| |
| |||||||
Log-Analyse und Auswertung: Windows XP Avast: Win32:Evo-gen [Susp]Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.08.2014, 00:23
| #1 |
 | ![Windows XP Avast: Win32:Evo-gen [Susp] - Standard](images/icons/icon1.gif){kind=icon} Windows XP Avast: Win32:Evo-gen [Susp] Hallo! Ich weiß, dass Windows XP schon veraltet ist, aber auf diesem Rechner läuft eigentlich so vieles das ich benötige und bisher gabe es keine Probleme. Ich hoffe, dass Windows XP hier auch noch unterstützt wird.... Begonnen hat alles mit einem Problem meiner Palm-Software, dass beim Synchronisieren ein Fehler bei der Datei EASNotify.dll gemeldet wurde. Ich habe auch schon mehrfach versucht, das System auf einen früheren Zeitpunkt zurückzusetzen - leider immer ohne Erfolg. Es kam immer die Meldung, dass auf diesen Zeitpunkt nicht aufgesetzt werden kann! Das beunruhigt mich eigentlich auch sehr... Installiert ist das Windows XP SP3 mit allen bis zuletzt vorhandenen Updates. Als AV verwende ich AVAST Free Antivirus 2014. Hier ein Auszug aus dem Avast Virus Container: (leider keine Downloadmöglichkeit gefunden und Strg-C funktioniert auch nicht) Name / Ursprünglicher Ort / Letzte Änderung / Transferzeit / Virus regjster.exe / C:\Programme\Palm / 08.08.2005 11:36:14 / 19.08.2014 20:33:02 / Win32:Evo-gen [Susp] Hier meine Logfiles: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:26 on 19/08/2014 (gb63)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Habe ich dadurch jetzt was auf meinem PC zerstört? Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by gb63 (administrator) on GB-HOME on 19-08-2014 21:28:36
Running from C:\Dokumente und Einstellungen\Gerhard\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Cisco Systems, Inc.) C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AVAST Software) C:\Programme\Alwil Software\Avast5\AvastSvc.exe
(Broadcom Corporation.) C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(InstallShield Software Corporation) C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
() C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(shbox.de) C:\Programme\FreePDF_XP\fpassist.exe
(VMware, Inc.) C:\Programme\VMware\VMware Player\hqtray.exe
(RealNetworks, Inc.) C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
(Sony Corporation) C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe
(AVAST Software) C:\Programme\Alwil Software\Avast5\avastui.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuschd2.exe
(Broadcom Corporation.) C:\Programme\Belkin\Bluetooth Software\BTTray.exe
(PalmSource, Inc) C:\Programme\Palm\Hotsync.exe
(Logitech, Inc.) C:\Programme\Logitech\SetPoint\SetPoint.exe
(Microsoft Corporation) C:\Programme\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Logitech, Inc.) C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\ckpNotify: C:\WINDOWS\SYSTEM32\ckpNotify.dll (Check Point Software Technologies)
Winlogon\Notify\LBTWlgn: c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Programme\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync.lnk
ShortcutTarget: HotSync.lnk -> C:\Programme\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HOTSYNCSHORTCUTNAME.lnk
ShortcutTarget: HOTSYNCSHORTCUTNAME.lnk -> C:\Programme\Palm\Hotsync.exe (PalmSource, Inc)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\Microsoft Outlook.lnk
ShortcutTarget: Microsoft Outlook.lnk -> C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
Startup: C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Autostart\Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series.lnk -> C:\Programme\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Programme\Alwil Software\Avast5\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.search.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {D3779843-5AAF-4907-98F1-01BC045E878C} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {D3779843-5AAF-4907-98F1-01BC045E878C} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\WINDOWS\SYSTEM32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} -> No File
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://viesh-win0032.pdrive.local/CitrixSessionInit/ICAWEB/de/ica32/wficat.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://mas.voestalpine.com/vdesk/terminal/urxvpn.cab#version=7000,2013,918,512
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://mas.voestalpine.com/vdesk/terminal/f5tunsrv.cab#version=7000,2013,426,1901
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://mas.voestalpine.com/vdesk/terminal/InstallerControl.cab#version=7000,2013,0426,1915
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://mas.voestalpine.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2013,0426,1847
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://mas.voestalpine.com/vdesk/terminal/urTermProxy.cab#version=6020,2009,0312,0403
DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.pdrive.com/net6helper.cab
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} https://mas.voestalpine.com/vdesk/terminal/vdeskctrl.cab#Version=7000,2013,0426,1859
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://mas.voestalpine.com/vdesk/terminal/urxshost.cab#version=7000,2013,426,1858
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://engine.netanday.it/ajax_webcam/codec/AMC.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://mas.voestalpine.com/vdesk/terminal/urxhost.cab#version=7000,2013,426,1913
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://mas.voestalpine.com/policy/download_binary.php/win32/f5syschk.cab#Version=7000,2013,0426,1901
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ras-eu.besi.com/dana-cached/sc/JuniperSetupClient.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Programme\VMware\VMware Player\vsocklib.dll [338480] (VMware, Inc.)
