Liste der Anhänge anzeigen (Anzahl: 1) Hallo!
Nein, keine mir sichtbaren Probleme mehr, scheint alles in Ordnung.
Vielen Vielen Dank dafür!
Ich hab sicherheitshalber noch mal Scans mit den Programmen gemacht und auf mich macht es den Eindruck, als ob alles o.k. ist:
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2013 02
Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files\MusicIP Mixer\MusicMagicServer.exe
() C:\Program Files\QNAP\Finder\iSCSIAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avid Technology, Inc.) C:\Windows\System32\MAFWTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Radian) C:\Program Files\Radian\Radian.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NesterSoft Inc.) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe
(Microsoft Corporation) C:\Windows\System32\tcpsvcs.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] ()
HKLM\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] ()
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe [254256 2012-01-24] (Avid Technology, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11877448 2013-02-26] (Realtek Semiconductor)
HKCU\...\Run: [Radian] C:\Program Files\Radian\Radian.exe [712704 2011-11-19] (Radian)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TimeLeft.exe (NesterSoft Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: FoxLingo - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF Extension: adblockpopups - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: copyplaintext - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\copyplaintext@teo.pl.xpi
FF Extension: extended.copy.menu - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\extended.copy.menu@fix.version.xpi
FF Extension: firefox1 - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\firefox1@myibay.com.xpi
FF Extension: printedit - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\printedit@DW-dev.xpi
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\Extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-14] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-14] (Microsoft Corporation)
R2 MusicIP Server; C:\Program Files\MusicIP Mixer\MusicMagicServer.exe [3059712 2008-07-18] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [99968 2009-02-08] (Guillemot Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [195888 2012-01-24] (Avid Technology, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-04-22] ()
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
U3 Bonjour Service;
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-04 13:10 - 2013-06-04 13:11 - 05077441 ____A (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2013-06-04 13:10 - 2013-06-04 13:10 - 00000000 ____D C:\FRST
2013-06-04 13:09 - 2013-06-04 13:09 - 00377856 ____A C:\Users\Admin\Desktop\gmer_2.1.19163.exe
2013-06-04 13:08 - 2013-06-04 13:08 - 01356205 ____A (Farbar) C:\Users\Admin\Desktop\FRST.exe
2013-06-03 23:08 - 2013-06-03 23:08 - 00000000 ____D C:\Windows\ERUNT
2013-06-03 22:25 - 2013-06-03 22:25 - 00000000 ____D C:\Program Files\Hercules
2013-06-03 22:25 - 2006-08-01 12:31 - 03600384 ____A C:\Windows\ffmpeg.exe
2013-06-03 22:18 - 2013-06-03 22:18 - 00000000 ____D C:\Windows\System32\RTCOM
2013-06-03 22:17 - 2013-02-26 20:42 - 02614216 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHDA.sys
2013-06-03 22:17 - 2013-02-26 18:04 - 00429097 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-06-03 22:17 - 2013-02-26 13:30 - 03229768 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO.dll
2013-06-03 22:17 - 2013-02-21 16:11 - 00108616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoInstII.dll
2013-06-03 22:17 - 2013-02-20 10:55 - 00858176 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-06-03 22:17 - 2013-02-19 18:52 - 00765000 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApoApi.dll
2013-06-03 22:17 - 2013-02-19 15:11 - 02493512 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkPgExt.dll
2013-06-03 22:17 - 2013-02-08 15:36 - 03155536 ____A C:\Windows\System32\Drivers\rtvienna.dat
2013-06-03 22:17 - 2013-02-05 20:32 - 01596488 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSndMgr.cpl
2013-06-03 22:17 - 2013-02-02 21:30 - 01821976 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2013-06-03 22:17 - 2013-01-17 06:05 - 00681240 ____A (SRS Labs, Inc.) C:\Windows\System32\slcnt32.dll
2013-06-03 22:17 - 2013-01-17 06:05 - 00548632 ____A (SRS Labs, Inc.) C:\Windows\System32\sltech32.dll
2013-06-03 22:17 - 2013-01-17 06:05 - 00338200 ____A (SRS Labs, Inc.) C:\Windows\System32\sl3apo32.dll
2013-06-03 22:17 - 2013-01-17 06:05 - 00186136 ____A (TODO: <Company name>) C:\Windows\System32\slprp32.dll
2013-06-03 22:17 - 2012-01-30 11:42 - 00819648 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo2.dll
2013-06-03 22:17 - 2012-01-10 10:20 - 00058264 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\TepeqAPO.dll
2013-06-03 22:17 - 2011-11-22 16:28 - 00013416 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR.dll
2013-06-03 22:17 - 2011-09-02 14:21 - 00214368 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK.dll
2013-06-03 22:17 - 2011-09-02 14:21 - 00074080 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM.dll
2013-06-03 22:17 - 2011-09-02 14:21 - 00068960 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO.dll
2013-06-03 22:17 - 2011-03-17 12:16 - 01379760 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2013-06-03 22:17 - 2011-03-07 17:03 - 00134584 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2013-06-03 22:17 - 2010-11-08 07:31 - 00359768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32A.dll
