| |
| |||||||
Log-Analyse und Auswertung: Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.09.2014, 18:54
| #1 |
| |  Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? Hallo, habe gestern in einer mail: "Stornierten Lastschrift Ihrer Bestellung Ebay vom 24.09.2014.zip" die .zip-Datei geöffnet. Das zip-programm wurde aber nicht gestartet. Es kam noch eine kurze Meldung. In etwa: "Änderungen werden erst nach einem Neustart aktiv" Ich habe die Befürchtung, dass jetzt ein Schadprogramm auf dem Rechner ist. Vielen Dank für eure Hilfe Tom FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by tom_2 (ATTENTION: The logged in user is not administrator) on LENO on 26-09-2014 18:03:01
Running from C:\Dokumente und Einstellungen\tom_2\Desktop
Loaded Profile: tom_2 (Available profiles: tom & tom_2 & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 6
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) E:\Programme_Tom\avast\AvastSvc.exe
(Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) E:\Programme_Tom\Java\jre7\bin\jqs.exe
(Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ricoh co.,Ltd.) C:\Programme\RotateImage\RCIMGDIR.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) E:\Programme_Tom\avast\avastui.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPEnh.exe
(SlySoft, Inc.) E:\Programme_Tom\CloneCD\CloneCDTray.exe
(Safer-Networking Ltd.) C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Synaptics Incorporated) C:\Programme\Synaptics\SynTP\SynTPLpr.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Programme\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RotateImage] => C:\Programme\RotateImage\RCIMGDIR.exe [31744 2008-10-30] (Ricoh co.,Ltd.)
HKLM\...\Run: [StartCCC] => C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Programme_Tom\avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM\...\Run: [SynTPEnh] => C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [CloneCDTray] => E:\Programme_Tom\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM\...\Run: [SDTray] => C:\Programme\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Winsol_Autostart.lnk
ShortcutTarget: Winsol_Autostart.lnk -> C:\Programme\Technische Alternative_temp\Winsol\Winsol.exe (Technische Alternative GmbH)
Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Programme\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Dokumente und Einstellungen\tom_2\Startmenü\Programme\Autostart\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programme_Tom\avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Programme_Tom\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme_Tom\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://ftp-01.juwi.de/COM/MOVEitUploadWizard7.0.0.ocx
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1&systemid=413&v=a9397-124&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=2281384138734685&o=APN10649&q=
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*'))%20%7B%20return%20'PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> E:\Programme_Tom\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> E:\Programme_Tom\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\youtubeunblocker@unblocker.yt [2014-08-10]
FF Extension: Tradesignal Online Chart - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2014-09-04]
FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-09]
FF Extension: Ghostery - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\firefox@ghostery.com.xpi [2014-01-12]
FF Extension: TrackMeNot - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-01-12]
FF Extension: Youtube and more - Easy Video Downloader - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\vdpure@link64.xpi [2014-03-23]
FF Extension: ProxTube - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-08-10]
FF Extension: Readability - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2014-01-12]
FF Extension: NoScript - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-12]
FF Extension: Adblock Plus - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-12]
FF Extension: BetterPrivacy - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-12]
FF Extension: Greasemonkey - C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\Mozilla\Firefox\Profiles\cugkkh27.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Programme_Tom\avast\WebRep\FF
FF Extension: avast! Online Security - E:\Programme_Tom\avast\WebRep\FF [2014-01-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-08-13]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programme_Tom\avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "TlntSvr" service could not be unlocked. <===== ATTENTION
Locked "WmiApRpl" service could not be unlocked. <===== ATTENTION
R2 avast! Antivirus; E:\Programme_Tom\avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)
R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [870672 2011-10-24] (Intel(R) Corporation)
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-11] (Google Inc.)