Winsock: Catalog9 10 C:\Programme\VMware\VMware Player\vsocklib.dll [338480] (VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mozilla\Firefox\Profiles\j2pymkyq.default-1402502459187
FF DefaultSearchEngine: Google.at
FF SelectedSearchEngine: Google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Citrix.com/npican -> C:\Programme\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Programme\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Programme\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.709 -> c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.709 -> c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.709 -> c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: vitzo.com/VDownloader -> C:\Programme\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: F5 Networks Host Plugin - C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mozilla\Firefox\Profiles\j2pymkyq.default-1402502459187\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-06-23]
FF Extension: Skype Click to Call - C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-18]
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Programme\VDownloader\Addons\FireFox
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Programme\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Programme\Alwil Software\Avast5\WebRep\FF [2011-04-24]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Programme\VDownloader\Addons\Chrome.crx []
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Programme\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 btwdins; C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe [266295 2006-06-07] (Broadcom Corporation.) [File not signed]
S2 gupdate1c9b5f28f2902f4; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-05] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-04-05] (Google Inc.)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182696 2014-08-11] (Oracle Corporation)
S3 LBTServ; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [121360 2009-02-19] (Logitech, Inc.)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-07-22] (Mozilla Foundation)
S3 NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG)
S3 NetSvc; C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
S3 NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 SkypeUpdate; C:\Programme\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SR_Service; C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe [110691 2006-04-09] (Check Point Software Technologies) [File not signed]
S3 SR_WatchDog; C:\Programme\CheckPoint\SecuRemote\bin\SR_WatchDog.exe [36964 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 TeamViewer9; C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe [5341536 2013-12-17] (TeamViewer GmbH)
R2 TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 ufad-ws60; C:\Programme\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)
R2 VMAuthdService; C:\Programme\VMware\VMware Player\vmware-authd.exe [113200 2010-01-22] (VMware, Inc.)
R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2010-01-22] (VMware, Inc.)
R2 VMUSBArbService; C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2010-01-22] (VMware, Inc.)
R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2010-01-22] (VMware, Inc.)
R2 vpnagent; C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [493248 2009-10-09] (Cisco Systems, Inc.)
S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [82380 2009-04-23] (Oak Technology Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-04] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-04] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-04] ()
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [329901 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2006-06-07] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [855018 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149028 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [47811 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67384 2006-06-07] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 CP_OMDRV; C:\WINDOWS\System32\drivers\omdrv.sys [36400 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltw2k.sys [11664 2013-09-17] (F5 Networks, Inc.)
R3 FW1; C:\WINDOWS\System32\DRIVERS\fw.sys [2234320 2006-04-09] (Check Point Software Technologies)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2010-01-22] (VMware, Inc.)
S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 Net6IM; C:\WINDOWS\System32\DRIVERS\net6im51.sys [46448 2007-07-13] (Citrix Systems, Inc.)
R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 urvpndrv; C:\WINDOWS\System32\DRIVERS\covpndrv.sys [37456 2013-04-01] (F5 Networks, Inc.)
R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2010-01-22] (VMware, Inc.)
R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16560 2010-01-22] (VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [32688 2010-01-22] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2010-01-22] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [854192 2010-01-22] (VMware, Inc.)
