| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unbekannte Malware - Spam Mails verschicktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.11.2012, 19:36
| #1 |
 |  Unbekannte Malware - Spam Mails verschickt Guten Tag liebes Trojaner-Board, Als ich heute Morgen auf meinen Yahoo-Client zugegriffen habe habe ich bemerkt, dass ich heute Morgen um 6:10, zu einer Zeit als mein PC definitiv aus war, an meine Kontaktliste Spam Mails versendet hab. Sehr sehr ärgerlich und peinlich noch dazu  . Daraufhin hab ich den OTL Quickscan gemacht und dann Gmer. Beim ersten GMER durchlauf ist mein Rechner abgeschmiert. Ist seit Jahren nicht passiert, das Bild war eingefroren inklusive Maus und im oberen linken Bildschirmrand war etwa ein Quadratzentimeter bunte Pixel. Ich kenne das noch aus Win95 Zeiten, aber wie gesagt, dass ist seit Jahern nicht mehr passiert. Nun, Avast hat beim schnellen durchlauf nichts gefunden und abgesehen von der SpamMail Sache gibts auch keine Beeinträchtigungen. Meiner Erfahrung nach ist aber der Rechner in der Regel mit Malware befallen wenn man SpamMails verschickt. Nun gut, ich bedanke mich herzlich im Vorraus.Mit freundlichen Grüßen - Christian Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 17:13:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,44% Memory free
5,26 Gb Paging File | 4,94 Gb Available in Paging File | 93,93% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,22 Gb Total Space | 81,35 Gb Free Space | 60,16% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 10,21 Gb Free Space | 10,46% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56349:TCP" = 56349:TCP:*:Enabled:Pando Media Booster
"56349:UDP" = 56349:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56349:TCP" = 56349:TCP:*:Enabled:Pando Media Booster
"56349:UDP" = 56349:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"7-PDF Maker_is1" = 7-PDF Maker Version 1.2.0 (Build 119)
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0.5 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyDVD" = AnyDVD
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Cockatrice" = Cockatrice
"foobar2000" = foobar2000 v1.1.10
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.8d
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Battle for Wesnoth 1.10.2" = Battle for Wesnoth 1.10.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.07.2012 12:12:58 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x01557b1d.
Error - 09.07.2012 20:21:36 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul cockatrice.exe, Version 0.0.0.0, Fehleradresse 0x0004f279.
Error - 14.07.2012 09:20:15 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x929c8f49.
Error - 14.07.2012 21:23:07 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul cockatrice.exe, Version 0.0.0.0, Fehleradresse 0x0005a2c2.
Error - 18.07.2012 08:23:54 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul qtgui4.dll, Version 4.8.1.0, Fehleradresse 0x005eb51e.
Error - 01.08.2012 13:35:14 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul qtgui4.dll, Version 4.8.1.0, Fehleradresse 0x005eb51c.
Error - 01.08.2012 16:12:09 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul qtgui4.dll, Version 4.8.1.0, Fehleradresse 0x005eb51c.
Error - 06.08.2012 07:02:48 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul qtgui4.dll, Version 4.8.1.0, Fehleradresse 0x005eb51c.
Error - 07.08.2012 08:48:05 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul qtgui4.dll, Version 4.8.1.0, Fehleradresse 0x005eb51e.
Error - 20.08.2012 15:14:56 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung cockatrice.exe, Version 0.0.0.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011782.
[ System Events ]
Error - 18.09.2012 10:44:36 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.CRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 18.09.2012 10:44:36 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Eigentlich D\league\League
of Legends\RADS\projects\lol_launcher\releases\0.0.0.67\deploy\Riot_SafetyCheck.exe
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 18.09.2012 10:44:45 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC80.CRT" konnte nicht gefunden
werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.
Error - 18.09.2012 10:44:45 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC80.CRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 18.09.2012 10:44:45 | Computer Name = HOME-PC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Eigentlich D\league\League
of Legends\RADS\system\rads_user_kernel.exe fehlgeschlagen. Referenzfehlermeldung:
Der Vorgang wurde erfolgreich beendet. .