R2 JavaQuickStarterService; E:\Programme_Tom\Java\jre7\bin\jqs.exe [182696 2014-01-22] (Oracle Corporation)
S3 Microsoft SharePoint Workspace Audit Service; C:\Programme\Microsoft Office\Office14\GROOVE.EXE [31124344 2010-12-28] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-09-25] (Mozilla Foundation)
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4640000 2010-01-09] (Microsoft Corporation)
R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [481552 2011-10-24] (Intel(R) Corporation)
R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [882960 2011-10-24] (Intel(R) Corporation)
R2 SDScannerService; C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 5U875UVC; C:\WINDOWS\System32\DRIVERS\RCUVCMNP.sys [187776 2009-10-23] (Ricoh co.,Ltd.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-01-11] (Cisco Systems, Inc.) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-13] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-13] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-13] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-13] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\WINDOWS\System32\drivers\CHDAU32.sys [822400 2011-09-20] (Conexant Systems Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [250584 2011-10-20] (Intel Corporation)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-09] (GARMIN Corp.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7476864 2011-10-31] (Intel Corporation)
S3 NSNDIS5; C:\WINDOWS\system32\NSNDIS5.SYS [17280 2004-03-24] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 18:03 - 2014-09-26 18:03 - 00020864 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.txt
2014-09-26 18:02 - 2014-09-26 18:03 - 00000000 ____D () C:\FRST
2014-09-26 18:01 - 2014-09-26 17:59 - 01100288 _____ (Farbar) C:\Dokumente und Einstellungen\tom_2\Desktop\FRST.exe
2014-09-25 17:25 - 2014-09-26 17:40 - 00000636 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-25 17:25 - 2014-09-25 17:25 - 00001806 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
2014-09-25 17:25 - 2014-09-25 17:25 - 00001800 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-25 17:25 - 2014-09-25 17:25 - 00000608 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00000438 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-25 17:25 - 2014-09-25 17:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
2014-09-25 17:25 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-09-25 17:24 - 2014-09-25 17:37 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2014-09-25 17:24 - 2014-09-25 17:27 - 00000000 ____D () C:\Programme\Spybot - Search & Destroy 2
2014-09-25 16:33 - 2014-09-25 16:34 - 00000000 ____D () C:\Programme\Mozilla Firefox
2014-09-25 14:58 - 2014-09-25 14:58 - 00048482 _____ () C:\Dokumente und Einstellungen\tom_2\Desktop\Stornierten Lastschrift Ihrer Bestellung Ebay vom 24.09.2014.zip
2014-09-04 21:42 - 2014-09-04 21:43 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\mona_spain2014
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 18:03 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp
2014-09-26 17:47 - 2014-01-11 21:47 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2014-09-26 17:47 - 2014-01-09 20:20 - 00000000 ___RD () C:\Programme
2014-09-26 17:46 - 2014-01-09 21:05 - 00359993 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-26 17:42 - 2014-06-28 13:11 - 00000530 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job
2014-09-26 17:40 - 2014-07-25 19:15 - 00000041 ___SH () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
2014-09-26 17:40 - 2014-01-09 20:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-26 17:39 - 2014-01-12 19:13 - 00000334 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-26 17:39 - 2014-01-11 22:55 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 17:39 - 2014-01-09 21:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-26 17:39 - 2014-01-09 20:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-26 17:39 - 2014-01-09 20:18 - 00295664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-26 17:39 - 2001-08-18 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-25 17:30 - 2014-01-11 22:55 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 17:27 - 2014-01-09 21:10 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService
2014-09-25 17:25 - 2014-01-09 20:20 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2014-09-20 19:55 - 2014-06-15 14:27 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Anwendungsdaten\vlc
2014-09-16 22:30 - 2014-01-09 21:10 - 00032490 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-16 18:01 - 2014-01-20 17:50 - 00451534 _____ () C:\WINDOWS\setupapi.log
2014-09-14 19:35 - 2014-01-13 21:04 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\vertrag
2014-09-13 23:16 - 2014-01-12 22:23 - 00000868 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Winsol.lnk
2014-09-13 22:18 - 2014-01-12 11:10 - 00000190 ___SH () C:\Dokumente und Einstellungen\tom_2\ntuser.ini
2014-09-13 22:18 - 2014-01-12 11:10 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2
2014-09-01 18:26 - 2014-08-10 21:01 - 00000000 ____D () C:\Dokumente und Einstellungen\tom_2\Desktop\Bogenschießen pcad4
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\BackupSetup.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\f.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\fp_pl_pfs_installer.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\JDSetup130502788374062500.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsb10A5.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsd109F.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsh109C.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsh1FA.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsi1FD.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsk10A2.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsm203.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\nsp200.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\PreExe_ID_13667.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\ReimageRepair.exe
C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by tom_2 at 2014-09-26 18:03:28
Running from C:\Dokumente und Einstellungen\tom_2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{D0DD9271-E741-B7B5-90F7-5A65DAD3C4D0}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0825.2146.37182 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Dutch (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help English (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help French (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help German (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Italian (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Japanese (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Korean (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Spanish (Version: 2010.0825.2145.37182 - ATI) Hidden
CCC Help Swedish (Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0825.2146.37182 - ATI) Hidden
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 3.64.15.0 - Conexant)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM\...\{D02220CE-1475-4F0F-9F12-251161999D53}) (Version: 6.16.2 - Garmin Ltd or its subsidiaries)
Garmin Trip and Waypoint Manager v5 (HKLM\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.32.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.32.500.0 - RICOH)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{C8005A7B-9638-41DD-B83B-AF277754E211}) (Version: 14.03.0000 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKCU\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Memory Manager 2.08 (HKLM\...\Memory Manager_is1) (Version: 2.08 - Technische Alternative GmbH)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C314CE45-3392-3B73-B4E1-139CD41CA933}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (HKLM\...\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (German) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MultiBit 0.5.16 (HKLM\...\MultiBit 0.5.16) (Version: 0.5.16 - )
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera Stable 24.0.1558.64 (HKCU\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Skins (Version: 2010.0825.2146.37182 - ATI) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TA-Designer 1.08 (HKLM\...\TA-Designer_is1) (Version: 1.08 - Technische Alternative GmbH)
TAPPS 1.29 DE (HKLM\...\TAPPS DE_is1) (Version: 1.29 - Technische Alternative GmbH)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkPad Wireless LAN Adapter Software (HKLM\...\{556B23E2-30FF-4133-98F4-01494446DF2B}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winsol 2.01 (HKLM\...\Winsol_is1) (Version: 2.01 - Technische Alternative GmbH)
XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-18 13:00 - 2001-08-18 13:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => ?