R2 VNASC; C:\WINDOWS\System32\DRIVERS\vnasc.sys [109072 2006-04-09] (Check Point Software Technologies)
R2 VPN-1; C:\WINDOWS\System32\drivers\vpn.sys [671472 2006-04-09] (Check Point Software Technologies) [File not signed]
R2 vstor2-ws60; C:\Programme\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
S1 SABKUTIL; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \??\C:\Programme\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 21:28 - 2014-08-19 21:29 - 00030868 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.txt
2014-08-19 21:28 - 2014-08-19 21:28 - 00000000 ____D () C:\FRST
2014-08-19 21:27 - 2014-08-19 21:28 - 01093632 _____ (Farbar) C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.exe
2014-08-19 21:26 - 2014-08-19 21:27 - 00000248 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_enable.log
2014-08-19 21:26 - 2014-08-19 21:26 - 00000476 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_disable.log
2014-08-19 21:25 - 2014-08-19 21:25 - 00050477 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Defogger.exe
2014-08-19 21:02 - 2014-08-19 21:02 - 01101648 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\HijackThis - CHIP-Installer.exe
2014-08-19 20:46 - 2014-08-19 20:46 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-18 16:00 - 2014-08-19 20:46 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-08-13 19:55 - 2014-07-30 19:12 - 00454443 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140813-195521.backup
2014-08-11 12:16 - 2014-08-11 12:16 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-11 12:15 - 2014-08-11 12:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Programme\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-07-30 19:12 - 2014-07-29 19:54 - 00454441 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140730-191201.backup
2014-07-22 18:58 - 2014-07-22 18:58 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-19 21:29 - 2014-08-19 21:28 - 00030868 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.txt
2014-08-19 21:29 - 2006-03-13 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Temp
2014-08-19 21:28 - 2014-08-19 21:28 - 00000000 ____D () C:\FRST
2014-08-19 21:28 - 2014-08-19 21:27 - 01093632 _____ (Farbar) C:\Dokumente und Einstellungen\Gerhard\Desktop\FRST.exe
2014-08-19 21:27 - 2014-08-19 21:26 - 00000248 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_enable.log
2014-08-19 21:26 - 2014-08-19 21:26 - 00000476 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\defogger_disable.log
2014-08-19 21:26 - 2006-03-13 22:58 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard
2014-08-19 21:25 - 2014-08-19 21:25 - 00050477 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Defogger.exe
2014-08-19 21:11 - 2009-06-24 22:06 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 21:02 - 2014-08-19 21:02 - 01101648 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\HijackThis - CHIP-Installer.exe
2014-08-19 20:49 - 2012-07-06 07:50 - 00000358 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-08-19 20:49 - 2012-03-30 17:49 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-19 20:49 - 2010-01-20 16:28 - 01572788 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-19 20:49 - 2008-02-01 11:06 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\VMware
2014-08-19 20:49 - 2008-02-01 11:05 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VMware
2014-08-19 20:49 - 2004-08-13 14:40 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-19 20:48 - 2014-05-02 19:37 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-08-19 20:48 - 2014-03-28 20:18 - 00000226 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2014-08-19 20:48 - 2010-03-14 20:11 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2999297034-267916414-2314848737-1005.job
2014-08-19 20:48 - 2010-01-20 16:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-19 20:48 - 2010-01-20 16:33 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-19 20:48 - 2009-06-24 22:06 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 20:47 - 2007-09-26 21:49 - 01627968 _____ () C:\WINDOWS\system32\ckpNotify.log
2014-08-19 20:47 - 2004-08-13 15:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-19 20:46 - 2014-08-19 20:46 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-08-19 20:46 - 2014-08-18 16:00 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\Adobe
2014-08-19 20:46 - 2014-05-03 16:04 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
2014-08-19 20:46 - 2013-08-15 11:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 20:46 - 2006-03-14 03:14 - 00000000 ____D () C:\Programme\Palm
2014-08-19 20:46 - 2006-03-14 03:10 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Startmenü\Programme\Palm
2014-08-19 20:46 - 2004-08-13 14:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2014-08-19 20:46 - 2004-08-13 14:47 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-08-19 20:46 - 2004-08-13 14:47 - 00000000 ____D () C:\Programme
2014-08-19 20:45 - 2012-11-20 07:44 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
2014-08-19 20:45 - 2010-01-20 16:33 - 00032600 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-19 20:28 - 2006-03-14 03:10 - 00001595 _____ () C:\Dokumente und Einstellungen\Gerhard\Desktop\Palm Desktop.lnk
2014-08-19 20:23 - 2006-03-14 01:04 - 00000000 ____D () C:\Transfer
2014-08-18 16:27 - 2006-03-13 22:58 - 00000300 ___SH () C:\Dokumente und Einstellungen\Gerhard\ntuser.ini
2014-08-18 16:02 - 2009-10-30 14:03 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Lokale Einstellungen\Anwendungsdaten\FreePDF_XP
2014-08-18 16:02 - 2009-10-30 12:58 - 00015721 _____ () C:\fpRedmon.log
2014-08-18 13:23 - 2012-03-30 17:49 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-18 13:23 - 2011-05-13 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-18 13:22 - 2014-05-03 16:04 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\HpUpdate
2014-08-13 18:28 - 2006-03-13 23:24 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-11 19:18 - 2011-08-15 12:07 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Skype
2014-08-11 18:12 - 2012-11-17 15:35 - 00000276 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-11 12:16 - 2014-08-11 12:16 - 00000000 ____D () C:\Programme\Gemeinsame Dateien\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-11 12:15 - 2014-08-11 12:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-08-11 12:15 - 2014-08-11 12:15 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Programme\Java
2014-08-11 12:15 - 2014-08-11 12:15 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2014-08-10 13:21 - 2008-06-03 19:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\Mp3tag
2014-08-09 18:35 - 2007-09-26 21:49 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-09 12:00 - 2014-02-23 19:49 - 00000718 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\calibre - E-book management.lnk
2014-08-09 12:00 - 2014-02-23 19:49 - 00000000 ____D () C:\Programme\Calibre2
