| |
| |||||||
Log-Analyse und Auswertung: Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte PopupsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.10.2013, 20:52
| #1 |
 |  Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups Hallo, Mein Computer macht mir in letzter Zeit vermehr Probleme. Er braucht beim Hochfahren extrem lang, arbeitet ständig im Hintergrund und ich habe plötzlich sehr viele Popupfenster. Ich habe mal Malwarebytes drüber laufen lassen und das Programm ist auf 3 infizierte Dateien. Könnt ihr mir bitte helfen? Liebe Grüße Lisi Hier die entsprechende logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4738
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
04.10.2010 12:23:30
mbam-log-2010-10-04 (12-23-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 311611
Laufzeit: 1 Stunde(n), 18 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Users\Lisi\AppData\Roaming\Winbooterr (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Users\Lisi\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Lisi (administrator) on LISI-PC on 10-10-2013 21:10:13 Running from C:\Users\Lisi\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Adobe Systems Incorporated) c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SoftThinks) C:\Program Files\Dell DataSafe Local Backup\sftservice.exe () C:\Program Files\Tor\tor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Users\Lisi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe (Dropbox, Inc.) C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Users\Lisi\Downloads\Defogger.exe (Google Inc.) C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6609440 2008-11-04] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AMD AVT] - Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\ssmmgr.exe [688128 2011-07-06] () HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_CURRENT_USER\Software\SearchProtect /f HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [SDP] - C:\Users\Lisi\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto HKCU\...\Run: [AppsHat] - C:\Users\Lisi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752 2012-10-26] () HKCU\...\Runonce: [SpUninstallDeleteDir] - rmdir /s /q "C:\Users\Lisi\AppData\Roaming\SearchProtect" Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Lisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Lisi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028 SearchScopes: HKCU - {25A054D3-5A42-4E49-BAC5-5E52EEDF4812} URL = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {998E1B5F-7737-4D44-B8D8-52D017C37939} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647&CUI=UN14568099452952924&UM=2 SearchScopes: HKCU - {9B133256-7713-42C0-B5F9-9E4C38DF013F} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 212.186.211.21 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default FF user.js: detected! => C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\user.js FF DefaultSearchEngine: Veoh Web Player Customized Web Search FF SelectedSearchEngine: Veoh Web Player Customized Web Search FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=7C9B00265E229D7A&affID=125036&tl=4-8873-8580-170000001458206887-3576639764-1380648019-1383240019&tsp=5028 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\blackle-deutschland.xml FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\google-sterreich.xml FF SearchPlugin: C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\searchplugins\searchgol.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Movie2kDownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Google Toolbar for Firefox - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF Extension: AppsHat - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF} FF Extension: WOT - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: FireFTP - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} FF Extension: uTorrentBar_DE - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} FF Extension: movie2kdownloader - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi FF Extension: support - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\support@wolfram.com.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Lisi\AppData\Roaming\Mozilla\Firefox\Profiles\1hw755gk.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files\a2zlyr\132.xpi Chrome: ======= CHR HomePage: hxxp://www.gym-gleisdorf.ac.at/ CHR RestoreOnStartup: "hxxp://www.gym-gleisdorf.ac.at/index.php" CHR Plugin: (Shockwave Flash) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Lisi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (WOT) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0 CHR Extension: (YouTube) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 CHR Extension: (Adblock Plus) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0 CHR Extension: (Google Search) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 CHR Extension: (DVDVideoSoft) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_1 CHR Extension: (Chrome In-App Payments service) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1 CHR Extension: (ScriptSafe) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0 CHR Extension: (Gmail) - C:\Users\Lisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx CHR