Trojaner TR/Agent.aotx.1
Hallo!
Diesmal habe ich den Laptop einer Bekannten zur "Pflege". Hier wurde von Avira obiger Trojaner gemeldet.
OTL - Extras.txt Code:
OTL Extras logfile created on: 16.07.2012 17:51:11 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Test\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,90% Memory free
6,10 Gb Paging File | 4,95 Gb Available in Paging File | 81,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,21 Gb Total Space | 146,69 Gb Free Space | 66,92% Space Free | Partition Type: NTFS
Drive D: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TEST-PC | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
OTL - OTL.txt Code:
OTL logfile created on: 16.07.2012 17:51:06 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Test\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 58,90% Memory free
6,10 Gb Paging File | 4,95 Gb Available in Paging File | 81,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,21 Gb Total Space | 146,69 Gb Free Space | 66,92% Space Free | Partition Type: NTFS
Drive D: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TEST-PC | User Name: Test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.16 17:48:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
PRC - [2012.07.16 17:45:07 | 000,050,477 | ---- | M] () -- C:\Users\Test\Desktop\Defogger.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.28 16:36:39 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.01.23 14:15:54 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.7\ICQ.exe
PRC - [2011.12.05 13:42:22 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.05.27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\Scrybe\scrybe.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2010.06.23 22:41:43 | 000,200,704 | ---- | M] () -- C:\Windows\plfseti.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.12 06:20:52 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.02.06 13:07:08 | 000,686,624 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe
PRC - [2009.02.06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.16 17:45:07 | 000,050,477 | ---- | M] () -- C:\Users\Test\Desktop\Defogger.exe
MOD - [2011.03.31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010.07.21 20:02:08 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2010.06.23 22:41:43 | 000,200,704 | ---- | M] () -- C:\Windows\plfseti.exe
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Programme\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2009.02.06 13:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008.05.06 00:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\L1C60x86.sys -- (L1C)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.04 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0410&m=e525
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?barid={67A25F9F-064C-4D85-8EAB-DC6F0C5CAEE0}
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={67A25F9F-064C-4D85-8EAB-DC6F0C5CAEE0}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0410&m=e525
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {A8EE9393-6F22-41DB-B2E4-0C6F67CB18E9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=b5lTpTWrnT6BNmDJ0IXbyi7g9sQ?q={searchTerms}
IE - HKCU\..\SearchScopes\{A8EE9393-6F22-41DB-B2E4-0C6F67CB18E9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE385
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={67A25F9F-064C-4D85-8EAB-DC6F0C5CAEE0}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\plfseti.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Userinit] C:\Users\Test\AppData\Roaming\appconf32.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{630552E6-0066-4380-A077-2B18F4453502}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.25 16:17:40 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.10.15 09:52:30 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f004a16d-41b7-11df-9962-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f004a16d-41b7-11df-9962-806e6f6e6963}\Shell\AutoRun\command - "" = D:\cdstart.exe -- [2010.11.18 16:27:48 | 001,419,984 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.16 17:48:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.07.16 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.13 16:25:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.13 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\Avira
[2012.07.13 12:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.13 12:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.07.13 12:26:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.13 12:26:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.13 12:26:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.13 12:26:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.13 12:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.13 12:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.20 14:17:55 | 000,000,000 | ---D | C] -- C:\Users\Test\AppData\Roaming\World4
[1 C:\Users\Test\AppData\Roaming\*.tmp files -> C:\Users\Test\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.16 17:48:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Test\Desktop\OTL.exe
[2012.07.16 17:47:59 | 000,000,000 | ---- | M] () -- C:\Users\Test\defogger_reenable
[2012.07.16 17:45:07 | 000,050,477 | ---- | M] () -- C:\Users\Test\Desktop\Defogger.exe
[2012.07.16 17:42:01 | 000,167,104 | ---- | M] () -- C:\Users\Test\AppData\Roaming\AcroIEHelpe169.dll
[2012.07.16 17:42:01 | 000,006,400 | ---- | M] () -- C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
[2012.07.16 17:41:52 | 000,000,051 | ---- | M] () -- C:\Users\Test\AppData\Roaming\blckdom.res
[2012.07.16 17:41:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.16 16:40:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 16:39:33 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.16 16:31:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.13 20:49:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 20:49:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 20:48:19 | 3147,808,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 17:51:34 | 000,304,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.13 12:27:19 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.29 14:17:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.29 14:17:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.29 14:17:07 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.29 14:17:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Users\Test\AppData\Roaming\*.tmp files -> C:\Users\Test\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.16 17:47:59 | 000,000,000 | ---- | C] () -- C:\Users\Test\defogger_reenable