2014-08-09 12:00 - 2014-02-23 19:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\calibre - E-book Management
2014-08-08 08:37 - 2011-08-15 12:07 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2014-08-07 12:43 - 2014-05-02 19:37 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2
2014-08-04 08:25 - 2006-03-14 01:04 - 00000000 ____D () C:\Temp
2014-08-01 16:53 - 2010-03-14 20:11 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2999297034-267916414-2314848737-1005.job
2014-07-30 19:12 - 2014-08-13 19:55 - 00454443 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140813-195521.backup
2014-07-29 19:54 - 2014-07-30 19:12 - 00454441 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140730-191201.backup
2014-07-29 19:53 - 2006-03-14 04:21 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\SapWorkDir
2014-07-28 10:31 - 2008-06-12 17:32 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-25 07:26 - 2010-11-14 12:04 - 00000000 ____D () C:\Programme\Microsoft Silverlight
2014-07-24 18:03 - 2010-11-14 12:04 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
2014-07-23 18:19 - 2012-04-25 10:40 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-07-22 18:58 - 2014-07-22 18:58 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-07-21 17:53 - 2014-02-23 19:49 - 00000000 ____D () C:\Dokumente und Einstellungen\Gerhard\Anwendungsdaten\calibre
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
Wenn ich auf das Fenster klicke habe ich nur die Sanduhr und im Fenstertitel steht "(Keine Rückmeldung)". Ist eine so lange Laufzeit normal? Danke schon mal für Eure Unterstützung! Ich habe leider keine Funktion zum Editieren meines Beitrages gefunden.... Nach über 1 Stunde Laufzeit hier der GMER-Log: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-20 00:23:24
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD2500JS-75NCB1 rev.10.02E01 232,83GB
Running: 5leezu75.exe; Driver: C:\DOKUME~1\GB63\LOKALE~1\Temp\fwldqpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xB058FBA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xB0590684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xB05D4D80]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xB059C6F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xB059C744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xB059C8DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xB05D4734]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xB059C666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xB059C788]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xB059C6AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xB0590BBA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xB059C898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xB0591472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xB058FC0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xB05D5446]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xB05D56FC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xB0594C68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xB05D52B1]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xB05D511C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xB058F7F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xB0905ED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xB058FC72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xB059505E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xB0591F5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xB059C722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xB059C766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xB059C902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xB05D4A90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xB059C68C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xB0594560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xB059C816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xB059C6D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xB059494C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xB059C8BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xB0905C6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xB05D4F97]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xB0591DCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xB05D4DE9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xB0591924]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xB0913E1A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xB05D3D77]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xB058FCD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xB058FD3E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xB05912EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xB058F892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xB058FA64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xB05D554D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xB058F9F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xB059163C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xB059179E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xB058FAEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xB059112A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xB05912CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xB058FDA4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xB05906E0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2E0C 805046F4 2 Bytes [F8, F7]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F4C 80504834 4 Bytes [E9, 4D, 5D, B0]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [D8, FC, 58, B0, 3E, FD, 58, ...] {FDIVR ST0, ST4; POP EAX; MOV AL, 0x3e; STD ; POP EAX; MOV AL, 0xec; ADC BL, [ECX-0x50]}
.text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [3C, 16, 59, B0, 9E, 17, 59, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL B059262B \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[400] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastUI.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[536] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[536] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\bin\btwdins.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[928] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[928] kernel32.dll!SetUnhandledExceptionFilter 7C844EE5 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\IoctlSvc.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\IoctlSvc.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1076] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1076] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDTray.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1356] KERNEL32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\SYSTEM32\winlogon.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1672] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Hp\HP Software Update\HPWuSchd2.