Error - 21.09.2012 14:38:42 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.09.2012 06:08:38 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 27.09.2012 18:24:58 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 03.11.2012 10:25:42 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 14.11.2012 08:43:44 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.11.2012 17:13:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,44% Memory free 5,26 Gb Paging File | 4,94 Gb Available in Paging File | 93,93% Paging File free Paging file location(s): C:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 135,22 Gb Total Space | 81,35 Gb Free Space | 60,16% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 10,21 Gb Free Space | 10,46% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.17 17:10:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST\AvastSvc.exe PRC - [2012.10.27 12:56:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.09.22 09:42:24 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 10:45:09 | 001,835,520 | ---- | M] () -- C:\Programme\AVAST\defs\12111700\algo.dll MOD - [2012.10.27 12:56:54 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2005.09.24 10:10:56 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ========== Services (SafeList) ========== SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.27 12:56:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.22 14:39:39 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006.06.01 20:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.08.24 02:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) ========== Driver Services (SafeList) ========== DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006.05.01 20:28:31 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2005.12.21 10:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005.09.22 09:34:18 | 003,727,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2005.07.29 10:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005.07.29 10:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.04.12 09:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay) DRV - [2005.03.09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.27 12:56:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.25 20:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.10.11 18:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4svp6vqt.default\extensions [2012.09.21 09:12:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4svp6vqt.default\extensions\firefox@ghostery.com [2012.09.12 13:44:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4svp6vqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.11 18:12:58 | 000,252,340 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4svp6vqt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.09.12 14:10:46 | 000,002,454 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4svp6vqt.default\searchplugins\duckduckgo-de.xml [2012.09.12 14:11:11 | 000,001,180 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\4svp6vqt.default\searchplugins\urban-dictionary.xml [2012.10.27 12:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.01 23:01:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.27 12:56:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.20 00:20:51 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 16:44:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.20 00:20:51 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 00:20:51 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 00:20:51 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 00:20:51 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.06.01 20:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Programme\AVAST\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF9F2FAA-5D5E-4BFE-852F-1E082A29A4B4}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.16 21:01:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2012.11.03 11:23:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kobold [2012.11.03 11:20:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\7-PDF [2012.11.03 11:20:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-PDF [2012.11.03 11:20:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\7-PDFMaker [2012.11.03 11:20:35 | 000,000,000 | ---D | C] -- C:\Programme\7-PDF [2012.10.27 12:56:44 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.17 17:09:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.17 14:32:00 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.11.17 14:31:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.17 14:31:39 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.16 20:49:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.15 22:27:48 | 000,000,135 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls [2012.11.15 22:27:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.11.15 02:12:14 | 000,000,952 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2012.11.08 13:35:51 | 000,002,992 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012.10.30 23:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012.10.21 11:38:22 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2012.10.08 13:25:53 | 000,000,043 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.zreglib [2012.08.21 13:23:10 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.03.15 19:38:35 | 000,000,503 | ---- | C] () -- C:\WINDOWS\SDI.INI [2012.03.15 19:38:02 | 000,245,504 | ---- | C] () -- C:\WINDOWS\PI.EXE [2012.03.15 18:40:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.03.08 23:54:59 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2012.01.22 18:29:56 | 357,962,641 | ---- | C] () -- C:\Programme\Machinarium.rar [2012.01.19 00:51:08 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\default.pls [2012.01.19 00:48:45 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012.01.19 00:48:26 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.22 15:12:19 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.12.22 15:11:55 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2011.12.22 15:11:43 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2011.12.22 14:48:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.12.22 13:48:50 | 000,003,590 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2011.12.22 13:48:48 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2011.12.22 13:30:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.12.22 13:21:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.12.22 13:16:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.22 13:15:50 | 000,190,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.07 21:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.minecraft [2012.11.03 11:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\7-PDFMaker [2012.05.09 20:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite [2012.10.08 13:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Elaborate Bytes [2012.11.16 21:01:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\foobar2000 [2012.01.25 14:55:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\kompozer.net [2012.05.10 12:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Might & Magic Heroes VI - Public Closed Beta [2012.06.19 10:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle [2012.10.13 10:40:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pdfforge [2011.12.29 17:08:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Teeworlds [2011.12.22 13:34:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software [2012.08.30 20:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.01.10 16:01:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.09.18 14:44:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2012.01.16 22:40:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012.03.12 18:39:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.09.18 17:21:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TmForever [2011.12.22 13:34:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software ========== Purity Check ========== < End of report > und Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-17 19:24:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP2514N rev.VF100-50