2013-06-03 22:17 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT32.dll
2013-06-03 22:17 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA32.dll
2013-06-03 22:17 - 2010-11-08 07:31 - 00170840 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32A.dll
2013-06-03 22:17 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32A.dll
2013-06-03 22:17 - 2010-11-08 07:31 - 00064856 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32A.dll
2013-06-03 22:17 - 2009-11-24 09:55 - 00345328 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSXT.dll
2013-06-03 22:17 - 2009-11-24 09:55 - 00185584 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSHD.dll
2013-06-03 22:17 - 2009-11-24 09:55 - 00173296 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP360.dll
2013-06-03 22:17 - 2009-11-24 09:55 - 00140528 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW.dll
2013-06-03 22:17 - 2009-11-18 18:42 - 01783056 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesLib.dll
2013-06-03 22:16 - 2013-02-26 16:41 - 19089920 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes.dat
2013-06-03 22:16 - 2013-02-02 21:30 - 01652504 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek2.dll
2013-06-03 22:16 - 2013-02-02 21:30 - 00774424 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell.dll
2013-06-03 22:16 - 2013-02-02 21:29 - 13723416 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2013-06-03 22:16 - 2013-01-22 01:41 - 00178240 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTACap.dll
2013-06-03 22:16 - 2013-01-17 19:32 - 00639256 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO50.dll
2013-06-03 22:16 - 2013-01-15 10:33 - 02376736 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO.dll
2013-06-03 22:16 - 2012-12-17 17:49 - 01931208 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2013-06-03 22:16 - 2012-12-12 11:17 - 00350664 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2013-06-03 22:16 - 2012-10-02 14:39 - 00426952 ____A (DTS) C:\Windows\System32\DTSU2PLFX32.dll
2013-06-03 22:16 - 2012-10-02 14:39 - 00402888 ____A (DTS) C:\Windows\System32\DTSU2PGFX32.dll
2013-06-03 22:16 - 2012-10-02 14:39 - 00346056 ____A (DTS) C:\Windows\System32\DTSU2PREC32.dll
2013-06-03 22:16 - 2012-09-10 20:06 - 00549240 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO40.dll
2013-06-03 22:16 - 2012-08-31 19:17 - 07162128 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP32A.dll
2013-06-03 22:16 - 2012-08-31 19:17 - 00352016 ____A (Dolby Laboratories) C:\Windows\System32\R4EED32A.dll
2013-06-03 22:16 - 2012-08-31 19:17 - 00106768 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL32A.dll
2013-06-03 22:16 - 2012-08-31 19:17 - 00091920 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA32A.dll
2013-06-03 22:16 - 2012-08-31 19:17 - 00062224 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG32A.dll
2013-06-03 22:16 - 2012-07-15 21:13 - 00349048 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-06-03 22:16 - 2012-06-20 17:26 - 00090624 ____A (Real Sound Lab SIA) C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2013-06-03 22:16 - 2012-03-08 11:47 - 00095840 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTARen.dll
2013-06-03 22:16 - 2011-08-23 17:00 - 00357712 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 01509480 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 01292904 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 01220200 ____A (DTS) C:\Windows\System32\DTSBoostDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00654952 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00631400 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00601704 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00458344 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00389736 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00375400 ____A (DTS) C:\Windows\System32\DTSLimiterDLL.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00218728 ____A (DTS) C:\Windows\System32\DTSGFXAPONS.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00218728 ____A (DTS) C:\Windows\System32\DTSGFXAPO.dll
2013-06-03 22:16 - 2011-05-31 09:42 - 00218216 ____A (DTS) C:\Windows\System32\DTSLFXAPO.dll
2013-06-03 22:16 - 2010-09-27 09:34 - 00232792 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2013-06-03 22:16 - 2009-12-04 15:43 - 00132368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO.dll
2013-06-03 19:52 - 2013-06-04 10:59 - 00004118 ____A C:\Windows\PFRO.log
2013-06-03 19:50 - 2010-11-20 10:39 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2013-06-03 19:48 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-03 19:48 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-03 19:48 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-03 19:48 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-03 19:48 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-03 19:48 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-03 19:48 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-03 19:48 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-03 19:46 - 2013-06-04 13:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-03 19:42 - 2013-06-03 20:05 - 00000000 ____D C:\Windows\erdnt
2013-06-03 18:46 - 2013-06-03 18:46 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-03 17:56 - 2013-06-03 17:56 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-03 17:08 - 2013-06-03 17:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\EFSoftware
