| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows XP SP3 - Verdacht auf VirusinfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.01.2015, 19:27
| #1 |
 |  Windows XP SP3 - Verdacht auf Virusinfektion Hallo Team, ich habe den Verdacht, daß auf meinem alten Windows XP SP3 Rechner ein/mehrere Virusinfektionen vorhanden sind. Nach dem AVAST mir 8 Dateien gemeldet hat, die infiziert sind (wurden in Quarantäne) verschoben. Ich fürchte, daß da noch mehr "kaputt" gegangen ist, obwohl ein erneuter Scan mit AVAST mir keine infizierten Dateien mehr meldet. Ich bitte um Hilfe. Folgende Dinge habe ich schon gemacht: 1. Defogger runtergeladen - allerdings nicht ausgeführt, da ich glaube, die erwähnte Komponente nicht im Einsatz zu haben. 2. FRST bricht bei mir mit Meldung: "FRST.exe hat ein Problem festgestellt und muss beendet werden." ab. Anbei trotzdem das FRST-Log-File: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-01-2015
Ran by Anke (administrator) on ANKESPC on 02-01-2015 18:38:05
Running from C:\Dokumente und Einstellungen\All Users\Dokumente\20150102_Virus\FRST_32_ich
Loaded Profile: Anke (Available profiles: Anke & Internet & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Programme\Canon\IJPLM\ijplmsvc.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
() D:\Programme\CDBurnerXP\NMSAccessU.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
(TOSHIBA Corp.) C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Synaptics, Inc.) C:\Programme\Synaptics\SynTP\Toshiba.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA) C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(TOSHIBA CORPORATION) C:\Programme\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(TOSHIBA Corporation) C:\Programme\Toshiba\Tvs\TvsTray.exe
(TOSHIBA Corporation) C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
(TOSHIBA Corporation) C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
(Intel Corporation) C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
(Acronis) D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
(Acronis) D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
(Adobe Systems Incorporated) C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(AVAST Software) D:\Programme\AVAST Software\Avast\AvastUI.exe
(Haufe-Lexware GmbH & Co. KG) C:\Programme\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
(Samsung Electronics Co., Ltd.) D:\Programme\Samsung\Kies\KiesTrayAgent.exe
(TOSHIBA) C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Samsung) D:\Programme\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(OpenOffice.org) D:\Programme\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) D:\Programme\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
(Mozilla Corporation) D:\Programme\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet /keeploaded /nodetect
HKLM\...\Run: [NVRotateSysTray] => rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
HKLM\...\Run: [SynTPEnh] => C:\Programme\Synaptics\SynTP\SynTPEnh.exe [761948 2006-03-03] (Synaptics, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16206848 2006-05-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88204 2005-12-13] (Agere Systems)
HKLM\...\Run: [THotkey] => C:\Programme\Toshiba\Toshiba Applet\thotkey.exe [356352 2006-08-25] (TOSHIBA)
HKLM\...\Run: [TPSMain] => C:\WINDOWS\system32\TPSMain.exe [266240 2005-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [Tvs] => C:\Programme\TOSHIBA\Tvs\TvsTray.exe [73728 2006-02-02] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [118784 2005-05-13] (TOSHIBA Corporation)
HKLM\...\Run: [TFncKy] => TFncKy.exe
HKLM\...\Run: [IntelZeroConfig] => C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe [802816 2006-08-01] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe [696320 2006-08-01] (Intel Corporation)
HKLM\...\Run: [CFSServ.exe] => CFSServ.exe -NoClient
HKLM\...\Run: [TrueImageMonitor.exe] => D:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [1176768 2006-09-22] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => D:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [1949912 2006-09-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [82832 2006-09-22] (Acronis)
HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Programme\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [REGSHAVE] => C:\Programme\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [iTunesHelper] => D:\Programme\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => D:\Programme\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-01] (AVAST Software)
HKLM\...\Run: [LexwareInfoService] => C:\Programme\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [KiesTrayAgent] => D:\Programme\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-02] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\...\Run: [TOSCDSPD] => C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2005-04-12] (TOSHIBA)
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\...\Run: [KiesPreload] => D:\Programme\Samsung\Kies\Kies.exe [975288 2012-07-02] (Samsung)
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\...\Run: [KiesAirMessage] => D:\Programme\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\...\Run: [KiesPDLR] => D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-02] ()