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1403953864.job => C:\Dokumente und Einstellungen\tom_2\Lokale Einstellungen\Anwendungsdaten\Programs\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => ?
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => ?
==================== Loaded Modules (whitelisted) =============
2014-01-12 19:13 - 2014-07-13 19:25 - 00301152 _____ () E:\Programme_Tom\avast\aswProperty.dll
2014-09-26 17:42 - 2014-09-26 17:42 - 02867200 _____ () E:\Programme_Tom\avast\defs\14092600\algo.dll
2014-09-25 17:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-25 17:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-25 17:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-25 17:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-25 17:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-12 19:13 - 2014-07-13 19:25 - 19329904 _____ () E:\Programme_Tom\avast\libcef.dll
2012-08-10 17:51 - 2014-01-19 19:14 - 00985088 _____ () C:\Programme\OpenOffice.org 3\program\libxml2.dll
2010-03-16 13:22 - 2010-03-16 13:22 - 00014848 _____ () C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2010-08-26 18:15 - 2010-08-26 18:15 - 00016384 ____R () C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 22:44 - 2010-08-25 22:44 - 00270336 _____ () C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS:D5FDA57425BD8A82
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-507921405-776561741-1417001333-500 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\Administrator
ASPNET (S-1-5-21-507921405-776561741-1417001333-1005 - Enabled - Status: OK)
Gast (S-1-5-21-507921405-776561741-1417001333-501 - Disabled - Status: Degraded)
Hilfeassistent (S-1-5-21-507921405-776561741-1417001333-1000 - Disabled - Status: Degraded)
SUPPORT_388945a0 (S-1-5-21-507921405-776561741-1417001333-1002 - Disabled - Status: Degraded)
tom (S-1-5-21-507921405-776561741-1417001333-1003 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\tom
tom_2 (S-1-5-21-507921405-776561741-1417001333-1004 - Enabled - Status: OK) => %SystemDrive%\Dokumente und Einstellungen\tom_2
==================== Faulty Device Manager Devices =============
Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ThinkPad Bluetooth with Enhanced Data Rate II
Description: ThinkPad Bluetooth with Enhanced Data Rate II
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Modemgerät auf High Definition Audio-Bus
Description: Modemgerät auf High Definition Audio-Bus
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/26/2014 05:40:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (09/14/2014 02:15:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlgeschlagene Anwendung syntpenh.exe, Version 16.2.19.13, fehlgeschlagenes Modul syntpenh.exe, Version 16.2.19.13, Fehleradresse 0x000a5f72.
Das medienspezifische Ereignis für [syntpenh.exe!ws!] wird verarbeitet.
Error: (08/15/2014 02:12:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 31.0.0.5310, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/23/2014 06:59:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (07/19/2014 11:27:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.
.
Error: (06/28/2014 01:10:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: LENO)
Description: Produkt: Google SketchUp 8 -- Sie können dieses Produkt nur als Administrator installieren.
Error: (06/25/2014 02:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/25/2014 02:09:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/25/2014 02:08:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Stillstehende Anwendung firefox.exe, Version 30.0.0.5269, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (06/01/2014 09:21:20 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.
.
System errors:
=============
Error: (09/26/2014 05:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/26/2014 05:39:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service.