2013-06-03 15:55 - 2013-06-03 15:55 - 00001077 ____A C:\Users\Admin\Desktop\Advanced CheckSum Verifier.lnk
2013-06-03 15:55 - 2013-06-03 15:55 - 00000000 ____D C:\Program Files\Advanced CheckSum Verifier
2013-06-03 14:25 - 2013-05-03 01:17 - 01138688 ___AS (Digital-Tronic) C:\Windows\System32\HashControls.ocx
2013-06-03 14:25 - 2013-04-04 04:15 - 00286720 ___AS (Digital-Tronic) C:\Windows\System32\FileHash.dll
2013-06-03 14:25 - 2005-07-17 08:21 - 00128736 ___AS (Karen Kenworthy) C:\Windows\System32\PTHash.dll
2013-06-03 14:25 - 1998-06-09 00:00 - 00137216 ___AS (Microsoft Corporation) C:\Windows\System32\MSDERUN.DLL
2013-05-17 22:39 - 2013-05-17 22:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 12:16 - 2013-06-04 13:01 - 00008225 ____A C:\Windows\setupact.log
2013-05-17 12:16 - 2013-05-17 12:16 - 00000000 ____A C:\Windows\setuperr.log
2013-05-15 14:40 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 14:40 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 14:40 - 2013-04-05 07:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 14:40 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 14:40 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 14:40 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 14:40 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 14:39 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 14:10 - 2013-04-10 05:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 14:10 - 2013-03-19 06:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 14:10 - 2013-03-19 05:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:09 - 2013-02-27 07:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 14:09 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 14:09 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 14:09 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 14:09 - 2013-02-27 06:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 14:08 - 2013-04-10 07:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 14:08 - 2013-04-10 07:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-14 16:06 - 2013-05-14 16:06 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Brother
2013-05-13 17:30 - 2013-05-13 17:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Wuala
2013-05-13 17:30 - 2013-05-13 17:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Wuala
2013-05-05 13:09 - 2013-05-05 13:09 - 00000000 ____D C:\Program Files\M-Audio
2013-05-05 13:08 - 2013-05-05 13:08 - 00000000 ____D C:\ProgramData\AVID
==================== One Month Modified Files and Folders ========
2013-06-04 13:11 - 2013-06-04 13:10 - 05077441 ____A (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2013-06-04 13:10 - 2013-06-04 13:10 - 00000000 ____D C:\FRST
2013-06-04 13:09 - 2013-06-04 13:09 - 00377856 ____A C:\Users\Admin\Desktop\gmer_2.1.19163.exe
2013-06-04 13:09 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-04 13:09 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-04 13:08 - 2013-06-04 13:08 - 01356205 ____A (Farbar) C:\Users\Admin\Desktop\FRST.exe
2013-06-04 13:04 - 2012-08-06 18:59 - 00554234 ____A C:\Windows\WindowsUpdate.log
2013-06-04 13:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\inetsrv
2013-06-04 13:01 - 2013-06-03 19:46 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 13:01 - 2013-05-17 12:16 - 00008225 ____A C:\Windows\setupact.log
2013-06-04 10:59 - 2013-06-03 19:52 - 00004118 ____A C:\Windows\PFRO.log
2013-06-03 23:08 - 2013-06-03 23:08 - 00000000 ____D C:\Windows\ERUNT
2013-06-03 22:59 - 2013-05-01 11:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-03 22:49 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-03 22:25 - 2013-06-03 22:25 - 00000000 ____D C:\Program Files\Hercules
2013-06-03 22:25 - 2012-08-06 23:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-03 22:22 - 2012-08-09 15:57 - 00000000 ____D C:\Program Files\Realtek
2013-06-03 22:18 - 2013-06-03 22:18 - 00000000 ____D C:\Windows\System32\RTCOM
2013-06-03 22:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-03 20:13 - 2012-08-07 00:07 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AIMP3
2013-06-03 20:05 - 2013-06-03 19:42 - 00000000 ____D C:\Windows\erdnt
2013-06-03 20:05 - 2009-07-14 04:37 - 00000000 __RHD C:\users\Default
2013-06-03 20:05 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-03 19:54 - 2012-08-07 14:03 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2013-06-03 19:51 - 2009-07-14 04:03 - 31457280 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-03 19:51 - 2009-07-14 04:03 - 15728640 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-03 19:51 - 2009-07-14 04:03 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-03 19:51 - 2009-07-14 04:03 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-03 19:51 - 2009-07-14 04:03 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-06-03 19:50 - 2012-08-06 19:12 - 01705646 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 19:46 - 2012-10-23 13:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 18:46 - 2013-06-03 18:46 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-06-03 18:46 - 2012-08-06 19:08 - 00000000 ____D C:\users\Admin
2013-06-03 17:56 - 2013-06-03 17:56 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-03 17:33 - 2013-01-06 15:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mp3tag