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Hp\HP Software Update\HPWuSchd2.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Windows Desktop Search\WindowsSearch.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Windows Desktop Search\WindowsSearch.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2072] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe[2072] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2132] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\TeamViewer\Version9\TeamViewer_Service.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Palm\Hotsync.exe[2332] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Palm\Hotsync.exe[2332] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!??2@YAPAXI@Z 77BF9CC5 5 Bytes JMP 0A93C080 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!??3@YAXPAX@Z 77BF9CDD 5 Bytes JMP 0A93C0E0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77BF9D9F 5 Bytes JMP 0A93C110 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_offset_malloc 77BF9DAF 5 Bytes JMP 0A93BFE0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_free 77BF9E33 5 Bytes JMP 0A93C0E0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_malloc 77BF9E52 5 Bytes JMP 0A93BFC0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_offset_realloc 77BF9E6E 5 Bytes JMP 0A93C020 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_aligned_realloc 77BF9FC6 5 Bytes JMP 0A93C000 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_expand 77BF9FE5 5 Bytes JMP 0A93BFA0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapadd 77BFBC9F 5 Bytes JMP 0A93C160 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapchk 77BFBCB3 5 Bytes JMP 0A93C170 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapset + 1 77BFBD83 4 Bytes JMP 0A93C191 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapmin 77BFBD8C 5 Bytes JMP 0A93C260 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapused 77BFBE3A 5 Bytes JMP 0A93C230 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_heapwalk 77BFBE4D 5 Bytes JMP 0A93C1A0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!_msize 77BFBF6C 5 Bytes JMP 0A93BEB0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!calloc 77BFC0C3 5 Bytes JMP 0A93BE50 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!free 77BFC21B 5 Bytes JMP 0A93C0E0 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!malloc 77BFC407 5 Bytes JMP 0A93BE10 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\Palm\Hotsync.exe[2332] msvcrt.dll!realloc 77BFC437 5 Bytes JMP 0A93BE90 C:\Programme\Palm\SHW32.DLL
.text C:\Programme\TomTom HOME 2\TomTomHOMEService.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\TomTom HOME 2\TomTomHOMEService.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe[2376] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe[2376] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE[2476] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE[2476] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\vmnat.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\vmnat.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2556] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[2556] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text C:\WINDOWS\system32\SearchIndexer.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\VMware\VMware Player\vmware-authd.exe[2672] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\VMware\VMware Player\vmware-authd.exe[2672] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\BTTray.exe[2860] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Belkin\Bluetooth Software\BTTray.exe[2860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2872] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\vmnetdhcp.exe[3020] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\vmnetdhcp.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\stsystra.exe[3408] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\stsystra.exe[3408] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3480] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3480] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[3576] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3788] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3788] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Logitech\SetPoint\SetPoint.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Logitech\SetPoint\SetPoint.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3868] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe[3868] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\FreePDF_XP\fpassist.exe[3916] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\FreePDF_XP\fpassist.exe[3916] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\VMware\VMware Player\hqtray.exe[3996] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\VMware\VMware Player\hqtray.exe[3996] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[4016] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[4016] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe[4028] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe[4028] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
.text C:\Dokumente und Einstellungen\Gerhard\Desktop\5leezu75.exe[5432] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Gerhard\Desktop\5leezu75.exe[5432] kernel32.dll!GetBinaryTypeW + 80 7C869AB4 1 Byte [62]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
Device \Driver\usbehci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
Device \Driver\usbhub \Device\USBPDO-6 ctxusbm.sys
Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-7 ctxusbm.sys
Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys
Device \Driver\usbhub \Device\00000078 ctxusbm.sys
Device \Driver\usbhub \Device\00000078 hcmon.sys
Device \Driver\usbhub \Device\00000079 ctxusbm.sys
Device \Driver\usbhub \Device\00000079 hcmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a ctxusbm.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbhub \Device\0000007b ctxusbm.sys
Device \Driver\usbhub \Device\0000007b hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbhub \Device\0000007c ctxusbm.sys
Device \Driver\usbhub \Device\0000007c hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys
Device \FileSystem\Fastfat \Fat AC55ED20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Irgendwas ist da schon komisch.... Nachdem ich diese 3 Programm für die Logs installiert und ausgeführt habe (FRST habe ich abgebrochen, da keine Rückmeldung nach 1 Stunde) habe ich mal meinen PC neu gestartet. Das dauert jetzt EWIG und ich habe eine permanenten CPU-Auslastung von über 50 % !!!! Was ist da jetzt passiert? Auch das Hochfahren meines PCs und bis man angemeldet ist und die Maus reagiert dauert jetzt auf einmal EWIG (ca. 10 Minuten)! Das kann doch nicht normal sein... :-(( |
![Windows XP Avast: Win32:Evo-gen [Susp]](iconimages/log-analyse-auswertung/windows-xp-avast-win32-evo-gen-susp_ltr.gif)
Baum-Darstellung