Hallo zusammen!
Ich habe geraden einen Rootkit scan mit Av AntiRootkit Tool gemacht und habe das folgenden Report erhalten:
Code:
Alles auswählen Aufklappen ATTFilter
Avira AntiRootkit Tool (1.1.0.1)
========================================================================================================
- Scan started Donnerstag, 7. Januar 2010 - 16:49:27
========================================================================================================
--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 186.30 GB
- Working disk free size : 25.38 GB (13 %)
--------------------------------------------------------------------------------------------------------
Results:
Embedded nulls : HKEY_USERS\S-1-5-21-1757981266-1060284298-839522115-1006\Software\YourCompanyName\YourProductName\Version�
Hidden value : HKEY_USERS\S-1-5-21-1757981266-1060284298-839522115-1006\Software\YourCompanyName\YourProductName\Version -> versiondata
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\notify
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> autorestartshell
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> defaultdomainname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> defaultusername
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> legalnoticecaption
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> legalnoticetext
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> powerdownaftershutdown
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> reportbootok
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> shell
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> shutdownwithoutlogon
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> system
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> userinit
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> vmapplet
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> sfcquota
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> allocatecdroms
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> allocatedasd
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> allocatefloppies
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> cachedlogonscount
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> forceunlocklogon
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> passwordexpirywarning
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> scremoveoption
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> allowmultipletssessions
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> uihost
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> logontype
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> background
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> debugservercommand
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> sfcdisable
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> winstationsdisabled
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> hibernationpreviouslyenabled
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> showlogonoptions
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> altdefaultusername
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -> altdefaultdomainname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> nomachinepolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> nouserpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> noslowlink
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> nobackgroundpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> peruserlocalsettings
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> requiressuccessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> enableasynchronousprocessing
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} -> requiressucessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} -> displayname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} -> requiressuccessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE} -> displayname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE} -> processgrouppolicyex
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE} -> requiressuccessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> generategrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> extensionrsopplanningdebuglevel
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> processgrouppolicyex
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> extensiondebuglevel
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> nouserpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> enableasynchronousprocessing
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} -> maxnogpolistchangesinterval
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> processgrouppolicyex
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> generategrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> noslowlink
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> nobackgroundpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> nomachinepolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} -> displayname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} -> nouserpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} -> requiressuccessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> enableasynchronousprocessing
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> nobackgroundpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> nomachinepolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> noslowlink
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> nouserpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> peruserlocalsettings
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} -> requiressuccessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> processgrouppolicyex
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> generategrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> nobackgroundpolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> requiressucessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> noslowlink
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> peruserlocalsettings
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} -> eventsources
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} -> displayname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} -> dllname
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} -> nogpolistchanges
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} -> processgrouppolicy
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} -> processgrouppolicyex
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} -> requiressuccessfulregistry
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> hilfeassistent
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> tsinternetuser
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> sqlagentcmdexec
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> netshowservices
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> helpassistant
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> iwam_
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> iusr_
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> vusr_
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList -> aspnet
--------------------------------------------------------------------------------------------------------
Files: 0/258891
Registry items: 113/573397
Processes: 0/54
Scan time: 00:18:10
--------------------------------------------------------------------------------------------------------
Active processes:
- ksqoalfc.exe (PID 1460) (Avira AntiRootkit Tool)
- update.exe (PID 2540)
- avnotify.exe (PID 3576)
- System (PID 4)
- smss.exe (PID 636)
- csrss.exe (PID 872)
- winlogon.exe (PID 904)
- services.exe (PID 952)
- lsass.exe (PID 964)
- ati2evxx.exe (PID 1124)
- svchost.exe (PID 1140)
- svchost.exe (PID 1212)
- svchost.exe (PID 1356)
- InCDsrv.exe (PID 1376)
- ati2evxx.exe (PID 1452)
- svchost.exe (PID 1524)
- svchost.exe (PID 1648)
- svchost.exe (PID 1728)
- spoolsv.exe (PID 1784)
- sched.exe (PID 1832)
- svchost.exe (PID 1912)
- avguard.exe (PID 1960)
- AOLacsd.exe (PID 1972)
- AppleMobileDeviceService.exe (PID 1988)
- bgsvcgen.exe (PID 2044)
- mDNSResponder.exe (PID 144)
- ICQ Service.exe (PID 192)
- svchost.exe (PID 544)
- wanmpsvc.exe (PID 664)
- alg.exe (PID 1392)
- explorer.exe (PID 2272)
- SOUNDMAN.EXE (PID 2556)
- InCD.exe (PID 2712)
- Application Launcher.exe (PID 2772)
- QTTask.exe (PID 2788)
- realplay.exe (PID 2796)
- SweetIM.exe (PID 2804)
- avgnt.exe (PID 2820)
- ctfmon.exe (PID 2828)
- MOM.exe (PID 2840)
- hpotdd01.exe (PID 2892)
- WiFiN.exe (PID 2916)
- aolsoftware.exe (PID 3112)
- CCC.exe (PID 3532)
- OIS.EXE (PID 3776)
- Generic.exe (PID 3344)
- epmworker.exe (PID 3260)
- iexplore.exe (PID 3440)
- iexplore.exe (PID 3608)
- iexplore.exe (PID 3296)
- iexplore.exe (PID 2596)
- iexplore.exe (PID 2524)
- notepad.exe (PID 276)
- avirarkd.exe (PID 1876)
========================================================================================================
- Scan finished Donnerstag, 7. Januar 2010 - 17:07:37
========================================================================================================
Weis jemand was das bedeutet und was ich tun kann? Oder sollte ich gleich System komplett neu machen?
Hab es gestern auch noch mit
GMER versucht und gescannt, dann aber nach einiger zeit abgebrochen, da es sehr langsam voran ging. Hier der Report:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.14966 - h******w.gmer.net
Rootkit scan 2010-01-07 053009
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT F7C8D106 ZwCreateKey
SSDT F7C8D0FC ZwCreateThread
SSDT F7C8D10B ZwDeleteKey
SSDT F7C8D115 ZwDeleteValueKey
SSDT F7C8D11A ZwLoadKey
SSDT F7C8D0E8 ZwOpenProcess
SSDT F7C8D0ED ZwOpenThread
SSDT F7C8D124 ZwReplaceKey
SSDT F7C8D11F ZwRestoreKey
SSDT F7C8D110 ZwSetValueKey
SSDT F7C8D0F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2514 80501404 4 Bytes CALL 5147DCD9
---- User IATEAT - GMER 1.0.15 ----
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOLACSAOLAcsd.exe[716] @ GWINDOWSsystem32iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32shell32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32shell32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32shell32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32shell32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32shell32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
IAT GProgrammeGemeinsame DateienAOL1176588086eeaolsoftware.exe[876] @ GWINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] GProgrammeGemeinsame DateienAOLAOLDiagtbdiag.dll (AOL DiagnosticsAOL LLC)
---- Devices - GMER 1.0.15 ----
Device pci.sys (NT-Plug & Play PCI-EnumeratorMicrosoft Corporation)
---- EOF - GMER 1.0.15 ----
vielleicht noch zu erwähnen wäre dieses Ereignis, was ich jedoch bereits behoben habe.
Die Datei 'G:\System Volume Information\_restore{BACF4CAC-049B-4C5F-863E-E8BDEFFFEB3C}\RP22\A0003150.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/FraudPack.aebj' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b751eed.qua' verschoben!
Der normale Virenscanner von AV findet keine Viren.
Bitte um schnelle Hilfe! Danke im voraus!
Linear-Darstellung