2013-06-03 17:26 - 2012-08-07 00:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-03 17:26 - 2012-08-07 00:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-03 17:08 - 2013-06-03 17:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\EFSoftware
2013-06-03 15:55 - 2013-06-03 15:55 - 00001077 ____A C:\Users\Admin\Desktop\Advanced CheckSum Verifier.lnk
2013-06-03 15:55 - 2013-06-03 15:55 - 00000000 ____D C:\Program Files\Advanced CheckSum Verifier
2013-06-03 12:48 - 2012-08-07 00:27 - 00000000 ___RD C:\Users\Admin\Desktop\Arbeitsordner
2013-06-02 13:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF
2013-05-28 18:42 - 2012-08-07 00:11 - 00000000 ____D C:\Users\Admin\AppData\Local\Last.fm
2013-05-28 16:39 - 2009-07-14 06:53 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-20 10:21 - 2009-07-14 04:04 - 00002577 ____A C:\Windows\System32\config.nt
2013-05-18 11:33 - 2012-08-24 22:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-17 22:39 - 2013-05-17 22:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 21:51 - 2013-05-01 11:46 - 00000000 ___RD C:\Program Files\Skype
2013-05-17 21:51 - 2013-05-01 11:46 - 00000000 ____D C:\ProgramData\Skype
2013-05-17 17:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-05-17 12:16 - 2013-05-17 12:16 - 00000000 ____A C:\Windows\setuperr.log
2013-05-17 12:13 - 2012-08-14 21:48 - 00000000 ____D C:\Windows\Minidump
2013-05-16 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 09:29 - 2009-07-14 06:33 - 00633920 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 22:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-15 14:32 - 2012-08-07 00:29 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 16:06 - 2013-05-14 16:06 - 00000000 ___RD C:\Users\Admin\AppData\Roaming\Brother
2013-05-14 15:09 - 2012-08-07 00:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2013-05-13 17:34 - 2013-05-13 17:30 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Wuala
2013-05-13 17:30 - 2013-05-13 17:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Wuala
2013-05-09 10:59 - 2013-04-30 19:28 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 10:59 - 2013-04-30 19:28 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 10:59 - 2012-08-06 19:48 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 10:59 - 2012-08-06 19:48 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 10:59 - 2012-08-06 19:48 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 10:59 - 2012-08-06 19:48 - 00061680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 10:59 - 2012-08-06 19:48 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 10:59 - 2012-08-06 19:48 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 10:58 - 2012-08-06 19:47 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 10:58 - 2012-08-06 19:47 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 10:22 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\twain_32
2013-05-05 23:15 - 2012-08-07 00:11 - 00000000 ____D C:\Program Files\Last.fm
2013-05-05 13:09 - 2013-05-05 13:09 - 00000000 ____D C:\Program Files\M-Audio
2013-05-05 13:08 - 2013-05-05 13:08 - 00000000 ____D C:\ProgramData\AVID
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-05-27 14:25
==================== End Of Log ============================ GMER Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-04 13:37:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AVVS-63L2B0 rev.01.03A01 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\awtdrpod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91245644]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x916B7668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x912460D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9125189A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x912518E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91251A80]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91251808]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x916B7A00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91251850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x912465D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x912467F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91251A3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x91246E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x912456AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9124A6AC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x916B7730]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x916B5C80]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91245710]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9124AA76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9124791C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x912518C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91251908]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91251AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9125182E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x91249F92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x912519B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91251878]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9124A384]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91251A5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x916B7890]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x912477E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x912474F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91245776]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x912457DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x91246D06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9124532C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91245502]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91245490]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x91247056]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x912471B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9124558A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x916B7958]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x91246CE6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x916B5CB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91245842]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x916B77DC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x916D0E80]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C44A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7E1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C85220 4 Bytes [44, 56, 24, 91] {INC ESP; PUSH ESI; AND AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C85248 4 Bytes [68, 76, 6B, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C852A8 4 Bytes [D6, 60, 24, 91] {SALC ; PUSHA ; AND AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C852FC 8 Bytes [9A, 18, 25, 91, E6, 18, 25, ...] {CALL FAR 0x2518:0xe6912518; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C85308 4 Bytes [80, 1A, 25, 91] {SBB BYTE [EDX], 0x25; XCHG ECX, EAX}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E12D3D 3 Bytes JMP 916CDD1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject + 4 82E12D41 1 Byte [0E]
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E2B380 5 Bytes JMP 916CF84C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E404DF 4 Bytes CALL 91247FDF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E5A333 4 Bytes CALL 91247FF5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EE4224 7 Bytes JMP 916D0E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94A13000, 0x2BFBF0, 0xE8000020]
.text user32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes [E9, 0A, 5C, AD, 89] {JMP 0x89ad5c0f}
.text user32.dll!UnhookWinEvent 7682B750 5 Bytes [E9, A7, 4C, AD, 89] {JMP 0x89ad4cac}
.text user32.dll!SetWindowsHookExW 7682E30C 5 Bytes [E9, F3, 24, AD, 89] {JMP 0x89ad24f8}
.text user32.dll!SetWinEventHook 768324DC 5 Bytes [E9, 17, DD, AC, 89] {JMP 0x89acdd1c}
.text user32.dll!SetWindowsHookExA 76856D0C 5 Bytes [E9, EF, 98, AA, 89] {JMP 0x89aa98f4}
.text sechost.dll!SetServiceObjectSecurity 76F65181 5 Bytes [E9, 8E, BE, 21, 89] {JMP 0x8921be93}
.text sechost.dll!ChangeServiceConfigA 76F65254 5 Bytes [E9, AB, B5, 21, 89] {JMP 0x8921b5b0}
.text sechost.dll!ChangeServiceConfigW 76F653D5 5 Bytes [E9, 2E, B6, 21, 89] {JMP 0x8921b633}
.text sechost.dll!ChangeServiceConfig2A 76F654C2 5 Bytes [E9, 45, B7, 21, 89] {JMP 0x8921b74a}
.text sechost.dll!ChangeServiceConfig2W 76F655E2 5 Bytes [E9, 29, B8, 21, 89] {JMP 0x8921b82e}
.text sechost.dll!CreateServiceA 76F6567C 5 Bytes [E9, 77, AB, 21, 89] {JMP 0x8921ab7c}
.text sechost.dll!CreateServiceW 76F6589F 5 Bytes [E9, 58, AB, 21, 89] {JMP 0x8921ab5d}
.text sechost.dll!DeleteService 76F65A22 5 Bytes [E9, D9, AB, 21, 89] {JMP 0x8921abde}
.text kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\svchost.exe[112] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[496] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[592] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[600] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[1040] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1128] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text ...
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001703FC
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001701F8
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00300A08
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 003003FC
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00300804
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 003001F8
.text C:\Users\Admin\Desktop\gmer_2.1.19163.exe[1748] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00300600
.text C:\Windows\system32\svchost.exe[1780] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1808] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1876] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1888] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2060] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text ...
.text C:\Windows\system32\SearchIndexer.exe[2804] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\SearchIndexer.exe[2804] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\SearchIndexer.exe[2804] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2804] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[2804] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[2804] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[2804] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[2804] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00100600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2840] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00100A08
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001003FC
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00100804
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001001F8
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3028] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00100600