[2012.07.16 17:45:06 | 000,050,477 | ---- | C] () -- C:\Users\Test\Desktop\Defogger.exe
[2012.07.16 17:42:01 | 000,167,104 | ---- | C] () -- C:\Users\Test\AppData\Roaming\AcroIEHelpe169.dll
[2012.07.16 17:42:01 | 000,006,400 | ---- | C] () -- C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
[2012.07.16 16:39:33 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 12:27:19 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.16 14:12:46 | 000,000,051 | ---- | C] () -- C:\Users\Test\AppData\Roaming\blckdom.res
[2012.01.09 14:34:13 | 269,781,597 | ---- | C] () -- C:\Users\Test\mvp.exe
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.08 13:27:01 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.21 20:35:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.21 20:35:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.23 22:44:53 | 000,012,288 | ---- | C] () -- C:\Users\Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.22 19:56:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.09 17:23:13 | 000,053,712 | RHS- | C] () -- C:\Users\Test\AppData\Roaming\appconf32.exe
========== LOP Check ==========
[2012.05.10 13:59:24 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\.minecraft
[2011.08.25 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\FarmingSimulator2008
[2012.05.19 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\ICQ
[2012.06.16 14:12:18 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\kock
[2011.07.20 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Synaptics
[2012.06.17 12:36:30 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\UAs
[2012.06.20 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\World4
[2012.06.17 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\xmldm
[2012.07.13 18:21:38 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Danke schonmal für Eure Hilfe! Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-16 18:59:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2555GSX rev.FG001J
Running: ostqxwog.exe; Driver: C:\Users\Test\AppData\Local\Temp\pxldipow.sys
---- System - GMER 1.0.15 ----
SSDT 8CDB556E ZwCreateSection
SSDT 8CDB5578 ZwRequestWaitReplyPort
SSDT 8CDB5573 ZwSetContextThread
SSDT 8CDB557D ZwSetSecurityObject
SSDT 8CDB5582 ZwSystemDebugControl
SSDT 8CDB550F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81EE58D8 4 Bytes [6E, 55, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 81EE5BFC 4 Bytes [78, 55, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 81EE5C30 4 Bytes [73, 55, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81EE5C94 4 Bytes [7D, 55, DB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 81EE5CDC 4 Bytes [82, 55, DB, 8C] {ADC BYTE [EBP-0x25], -0x74}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskeng.exe[312] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Windows\system32\igfxsrvc.exe[1608] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Windows\system32\Dwm.exe[1716] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Windows\Explorer.EXE[1776] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Windows\Explorer.EXE[1776] kernel32.dll!CreateProcessW 75951BF3 5 Bytes JMP 05F350CA
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1904] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[1912] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] kernel32.dll!CreateThread 7599CB2E 5 Bytes JMP 717D75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] ADVAPI32.dll!RegOpenKeyExW 75E77BA1 5 Bytes JMP 0248121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!SetWindowsHookExW 758B87AD 5 Bytes JMP 718125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!CallNextHookEx 758B8E3B 5 Bytes JMP 71837FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!UnhookWindowsHookEx 758B98DB 5 Bytes JMP 7185ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!EnableWindow 758BCD8B 5 Bytes JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DefWindowProcA 758BDB88 7 Bytes JMP 717D97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!CreateWindowExA 758BDC2A 5 Bytes JMP 717E362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!CreateWindowExW 758C1305 5 Bytes JMP 718403B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DefWindowProcW 758D03B4 7 Bytes JMP 71838042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxParamW 758E10B0 5 Bytes JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxIndirectParamW 758E2EF5 5 Bytes JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxParamA 758F8152 5 Bytes JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!DialogBoxIndirectParamA 758F847D 5 Bytes JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxIndirectA 7590D4D9 5 Bytes JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxIndirectW 7590D5D3 5 Bytes JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxExA 7590D639 5 Bytes JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] USER32.dll!MessageBoxExW 7590D65D 5 Bytes JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] ole32.dll!OleLoadFromStream 75A51E80 5 Bytes JMP 7196955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetOpenA 757AD5E8 5 Bytes JMP 002B99B2
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetCrackUrlA 757B027E 5 Bytes JMP 002B961A
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetConnectA 757C567E 5 Bytes JMP 002B9718
.text C:\Program Files\Internet Explorer\iexplore.exe[1920] WININET.dll!InternetOpenW 757CC596 5 Bytes JMP 002B99C4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1928] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] ADVAPI32.dll!RegOpenKeyExW 75E77BA1 5 Bytes JMP 02C8121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!EnableWindow 758BCD8B 5 Bytes JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxParamW 758E10B0 5 Bytes JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxIndirectParamW 758E2EF5 5 Bytes JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxParamA 758F8152 5 Bytes JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!DialogBoxIndirectParamA 758F847D 5 Bytes JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxIndirectA 7590D4D9 5 Bytes JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxIndirectW 7590D5D3 5 Bytes JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxExA 7590D639 5 Bytes JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] USER32.dll!MessageBoxExW 7590D65D 5 Bytes JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetOpenA 757AD5E8 5 Bytes JMP 006D99B2