Error: (09/26/2014 05:39:24 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2
Error: (09/20/2014 09:01:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst stisvc.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 3065.95 MB
Available physical RAM: 2216.35 MB
Total Pagefile: 4951.58 MB
Available Pagefile: 4164.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.59 GB) (Free:13.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:90.45 GB) (Free:53.54 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-26 19:40:40
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_HTS542516K9SA00 rev.BBCZC3HP 149,05GB
Running: Gmer-19357.exe; Driver: C:\DOKUME~1\tom\LOKALE~1\Temp\pxtdapog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0xAB948BA6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0xAB949684]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwClose [0xAB98DD80]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0xAB9556F8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0xAB955744]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0xAB9558DE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateKey [0xAB98D734]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0xAB955666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0xAB955788]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0xAB9556AE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0xAB949BBA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0xAB955898]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0xAB94A472]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0xAB948C0C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteKey [0xAB98E446]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteValueKey [0xAB98E6FC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0xAB94DC68]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateKey [0xAB98E2B1]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwEnumerateValueKey [0xAB98E11C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0xAB9487F8]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0xABBECED0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0xAB948C72]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0xAB94E05E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0xAB94AF5A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0xAB955722]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0xAB955766]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0xAB955902]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenKey [0xAB98DA90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0xAB95568C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0xAB94D560]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0xAB955816]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0xAB9556D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0xAB94D94C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0xAB9558BC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0xABBECC6E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryKey [0xAB98DF97]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0xAB94ADCE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryValueKey [0xAB98DDE9]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThread [0xAB94A924]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwRenameKey [0xABBFAE1A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwRestoreKey [0xAB98CD77]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0xAB948CD8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0xAB948D3E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0xAB94A2EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0xAB948892]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0xAB948A64]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetValueKey [0xAB98E54D]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0xAB9489F2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0xAB94A63C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0xAB94A79E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0xAB948AEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0xAB94A12A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0xAB94A2CC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0xAB948DA4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0xAB9496E0]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2E88 80504714 4 Bytes JMP AAFBDFF6
.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [D8, 8C, 94, AB, 3E, 8D, 94, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [3C, A6, 94, AB, 9E, A7, 94, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL AB94B62B \SystemRoot\system32\drivers\aswSnx.sys
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8FEC000, 0x273B67, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\EvtEng.exe[112] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[320] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[320] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.bin[512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.bin[512] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[996] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[996] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1548] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Intel\WiFi\bin\S24EvMon.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1632] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1844] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\Java\jre7\bin\jqs.exe[1888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\Java\jre7\bin\jqs.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[1944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\avast\AvastSvc.exe[1976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\avast\AvastSvc.exe[1976] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text E:\Programme_Tom\avast\AvastSvc.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe[2248] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2456] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\RotateImage\RCIMGDIR.exe[2684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\RotateImage\RCIMGDIR.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2772] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2772] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\avast\AvastUI.exe[2780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\avast\AvastUI.exe[2780] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text E:\Programme_Tom\avast\AvastUI.exe[2780] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text E:\Programme_Tom\CloneCD\CloneCDTray.exe[2908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text E:\Programme_Tom\CloneCD\CloneCDTray.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3096] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3132] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3132] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3188] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3804] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer-19357.exe[3836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Dokumente und Einstellungen\tom_2\Desktop\Gmer-19357.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.exe[3964] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\OpenOffice.org 3\program\soffice.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 78133
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@LeaseObtainedTime 1411750849
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@T1 1411752649
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@T2 1411753999
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}@LeaseTerminatesTime 1411754449
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@LeaseObtainedTime 1411750849
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@T1 1411752649
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@T2 1411753999
Reg HKLM\SYSTEM\CurrentControlSet\Services\{CB7C03D9-625C-478B-92FF-34AC013E1FC3}\Parameters\Tcpip@LeaseTerminatesTime 1411754449
---- EOF - GMER 2.1 ----
|
| Themen zu Win XP: Mailanhang .zip geöffnet - war aber keine gezipte Datei - pishing? |
| antivirus, branding, browser, downloader, einstellungen, fehlercode 28, flash player, homepage, mailanhang, mozilla, pup.optional.alexatb.a, pup.optional.ask.a, pup.optional.clientconnect, pup.optional.softonic.a, refresh, registry, safer networking, security, software, svchost.exe, vcredist, win32/cnetinstaller.b, win32/downloadsponsor.a, win32/installmonetizer.aq, win32/softonicdownloader.f, win32/toolbar.babylon.c, windows, windows xp |
Baum-Darstellung