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[3036] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3280] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3288] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00210600
.text C:\Windows\System32\MAFWTray.exe[3304] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001703FC
.text C:\Windows\System32\MAFWTray.exe[3304] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001701F8
.text C:\Windows\System32\MAFWTray.exe[3304] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\System32\MAFWTray.exe[3304] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\MAFWTray.exe[3304] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001903FC
.text C:\Windows\System32\MAFWTray.exe[3304] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00190804
.text C:\Windows\System32\MAFWTray.exe[3304] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\MAFWTray.exe[3304] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00190600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3344] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00200600
.text C:\Program Files\Radian\Radian.exe[3356] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Radian\Radian.exe[3356] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Radian\Radian.exe[3356] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Program Files\Radian\Radian.exe[3356] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Radian\Radian.exe[3356] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001003FC
.text C:\Program Files\Radian\Radian.exe[3356] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00100804
.text C:\Program Files\Radian\Radian.exe[3356] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001001F8
.text C:\Program Files\Radian\Radian.exe[3356] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00100600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00110804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] USER32.dll!SetWindowsHookExA 76856D0C 3 Bytes JMP 00110600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3376] USER32.dll!SetWindowsHookExA + 4 76856D10 1 Byte [89]
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001D03FC
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001D01F8
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] user32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 002E0A08
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] user32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 002E03FC
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] user32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 002E0804
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] user32.dll!SetWinEventHook 768324DC 5 Bytes JMP 002E01F8
.text C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.exe[3476] user32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 002E0600
.text C:\Windows\System32\tcpsvcs.exe[3624] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\System32\tcpsvcs.exe[3624] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\System32\tcpsvcs.exe[3624] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\System32\tcpsvcs.exe[3624] user32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00150A08
.text C:\Windows\System32\tcpsvcs.exe[3624] user32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001503FC
.text C:\Windows\System32\tcpsvcs.exe[3624] user32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00150804
.text C:\Windows\System32\tcpsvcs.exe[3624] user32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001501F8
.text C:\Windows\System32\tcpsvcs.exe[3624] user32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00150600
.text C:\Windows\System32\snmp.exe[3684] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 001203FC
.text C:\Windows\System32\snmp.exe[3684] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 001201F8
.text C:\Windows\System32\snmp.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\System32\snmp.exe[3684] user32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00150A08
.text C:\Windows\System32\snmp.exe[3684] user32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001503FC
.text C:\Windows\System32\snmp.exe[3684] user32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00150804
.text C:\Windows\System32\snmp.exe[3684] user32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001501F8
.text C:\Windows\System32\snmp.exe[3684] user32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[3712] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[3712] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[3776] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3776] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3776] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3776] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[3776] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\svchost.exe[3776] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[3776] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[3776] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[3832] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[3832] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[3876] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[3876] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[3876] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3876] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\svchost.exe[3876] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001003FC