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows-Desktopsuche.lnk
ShortcutTarget: Windows-Desktopsuche.lnk -> C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Anke\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> D:\Programme\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Dokumente und Einstellungen\Internet\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Programme\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Dokumente und Einstellungen\Internet\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> D:\Programme\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Programme\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKU\S-1-5-21-4105758161-1787748336-607769600-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Programme\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4105758161-1787748336-607769600-1005 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110809&tt=3412_3&babsrc=SP_ss&mntrId=7068b5440000000000000018dea654c4
BHO: dsWebAllowBHO Class -> {2F85D76C-0569-466F-A488-493E6BD0E955} -> C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: MSN Suche Toolbar Helper -> {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -> C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4105758161-1787748336-607769600-1005 -> MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4105758161-1787748336-607769600-1005 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346007511875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [233472 2006-03-13] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 -> C:\Programme\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: Adobe Reader -> D:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default\user.js
FF SearchPlugin: C:\Dokumente und Einstellungen\Anke\Anwendungsdaten\Mozilla\Firefox\Profiles\h6ymivw5.default\searchplugins\conduit.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-07-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Programme\AVAST Software\Avast\WebRep\FF [2011-07-29]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Mozilla\Firefox\Profiles\6skchffi.default\extensions\faststartff@gmail.com
FF Extension: Fast Start - C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Mozilla\Firefox\Profiles\6skchffi.default\extensions\faststartff@gmail.com [2014-10-28]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Mozilla Firefox\firefox.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1414518061&from=tugs&uid=3219782655_1768_7068B544
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programme\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Programme\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Programme\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - D:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Dokumente und Einstellungen\Anke\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Google-Suche) - C:\Dokumente und Einstellungen\Anke\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-28]
CHR Extension: (Google Mail) - C:\Dokumente und Einstellungen\Anke\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\DOKUME~1\Anke\LOKALE~1\Temp\YontooLayers.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [226192 2006-09-22] (Acronis) [File not signed]
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
R2 avast! Antivirus; D:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R2 CFSvcs; C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-18] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [434176 2006-08-01] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [103808 2008-01-22] ()
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [553288 2013-11-02] (Apple Inc.)
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-22] (Mozilla Foundation)
R2 NMSAccess; D:\Programme\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [327680 2006-08-01] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [937984 2006-08-01] (Intel Corporation ) [File not signed]
R2 TAPPSRV; C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe [35840 2006-02-07] (TOSHIBA Corp.) [File not signed]
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
R2 x10nets; C:\Programme\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2011-07-29] (Meetinghouse Data Communications) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-01] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-01] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-10-06] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-10-06] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-10-06] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-10-06] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
S3 FINEPIX_PCC; C:\WINDOWS\System32\Drivers\V4CB0109.SYS [81796 2001-11-21] (FUJI PHOTO FILM CO.,LTD.)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1707776 2006-07-26] (Intel® Corporation)
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12544 2006-08-02] (Intel Corporation) [File not signed]
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [107056 2011-07-30] (Acronis) [File not signed]
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [33488 2011-07-30] (Acronis) [File not signed]