Running: evb2l3pu.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kxtdipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6C114BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6CE6C22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB6C11ED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6C53811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB6C1CFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB6C1CFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB6C1D176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6C531C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB6C1CF16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB6C1D038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB6C1CF5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB6C1211C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB6C1D130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB6C1293E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6C11508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6C53ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB6C5418D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB6C161C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6C53D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6C53BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6CE6CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6C11170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6C11556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6C16534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6C133A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB6C1CFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB6C1D016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB6C1D19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6C53521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB6C1CF3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6C15C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB6C1D0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB6C1CF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB6C15F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB6C1D154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6CE6E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6C53A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB6C13272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6C5387A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB6C12DD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6CF37D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6C52838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6C115A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6C115F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB6C127BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6C111FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6C113AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB6C53FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6C11350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB6C12AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB6C12C54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6C1141A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB6C124D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB6C12636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB6CE541C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6C11640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB6C11F1A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6CFFE56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 24C8 80501D18 4 Bytes JMP E8B6CE6C
.text ntkrnlpa.exe!ZwCallbackReturn + 26C8 80501F18 12 Bytes [A4, 15, C1, B6, F2, 15, C1, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FC0 12 Bytes [F8, 2A, C1, B6, 54, 2C, C1, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B956 4 Bytes CALL B6C13A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1E1E 5 Bytes JMP B6CFCCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C96 5 Bytes JMP B6CFE810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C7540 7 Bytes JMP B6CFFE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9678380, 0x346307, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B6C17B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B6C17A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B6C179F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP B6C170A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP B6C167C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP B6C17CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP B6C17EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP B6C178FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP B6C16688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP B6C1716A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP B6C16C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP B6C16EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP B6C16670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP B6C17A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 362A BF873207 5 Bytes JMP B6C16CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4167 BF873D44 5 Bytes JMP B6C16E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E3F 5 Bytes JMP B6C17182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943E9 5 Bytes JMP B6C17BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EC1 5 Bytes JMP B6C17E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C276 5 Bytes JMP B6C17090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D80B 5 Bytes JMP B6C16834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A96F BF8C1C9C 5 Bytes JMP B6C16944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA12D 5 Bytes JMP B6C16A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3AD 5 Bytes JMP B6C16B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD41 5 Bytes JMP B6C1656A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB49 BF8F4D5C 5 Bytes JMP B6C170C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF9143A8 5 Bytes JMP B6C16760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914F7C 5 Bytes JMP B6C168F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF9178F5 5 Bytes JMP B6C16FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947A54 5 Bytes JMP B6C17D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\SOUNDMAN.EXE[452] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\AVAST\avastUI.exe[460] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST\avastUI.exe[460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[484] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[508] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[784] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\AVAST\AvastSvc.exe[1404] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST\AvastSvc.exe[1404] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST\AvastSvc.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1948] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\evb2l3pu.exe[2560] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\evb2l3pu.exe[2560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
|
| Themen zu Unbekannte Malware - Spam Mails verschickt |
| 0x00000001, avast, befallen, bild, christian, eingefroren, erfahrung, guten, heute, jahre, liste, mails, malware, maus, morgen, nicht mehr, nichts, ntdll.dll, plug-in, rechner, sache, schnellen, searchscopes, spam, spammail, trojaner-board, unbekannte, verschickt, win, win32k.sys, zeiten, ärgerlich |
Baum-Darstellung