.text C:\Windows\System32\svchost.exe[3876] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00100804
.text C:\Windows\System32\svchost.exe[3876] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\svchost.exe[3876] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00100600
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000D03FC
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000D01F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00130A08
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001303FC
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00130804
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001301F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4172] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00130600
.text C:\Windows\system32\AUDIODG.EXE[4272] kernel32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4316] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[4316] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[4316] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4316] user32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\svchost.exe[4316] user32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[4316] user32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\svchost.exe[4316] user32.dll!SetWinEventHook 768324DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\svchost.exe[4316] user32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00140600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] ntdll.dll!LdrUnloadDll 76E6C86E 5 Bytes JMP 002203FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] ntdll.dll!LdrLoadDll 76E7223E 5 Bytes JMP 5C629CF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 752C941E 3 Bytes JMP 5CBD5408 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 61 752C9422 3 Bytes [E7, EB, F9] {OUT 0xeb, EAX; STC }
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] KERNEL32.dll!QueryPerformanceCounter + 13 752CC435 3 Bytes JMP 5CBD542B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] KERNEL32.dll!QueryPerformanceCounter + 17 752CC439 3 Bytes [E7, EB, F9] {OUT 0xeb, EAX; STC }
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] KERNEL32.dll!LoadAppInitDlls + 355 752CF4F6 7 Bytes JMP 5C63369E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] KERNEL32.dll!GetBinaryTypeW + 70 752E69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] USER32.dll!UnhookWindowsHookEx 7682ADF9 5 Bytes JMP 00230A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] USER32.dll!UnhookWinEvent 7682B750 5 Bytes JMP 002303FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] USER32.dll!SetWindowsHookExW 7682E30C 5 Bytes JMP 00230804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] USER32.dll!SetWinEventHook 768324DC 5 Bytes JMP 002301F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] USER32.dll!SetWindowsHookExA 76856D0C 5 Bytes JMP 00230600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5356] GDI32.dll!GetViewportOrgEx + 26C 763F884B 7 Bytes JMP 5CBD5389 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [731F0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\QNAP\Finder\iSCSIAgent.exe[2220] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74D9FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\QNAP\Finder\iSCSIAgent.exe[2220] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74D9FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\QNAP\Finder\iSCSIAgent.exe[2220] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74D9FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\QNAP\Finder\iSCSIAgent.exe[2220] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74D9FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\QNAP\Finder\iSCSIAgent.exe[2220] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74D9FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\QNAP\Finder\iSCSIAgent.exe[2220] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74D9FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2840] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [731F0790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 2.1 ----
File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-2369756220-3134226657-3882288552-1001 0 bytes
File C:\avast! sandbox\S-1-5-21-2369756220-3134226657-3882288552-1001\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-21-2369756220-3134226657-3882288552-1001\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-21-2369756220-3134226657-3882288552-1001\webStorage\snx_fs.dat 180 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 91136 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{ef0c08d3-f608-11e1-be46-40618667f7ca}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{ef0c08d3-f608-11e1-be46-40618667f7ca}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{ef0c08d3-f608-11e1-be46-40618667f7ca}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
---- EOF - GMER 2.1 ---- SecurityCheck Code:
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 ``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Mozilla Firefox (21.0)
Google Chrome 26.0.1410.64
Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe `````````````````System Health check`````````````````
Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Combofix Code:
ComboFix 13-06-03.06 - Admin 04.06.2013 13:39:28.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.1579 [GMT 2:00]
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-04 bis 2013-06-04 ))))))))))))))))))))))))))))))
.