HKLM\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files\a2zlyr\132.crx CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Lisi\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx CHR StartMenuInternet: Google Chrome - C:\Users\Lisi\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor7.0; c:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) S2 gupdate1ca8d7850e80a72; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2010-01-04] (Google Inc.) R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.exe [658656 2010-03-04] (SoftThinks) R2 tor; C:\Program Files\Tor\tor.exe [3233806 2013-09-03] () ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-03-04] () R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-04] () S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [77528 2013-09-03] (MalwareBytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-10] (Malwarebytes Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-11] (Samsung Electronics) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Lisi\AppData\Local\Temp\catchme.sys [x] S3 dgderdrv; System32\drivers\dgderdrv.sys [x] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x] S0 TfFsMon; system32\drivers\TfFsMon.sys [x] S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x] S0 TfSysMon; system32\drivers\TfSysMon.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe 2013-10-10 21:08 - 2013-10-10 21:09 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log 2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe 2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable 2013-10-10 18:50 - 2013-10-10 18:53 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-10 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software 2013-10-07 19:06 - 2013-10-07 19:08 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-10-07 19:04 - 2013-10-07 19:05 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-07 19:04 - 2013-10-07 19:04 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\OpenCandy 2013-10-06 20:20 - 2013-10-06 20:24 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip 2013-10-06 20:19 - 2013-10-06 20:26 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip 2013-10-06 20:19 - 2013-10-06 20:25 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip 2013-10-06 20:19 - 2013-10-06 20:24 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS 2013-10-02 22:22 - 2013-10-07 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive 2013-10-02 17:49 - 2013-10-10 18:45 - 00000000 ____D C:\Program Files\SearchProtect 2013-10-02 17:49 - 2013-10-02 17:50 - 00000000 ____D C:\Users\Lisi\AppData\Local\CRE 2013-10-02 17:48 - 2013-10-10 18:43 - 00000000 ____D C:\Users\Lisi\AppData\Local\Conduit 2013-10-02 17:48 - 2013-10-02 17:49 - 00000000 ____D C:\Program Files\Conduit 2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe 2013-09-25 19:47 - 2013-09-25 19:56 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\PerformerSoft 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SpeedAnalysis2 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Babylon 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-09-25 19:47 - 2013-06-19 14:58 - 00017920 _____ (PerformerSoft LLC) C:\Windows\system32\roboot.exe 2013-09-25 19:46 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SeeSimilar02 2013-09-25 19:46 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\File Scout 2013-09-24 18:44 - 2013-10-06 20:32 - 00000000 ____D C:\Users\Lisi\Documents\Klett 2013-09-24 18:17 - 2013-10-06 20:29 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA 2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-24 18:08 - 2013-09-24 18:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod 2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk 2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk 2013-09-21 11:34 - 2013-09-21 11:34 - 00000000 _____ C:\END 2013-09-21 11:32 - 2013-10-10 20:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-21 11:24 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2013-09-21 11:24 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys 2013-09-21 11:24 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-21 11:23 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr 2013-09-21 11:22 - 2013-09-21 11:23 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll 2013-09-13 08:44 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-13 08:44 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-13 08:44 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-13 08:44 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-13 08:44 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-13 08:44 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-13 08:44 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-13 07:46 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-13 07:46 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-13 07:46 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-13 07:46 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-13 07:46 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-13 07:46 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-13 07:46 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-13 07:46 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-13 07:46 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll ==================== One Month Modified Files and Folders ======= 2013-10-10 21:09 - 2013-10-10 21:09 - 01087213 _____ (Farbar) C:\Users\Lisi\Downloads\FRST.exe 2013-10-10 21:09 - 2013-10-10 21:08 - 00000470 _____ C:\Users\Lisi\Downloads\defogger_disable.log 2013-10-10 21:08 - 2013-10-10 21:08 - 00050477 _____ C:\Users\Lisi\Downloads\Defogger.exe 2013-10-10 21:08 - 2013-10-10 21:08 - 00000000 _____ C:\Users\Lisi\defogger_reenable 2013-10-10 21:08 - 2009-11-17 19:56 - 00000000 ____D C:\Users\Lisi 2013-10-10 20:45 - 2010-01-04 22:11 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-10 20:30 - 2011-12-12 18:57 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000UA.job 2013-10-10 20:22 - 2013-09-21 11:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-10 19:36 - 2012-03-10 10:48 - 01530439 _____ C:\Windows\WindowsUpdate.log 2013-10-10 18:53 - 2013-10-10 18:50 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-10-10 18:50 - 2013-10-10 18:50 - 00001065 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-10 18:50 - 2010-10-04 10:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-10 18:45 - 2013-10-02 17:49 - 00000000 ____D C:\Program Files\SearchProtect 2013-10-10 18:45 - 2010-07-16 11:44 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\uTorrent 2013-10-10 18:43 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Lisi\AppData\Local\Conduit 2013-10-10 17:30 - 2012-11-02 15:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-10 17:30 - 2009-10-13 12:52 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-10 17:22 - 2012-04-03 10:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-10 17:22 - 2011-06-22 07:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-10 17:13 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-10 17:13 - 2009-11-17 19:55 - 00011440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-10 17:08 - 2010-09-21 20:34 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Dropbox 2013-10-10 17:03 - 2010-09-21 20:35 - 00000000 ___RD C:\Users\Lisi\Documents\My Dropbox 2013-10-10 17:02 - 2013-08-11 12:00 - 00498268 _____ C:\Windows\setupact.log 2013-10-10 17:02 - 2010-01-04 22:11 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-10 17:02 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-09 21:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-08 18:44 - 2009-11-17 20:19 - 01632448 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-08 17:05 - 2013-09-03 14:15 - 00026482 _____ C:\Windows\PFRO.log 2013-10-07 20:29 - 2013-10-02 22:22 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\blaxxun interactive 2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-10-07 20:29 - 2009-10-08 14:22 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2013-10-07 19:08 - 2013-10-07 19:08 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\TuneUp Software 2013-10-07 19:08 - 2013-10-07 19:06 - 00000000 ____D C:\ProgramData\TuneUp Software 2013-10-07 19:06 - 2013-10-07 19:06 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2013-10-07 19:05 - 2013-10-07 19:05 - 00002174 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk 2013-10-07 19:05 - 2013-10-07 19:04 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft 2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\DVDVideoSoft 2013-10-07 19:05 - 2013-07-31 10:28 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft 2013-10-07 19:04 - 2013-10-07 19:04 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\OpenCandy 2013-10-07 19:04 - 2013-02-26 21:48 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DVDVideoSoft 2013-10-06 20:32 - 2013-09-24 18:44 - 00000000 ____D C:\Users\Lisi\Documents\Klett 2013-10-06 20:29 - 2013-09-24 18:17 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DUA 2013-10-06 20:29 - 2013-08-29 11:31 - 00000000 ____D C:\Users\Lisi\Documents\zeitbilder_2 2013-10-06 20:26 - 2013-10-06 20:19 - 64768699 _____ C:\Users\Lisi\Documents\mathm7sb_07111.zip 2013-10-06 20:25 - 2013-10-06 20:19 - 64675764 _____ C:\Users\Lisi\Documents\mathm6sb_07044.zip 2013-10-06 20:24 - 2013-10-06 20:20 - 59533004 _____ C:\Users\Lisi\Documents\mathm8sb_07112.zip 2013-10-06 20:24 - 2013-10-06 20:19 - 63764377 _____ C:\Users\Lisi\Documents\mathm5sb_07040.zip 2013-10-05 14:30 - 2011-12-12 18:57 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-5946700-4108168981-3792375673-1000Core.job 2013-10-04 05:48 - 2011-12-12 18:58 - 00002358 _____ C:\Users\Lisi\Desktop\Google Chrome.lnk 2013-10-03 20:56 - 2010-01-06 20:30 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\DivX 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\MSDOS.SYS 2013-10-02 22:30 - 2013-10-02 22:30 - 00000000 __RSH C:\IO.SYS 2013-10-02 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-10-02 17:50 - 2013-10-02 17:49 - 00000000 ____D C:\Users\Lisi\AppData\Local\CRE 2013-10-02 17:49 - 2013-10-02 17:48 - 00000000 ____D C:\Program Files\Conduit 2013-10-02 17:47 - 2013-10-02 17:47 - 00968592 _____ (BitTorrent, Inc.) C:\Users\Lisi\Desktop\utorrent-3.0-latest.x64.exe 2013-09-25 20:19 - 2013-08-08 11:20 - 00000000 ____D C:\Program Files\JDownloader 2013-09-25 19:56 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\PerformerSoft 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SpeedAnalysis2 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\Babylon 