R0 timounter; C:\WINDOWS\System32\DRIVERS\timntr.sys [397296 2011-07-30] (Acronis) [File not signed]
S3 tosrfec; C:\WINDOWS\System32\DRIVERS\tosrfec.sys [9344 2005-09-09] (TOSHIBA Corporation) [File not signed]
R3 TVALD; C:\WINDOWS\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation) [File not signed]
R3 Tvs; C:\WINDOWS\System32\DRIVERS\Tvs.sys [45696 2006-05-30] (TOSHIBA Corporation) [File not signed]
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\WINDOWS\System32\Drivers\x10hid.sys [7040 2005-11-28] (X10 Wireless Technology, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U5 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [64896 2005-08-01] (TOSHIBA Corporation) [File not signed]
U5 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [40192 2006-06-09] (TOSHIBA CORPORATION) [File not signed]
U3 kxldrpow; \??\C:\DOKUME~1\Anke\LOKALE~1\Temp\kxldrpow.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 18:30 - 2015-01-02 18:30 - 00011214 _____ () C:\Dokumente und Einstellungen\Anke\Desktop\GMER02.log
2015-01-02 17:41 - 2015-01-02 17:41 - 00380416 _____ () C:\Dokumente und Einstellungen\Anke\Desktop\Gmer-19357.exe
2015-01-02 17:35 - 2015-01-02 17:35 - 00000886 _____ () C:\Dokumente und Einstellungen\Anke\Desktop\Verknüpfung mit FRST.lnk
2015-01-02 17:35 - 2015-01-02 17:35 - 00000527 _____ () C:\Dokumente und Einstellungen\Anke\Desktop\Verknüpfung mit 20150102_Virus.lnk
2015-01-02 17:34 - 2015-01-02 17:34 - 00000889 _____ () C:\Dokumente und Einstellungen\Anke\Desktop\Verknüpfung mit Defogger.lnk
2015-01-02 17:29 - 2015-01-02 17:29 - 00000128 _____ () C:\Dokumente und Einstellungen\Internet\Desktop\20150102_Virus.txt
2015-01-02 17:27 - 2015-01-02 18:39 - 00000000 ____D () C:\FRST
2015-01-02 17:25 - 2015-01-02 17:25 - 00000732 _____ () C:\Dokumente und Einstellungen\Internet\Desktop\Verknüpfung mit FRST.exe.lnk
2015-01-01 18:03 - 2015-01-01 18:03 - 00000796 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Avast Free Antivirus.lnk
2015-01-01 18:02 - 2015-01-01 18:02 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-01 18:02 - 2015-01-01 18:02 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 18:40 - 2012-08-24 12:36 - 00000000 ____D () C:\Dokumente und Einstellungen\Anke\Lokale Einstellungen\temp
2015-01-02 18:14 - 2012-08-05 11:15 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-02 18:04 - 2012-07-26 15:37 - 00000308 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-02 17:37 - 2011-07-30 12:51 - 00000000 ____D () C:\Dokumente und Einstellungen\Anke\Lokale Einstellungen\Anwendungsdaten\Temp
2015-01-02 17:34 - 2006-09-13 16:48 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Dokumente
2015-01-02 17:33 - 2006-09-14 10:17 - 00045378 _____ () C:\WINDOWS\system32\nvapps.xml
2015-01-02 17:33 - 2006-09-13 15:55 - 01152129 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-02 17:32 - 2014-04-09 19:06 - 00000228 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2015-01-02 17:32 - 2012-08-26 19:52 - 00291843 _____ () C:\WINDOWS\setupapi.log
2015-01-02 17:32 - 2006-09-13 16:50 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-02 17:32 - 2006-09-13 16:50 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-01-02 17:32 - 2006-09-13 16:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-02 17:32 - 2006-09-13 15:53 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-02 17:31 - 2013-12-30 22:12 - 00159114 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-01-02 17:31 - 2013-12-29 21:36 - 00220927 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-4105758161-1787748336-607769600-1006-0.dat
2015-01-02 17:31 - 2006-09-13 16:01 - 00032604 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-02 17:30 - 2011-07-29 20:56 - 00000190 ___SH () C:\Dokumente und Einstellungen\Internet\ntuser.ini
2015-01-02 17:29 - 2012-08-24 12:36 - 00000000 ____D () C:\Dokumente und Einstellungen\Internet\Lokale Einstellungen\temp
2015-01-02 15:54 - 2012-08-27 10:04 - 00002328 _____ () C:\WINDOWS\setupact.log
2015-01-01 19:48 - 2014-10-28 18:40 - 00000000 ____D () C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\VOPackage
2015-01-01 18:03 - 2011-09-06 09:48 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2015-01-01 18:03 - 2011-07-29 19:14 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-01-01 18:03 - 2011-07-29 19:13 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-01-01 18:03 - 2006-09-13 16:48 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-01-01 18:02 - 2014-08-04 17:11 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-01-01 18:02 - 2013-03-14 17:45 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-01-01 18:02 - 2013-03-14 17:45 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-01-01 18:02 - 2013-03-14 17:45 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-01-01 18:02 - 2011-07-29 19:13 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-01-01 18:02 - 2011-07-29 19:13 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-01-01 17:34 - 2011-07-29 15:36 - 00000190 ___SH () C:\Dokumente und Einstellungen\Anke\ntuser.ini
2014-12-30 18:08 - 2014-04-09 19:06 - 00000222 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job