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetCrackUrlA 757B027E 5 Bytes JMP 006D961A
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetConnectA 757C567E 5 Bytes JMP 006D9718
.text C:\Program Files\Internet Explorer\iexplore.exe[2088] WININET.dll!InternetOpenW 757CC596 5 Bytes JMP 006D99C4
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!LoadLibraryExW 7597927C 6 Bytes JMP 5F070F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!ReadFile 7598F0D3 6 Bytes JMP 5F190F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!GetFileSize 75997368 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!CloseHandle 7599B0AD 6 Bytes JMP 5F160F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] kernel32.dll!CreateFileW 7599B0EB 6 Bytes JMP 5F130F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!SetParent 758BA2AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!SetParent + 4 758BA2AE 2 Bytes [20, 5F]
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!CreateWindowExW 758C1305 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!DispatchMessageW 758D021C 6 Bytes JMP 5F040F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] USER32.dll!PeekMessageW 758D045A 6 Bytes JMP 5F100F5A
.text C:\Program Files\ICQ7.7\ICQ.exe[2092] ole32.dll!CoCreateInstance 75A89F3E 6 Bytes JMP 5F0D0F5A
.text C:\Windows\plfseti.exe[3356] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Windows\System32\igfxtray.exe[3380] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Windows\System32\hkcmd.exe[3388] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Windows\System32\igfxpers.exe[3396] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3408] ntdll.dll!NtClearEvent + F 770A4183 6 Bytes JMP 003C0313
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] kernel32.dll!CreateThread 7599CB2E 5 Bytes JMP 717D75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] ADVAPI32.dll!RegOpenKeyExW 75E77BA1 5 Bytes JMP 02BD121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!SetWindowsHookExW 758B87AD 5 Bytes JMP 718125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CallNextHookEx 758B8E3B 5 Bytes JMP 71837FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!UnhookWindowsHookEx 758B98DB 5 Bytes JMP 7185ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!EnableWindow 758BCD8B 5 Bytes JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DefWindowProcA 758BDB88 7 Bytes JMP 717D97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CreateWindowExA 758BDC2A 5 Bytes JMP 717E362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!CreateWindowExW 758C1305 5 Bytes JMP 718403B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DefWindowProcW 758D03B4 7 Bytes JMP 71838042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxParamW 758E10B0 5 Bytes JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxIndirectParamW 758E2EF5 5 Bytes JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxParamA 758F8152 5 Bytes JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!DialogBoxIndirectParamA 758F847D 5 Bytes JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxIndirectA 7590D4D9 5 Bytes JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxIndirectW 7590D5D3 5 Bytes JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxExA 7590D639 5 Bytes JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] USER32.dll!MessageBoxExW 7590D65D 5 Bytes JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] ole32.dll!OleLoadFromStream 75A51E80 5 Bytes JMP 7196955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetOpenA 757AD5E8 5 Bytes JMP 01BA99B2
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetCrackUrlA 757B027E 5 Bytes JMP 01BA961A
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetConnectA 757C567E 5 Bytes JMP 01BA9718
.text C:\Program Files\Internet Explorer\iexplore.exe[4224] WININET.dll!InternetOpenW 757CC596 5 Bytes JMP 01BA99C4
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] kernel32.dll!CreateThread 7599CB2E 5 Bytes JMP 717D75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] ADVAPI32.dll!RegOpenKeyExW 75E77BA1 5 Bytes JMP 0300121E C:\Users\Test\AppData\Roaming\BAcroIEHelpe169.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!SetWindowsHookExW 758B87AD 5 Bytes JMP 718125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!CallNextHookEx 758B8E3B 5 Bytes JMP 71837FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!UnhookWindowsHookEx 758B98DB 5 Bytes JMP 7185ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!EnableWindow 758BCD8B 5 Bytes JMP 71819EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DefWindowProcA 758BDB88 7 Bytes JMP 717D97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!CreateWindowExA 758BDC2A 5 Bytes JMP 717E362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!CreateWindowExW 758C1305 5 Bytes JMP 718403B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DefWindowProcW 758D03B4 7 Bytes JMP 71838042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxParamW 758E10B0 5 Bytes JMP 7177187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxIndirectParamW 758E2EF5 5 Bytes JMP 71968D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxParamA 758F8152 5 Bytes JMP 71968D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!DialogBoxIndirectParamA 758F847D 5 Bytes JMP 71968DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxIndirectA 7590D4D9 5 Bytes JMP 71968CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxIndirectW 7590D5D3 5 Bytes JMP 71968C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxExA 7590D639 5 Bytes JMP 71968BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] USER32.dll!MessageBoxExW 7590D65D 5 Bytes JMP 71968B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] ole32.dll!OleLoadFromStream 75A51E80 5 Bytes JMP 7196955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetOpenA 757AD5E8 5 Bytes JMP 003899B2
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetCrackUrlA 757B027E 5 Bytes JMP 0038961A
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetConnectA 757C567E 5 Bytes JMP 00389718
.text C:\Program Files\Internet Explorer\iexplore.exe[4448] WININET.dll!InternetOpenW 757CC596 5 Bytes JMP 003899C4
.text C:\Windows\system32\wuauclt.exe[5788] ntdll.dll!NtClearEvent + F 770A4183 1 Byte [00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings@alive 0x30 0x6C 0xC0 0x8F ...
---- EOF - GMER 1.0.15 ----
...auch dieses Ding meldet Avira ;-(
RKIT/Agent.deov |