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\Users\Lisi\AppData\Local\avgchrome 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\IBUpdaterService 2013-09-25 19:47 - 2013-09-25 19:47 - 00000000 ____D C:\ProgramData\Babylon 2013-09-25 19:47 - 2013-09-25 19:46 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\SeeSimilar02 2013-09-25 19:47 - 2013-09-25 19:46 - 00000000 ____D C:\Users\Lisi\AppData\Roaming\File Scout 2013-09-24 18:09 - 2013-09-24 18:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-24 18:09 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iTunes 2013-09-24 18:08 - 2013-09-24 18:08 - 00000000 ____D C:\Program Files\iPod 2013-09-24 18:08 - 2010-04-12 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-09-21 16:41 - 2009-11-17 20:22 - 00125336 _____ C:\Users\Lisi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-21 16:39 - 2009-07-14 06:33 - 00479752 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-21 15:00 - 2013-09-05 19:18 - 00000000 ____D C:\Users\Lisi\AppData\Local\FilesFrog Update Checker 2013-09-21 11:37 - 2010-11-15 17:23 - 00001583 _____ C:\Users\Lisi\Desktop\DivX Movies.lnk 2013-09-21 11:37 - 2010-06-12 15:13 - 00000000 ____D C:\ProgramData\DivX 2013-09-21 11:37 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\DivX 2013-09-21 11:36 - 2013-09-21 11:36 - 00001095 _____ C:\Users\Public\Desktop\DivX Converter.lnk 2013-09-21 11:36 - 2013-09-21 11:36 - 00001080 _____ C:\Users\Public\Desktop\DivX Player.lnk 2013-09-21 11:36 - 2010-01-06 19:42 - 00000000 ____D C:\Program Files\Common Files\DivX Shared 2013-09-21 11:34 - 2013-09-21 11:34 - 00000000 _____ C:\END 2013-09-21 11:32 - 2012-11-24 13:29 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-09-21 11:30 - 2013-07-31 09:12 - 00000000 ____D C:\ProgramData\Avira 2013-09-21 11:24 - 2013-09-21 11:24 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-21 11:24 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-09-21 11:23 - 2013-09-21 11:23 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-21 11:23 - 2013-09-21 11:22 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-18 22:08 - 2013-09-18 22:08 - 00094208 _____ (DivX, Inc.) C:\Windows\system32\dpl100.dll 2013-09-13 19:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-09-13 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-09-13 08:50 - 2009-10-08 14:36 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-12 21:07 - 2009-10-13 19:18 - 00000000 ____D C:\Users\Lisi\Documents\Schule Some content of TEMP: ==================== C:\Users\Lisi\AppData\Local\Temp\appshat-distribution.exe C:\Users\Lisi\AppData\Local\Temp\DefaultTabSetup2.exe C:\Users\Lisi\AppData\Local\Temp\DeltaTB.exe C:\Users\Lisi\AppData\Local\Temp\fftF05A.tmp.exe C:\Users\Lisi\AppData\Local\Temp\iet7936.tmp.exe C:\Users\Lisi\AppData\Local\Temp\nsbC24A.exe C:\Users\Lisi\AppData\Local\Temp\nsbCD45.exe C:\Users\Lisi\AppData\Local\Temp\nsbF0FB.exe C:\Users\Lisi\AppData\Local\Temp\nsl67BC.exe C:\Users\Lisi\AppData\Local\Temp\nsl917D.exe C:\Users\Lisi\AppData\Local\Temp\nsnC8DE.exe C:\Users\Lisi\AppData\Local\Temp\nsvB5BC.exe C:\Users\Lisi\AppData\Local\Temp\OptimizerPro.exe C:\Users\Lisi\AppData\Local\Temp\SPStub.exe C:\Users\Lisi\AppData\Local\Temp\tbuTor.dll C:\Users\Lisi\AppData\Local\Temp\uninst1.exe C:\Users\Lisi\AppData\Local\Temp\utt3142.tmp.exe C:\Users\Lisi\AppData\Local\Temp\Veoh383477.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 19:40 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-10 21:34:40
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75A7B2 rev.01.03B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lisi\AppData\Local\Temp\pxldapod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90C4F610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90F885FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90C500E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90C5BF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90C5BF64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90C5C0FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90C5BE86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90F88992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90C5BECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90C505E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90C50800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90C5C0B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90C50E9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90C4F676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90C54596]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90F886C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x90F86C12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90C4F6DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90C5498C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90C5192C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90C5BF42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90C5BF86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90C5C122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90C5BEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90C53E78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90C5C036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