2014-12-14 14:18 - 2013-07-15 08:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-14 14:11 - 2011-07-29 16:27 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 20:15 - 2012-08-05 11:15 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-11 20:15 - 2011-07-29 20:46 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
3. GMER-Log-File: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-02 18:30:11
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM321HI rev.2AJ10001 298,09GB
Running: Gmer-19357.exe; Driver: C:\DOKUME~1\Anke\LOKALE~1\Temp\kxldrpow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xF38ECAC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0xF3C2F0BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xF38ED5A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xF39335A0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xF38F963C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xF38F9688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xF38F9822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xF3932F54]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xF38F95AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xF38F96CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xF38F95F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xF38EDAD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xF38F97DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xF38EE390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xF38ECB2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xF3933C66]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xF3933F1C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xF38F1B86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xF3933AD1]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xF393393C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xF38EC716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xF3C2F574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xF38ECB90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xF38F1F7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xF38EEE78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xF38F9666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xF38F96AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xF38F9846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xF39332B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xF38F95D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xF38F147E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xF38F975A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xF38F961A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xF38F186A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xF38F9800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xF3C2F312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xF39337B7]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xF38EECEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xF3933609]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xF38EE842]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xF3C3D358]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwReplaceKey [0xF3C3DCC4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xF3932597]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xF38ECBF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xF38ECC5C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xF38EE20A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xF38EC7B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xF38EC982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xF3933D6D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xF38EC910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xF38EE55A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xF38EE6BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xF38ECA0A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xF38EE048]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xF38EE1EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xF38ECCC2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xF38ED5FE]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwYieldExecution + 346 804E4AF0 4 Bytes CALL 922E3E83
.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4B6C 12 Bytes [F6, CB, 8E, F3, 5C, CC, 8E, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4C14 12 Bytes [5A, E5, 8E, F3, BC, E6, 8E, ...] {POP EDX; IN EAX, 0x8e; MOV ESP, 0xaf38ee6; RETF 0xf38e}
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6653360, 0x21DDFD, 0xE8000020]
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF644EEBF]
---- User code sections - GMER 2.1 ----
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[484] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text D:\Programme\AVAST Software\Avast\AvastUI.exe[2644] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
Device \FileSystem\Fastfat \Fat B678CD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS
---- EOF - GMER 2.1 ----
|
| Themen zu Windows XP SP3 - Verdacht auf Virusinfektion |
| adobe, antivirus, bonjour, browser, canon, computer, downloader, einstellungen, firefox, flash player, homepage, iexplore.exe, internet, kaputt, mozilla, problem, realtek, registry, rundll, scan, security, software, system, udp, windows, windows xp |
Baum-Darstellung