75% Space Free | Partition Type: NTFS
Drive G: | 1,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KAY-UWE-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\Programme\Singularity1.7.0.2621\SLVoice.exe" = D:\Programme\Singularity1.7.0.2621\SLVoice.exe:*:Enabled:SLVoice
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\Singularity1.7.0.2621\Singularity\SLVoice.exe" = D:\Programme\Singularity1.7.0.2621\Singularity\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Programme\SpacialAudio\SAMBC\SAMBC.exe" = D:\Programme\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- ()
"D:\Programme\Singularity Viewer 1.7.2(2956)\SLVoice.exe" = D:\Programme\Singularity Viewer 1.7.2(2956)\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Programme\Singularity Viewer 1.7.2(2956)\SLPlugin.exe" = D:\Programme\Singularity Viewer 1.7.2(2956)\SLPlugin.exe:*:Enabled:SLPlugin -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{044197D0-BA1C-4567-A8E3-A6491A6DC4EE}" = ArcSoft MediaImpression 2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8128C40-C9AA-42BE-9BBC-BAC2AA17FCD1}" = Mining4Lindens
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Apache2Triad" = Apache2Triad: apache server bundle
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow v1.1.3425 [2010-05-08]
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"RealPlayer 15.0" = RealPlayer
"SAM3" = SAM3 (remove only)
"Security Task Manager" = Security Task Manager 1.8d
"Singularity" = Singularity (remove only)
"uni mouse driver" = Mouse driver v1.0
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wave Editor_is1" = Wave Editor 3.2.1.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.09.2012 05:14:29 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 07:12:49 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 07:13:29 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 09:12:26 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 09:13:06 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 11:12:35 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 11:13:16 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 13:53:31 | Computer Name = KAY-UWE-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.09.2012 13:53:32 | Computer Name = KAY-UWE-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 16.09.2012 00:37:23 | Computer Name = KAY-UWE-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Skype.exe, Version 5.10.0.116, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 15.09.2012 09:12:37 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 8 Mal passiert.
Error - 15.09.2012 09:13:06 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
Error - 15.09.2012 09:13:16 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 9 Mal passiert.
Error - 15.09.2012 11:12:46 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 10 Mal passiert.
Error - 15.09.2012 11:13:16 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
Error - 15.09.2012 11:13:26 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 11 Mal passiert.
Error - 26.09.2012 13:58:51 | Computer Name = KAY-UWE-PC | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000040, 2. Parameter 00730000,
3. Parameter 80000000, 4. Parameter 00000000.
Error - 26.09.2012 13:58:56 | Computer Name = KAY-UWE-PC | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000040, 2. Parameter 00000000,
3. Parameter 80000000, 4. Parameter 00000000.
Error - 18.10.2012 01:58:06 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "SlimFTPd" konnte sich nicht als ".\apache2triad" mit dem
aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie
sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 18.10.2012 01:58:06 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2Triad SlimFTPd Server" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-18 16:15:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 WDC_WD5000AAKB-00H8A0 rev.05.04E05
Running: zknlyfvq.exe; Driver: C:\DOKUME~1\Kay\LOKALE~1\Temp\pwldafow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3832708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB39057C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB383311C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB3874401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB383DF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB383DF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB383E0F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB3873DB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB383DE96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB383DFB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB383DEDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB3833310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB383E0B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB3833A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3832756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB3874AC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB3874D7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB38370E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3874932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB387479D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB39058AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB38323BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB38327A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB3837456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3834464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB383DF52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB383DF96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB383E11A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB3874111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB383DEBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3836C5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB383E03A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB383DF06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3836E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB383E0D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB3905A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB3874618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3834330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB387446A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB3833EDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB391130E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB3873428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB38327F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3832840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB383391C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3832448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB38325F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB3874BCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB383259E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB3833BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB3833D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3832668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB3833632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB3833794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB383288E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB3833160]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [F2, 27, 83, B3, 40, 28, 83, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [FE, 3B, 83, B3, 5A, 3D, 83, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL B3834AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A073C0, 0x9B091A, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP B3838A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP B383895E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP B3838918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP B38375AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP B3837FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP B38376E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP B3838BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP B383881E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP B3838DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP B3837756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP B3837FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP B383808C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP B3837592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP B3838D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP B3838B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP B38389A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3617 BF88FFB6 5 Bytes JMP B3837C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP B3837DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP B38380A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP B3837B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP B3837E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP B3837866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP B383748C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP B3837FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP B383793E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP B3837A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP B3837682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP B3837812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP B3837F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP B3838C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Dokumente und Einstellungen\Kay\Desktop\zknlyfvq.exe[124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Dokumente und Einstellungen\Kay\Desktop\zknlyfvq.exe[124] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[212] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Logitech\iTouch\iTouch.exe[284] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Logitech\iTouch\iTouch.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[408] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[408] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[1192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[1192] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\Real\RealPlayer\update\realsched.exe[1224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\Real\RealPlayer\update\realsched.exe[1224] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text D:\Programme\Real\RealPlayer\update\realsched.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\avastUI.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\avastUI.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Mouse driver\mouse_driver.exe[1244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Mouse driver\mouse_driver.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Mouse driver\wh_exec.exe[1264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Mouse driver\wh_exec.exe[1264] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[1484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\mysql\bin\mysqld.exe[1612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\mysql\bin\mysqld.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\mail\bin\XMail.exe[1988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\mail\bin\XMail.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[2292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[2292] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3148] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3308] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3916] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@iamiohjolindhfbmbe 0x69 0x61 0x6F 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@hagiedkckaafcfag 0x69 0x61 0x62 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@iaijoeafkjhhhnlefj 0x63 0x61 0x6E 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@dbndaelnnndpmmilipfblhnloplhdgfcchnmjcjb 0x68 0x61 0x62 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@jbndaelnnndpmmilipfbmgjngffenjjlbgieedacmacpmbfndjep 0x68 0x61 0x62 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@dbndaelnnndpmmilipfbcikfebfghemolfeekjgc 0x62 0x61 0x67 0x63 ...
---- EOF - GMER 1.0.15 ----
was ich noch vergessen habe, Malwarebytes Anti-Malware lässt sich zwar inst. aber nicht ausführen oder aktualisieren! das Fenster öffnet sich kurz und verschwindet nach dem anklicken wieder  Geändert von Style73 (18.10.2012 um 15:54 Uhr) |
| Themen zu yahoo mailaccount versendet selbstständig einen link |
| adblock, antivirus, application/pdf:, avira, bho, desktop, downloader, email, error, excel, fehlercode 0, firefox, flash player, fontcache, format, ftp, google, logfile, ntdll.dll, nvidia update, plug-in, problem, realtek, registry, rundll, safer networking, scan, security, software, svchost.exe, system error, tracker, udp, versendet mails, win32k.sys, wuauclt.exe, yahoo mailaccount, yahoo-mail, youtube downloader |
Baum-Darstellung