90C5BEF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90C5426E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90C5C0DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90F88822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90C517F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90C51506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90C4F742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90C4F7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90C50D16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90C4F2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90C4F4CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90C4F45C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90C51066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90C511C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90C4F556]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90F888EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90C50CF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x90F86C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90C4F80E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90F8876E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90FA1E00]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83049A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83083212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 8308A460 4 Bytes [10, F6, C4, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8308A488 4 Bytes [FA, 85, F8, 90] {CLI ; TEST EAX, EDI; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8308A4E8 4 Bytes [E6, 00, C5, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8308A53C 8 Bytes [18, BF, C5, 90, 64, BF, C5, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 8308A548 4 Bytes [FE, C0, C5, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83217D39 5 Bytes JMP 90F9EC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83230370 5 Bytes JMP 90FA07CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 832454CF 4 Bytes CALL 90C51FEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8325F323 4 Bytes CALL 90C52005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 832E926E 7 Bytes JMP 90FA1E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9260A000, 0x2BFBF0, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9AD22000, 0xBB22, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9AE00300, 0x1BEE, 0xE8000020]
.text kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe[108] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[448] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text ...
.text C:\Windows\system32\taskhost.exe[4496] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 001103FC
.text C:\Windows\system32\taskhost.exe[4496] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 001101F8
.text C:\Windows\system32\taskhost.exe[4496] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001303FC
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00130804
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\taskhost.exe[4496] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00130600
.text C:\Users\Lisi\Downloads\gmer_2.1.19163.exe[5220] kernel32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 001303FC
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 001301F8
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00250A08
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 002503FC
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00250804
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 002501F8
.text C:\Program Files\Java\jre7\bin\javaw.exe[5256] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00250600
.text C:\Windows\System32\svchost.exe[5676] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[5676] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[5676] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5676] user32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[5676] user32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[5676] user32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[5676] user32.dll!SetWinEventHook 762324DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[5676] user32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] ntdll.dll!LdrUnloadDll 77D8C8DE 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] ntdll.dll!LdrLoadDll 77D922AE 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] KERNEL32.dll!GetBinaryTypeW + 70 774069E4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!UnhookWinEvent 7622B750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWinEventHook 762324DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[5864] USER32.dll!SetWindowsHookExA 76256D0C 5 Bytes JMP 00090600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 2.1 ----
|
| Themen zu Computer arbeitet verlangsamt, Malwarebytes findet 3 infizierte Dateien, vermehrte Popups |
| adblock, adobe, adware.widgitoolbar, backdoor.spynet.m, bifrose.trace, bonjour, browser, computer, desktop, farbar, farbar recovery scan tool, flash player, homepage, installation, ntdll.dll, pdfforge toolbar, photoshop, plug-in, plugin, programm, registry, scan, services.exe, software, svchost.exe, taskhost.exe, tracker, win32/adware.1clickdownload.aj, win32/speedingupmypc.b |
Baum-Darstellung