.
2013-06-04 11:43 . 2013-06-04 11:43 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-06-04 11:43 . 2013-06-04 11:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-04 11:43 . 2013-06-04 11:43 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-06-04 11:10 . 2013-06-04 11:10 -------- d-----w- C:\FRST
2013-06-03 21:08 . 2013-06-03 21:08 -------- d-----w- c:\windows\ERUNT
2013-06-03 20:25 . 2013-06-03 20:25 -------- d-----w- c:\program files\Hercules
2013-06-03 20:25 . 2006-08-01 10:31 3600384 ----a-w- c:\windows\ffmpeg.exe
2013-06-03 20:18 . 2013-06-03 20:18 -------- d-----w- c:\windows\system32\RTCOM
2013-06-03 20:16 . 2013-02-26 14:41 19089920 ----a-w- c:\windows\system32\RCoRes.dat
2013-06-03 20:15 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-06-03 18:01 . 2013-06-04 11:43 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-06-03 17:50 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2013-06-03 15:55 . 2013-06-03 15:55 -------- d-----w- c:\users\Admin\AppData\Local\Programs
2013-06-03 15:08 . 2013-06-03 15:08 -------- d-----w- c:\users\Admin\AppData\Roaming\EFSoftware
2013-06-03 13:55 . 2013-06-03 13:55 -------- d-----w- c:\program files\Advanced CheckSum Verifier
2013-06-03 12:25 . 2013-05-02 23:17 1138688 --s-a-w- c:\windows\system32\HashControls.ocx
2013-06-03 12:25 . 2013-04-04 02:15 286720 --s-a-w- c:\windows\system32\FileHash.dll
2013-06-03 12:25 . 2005-07-17 06:21 128736 --s-a-w- c:\windows\system32\PTHash.dll
2013-06-03 12:25 . 1998-06-08 22:00 137216 --s-a-w- c:\windows\system32\MSDERUN.DLL
2013-05-31 20:38 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64AC3574-7D6D-478C-A8E6-07A325D38553}\mpengine.dll
2013-05-15 12:10 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 12:10 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 12:10 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 12:09 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 12:09 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 12:09 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 12:08 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:08 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-14 14:06 . 2013-05-14 14:06 -------- d-----r- c:\users\Admin\AppData\Roaming\Brother
2013-05-13 15:30 . 2013-05-13 15:34 -------- d-----w- c:\users\Admin\AppData\Roaming\Wuala
2013-05-13 15:30 . 2013-05-13 15:30 -------- d-----w- c:\users\Admin\AppData\Local\Wuala
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-03 15:26 . 2012-08-06 22:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-03 15:26 . 2012-08-06 22:39 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-04-30 17:28 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-04-30 17:28 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-08-06 17:48 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-08-06 17:48 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-08-06 17:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-08-06 17:48 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-08-06 17:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2012-08-06 17:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-08-06 17:47 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-08-06 17:47 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-08-06 17:45 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:13 . 2013-05-01 07:13 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 07:13 . 2013-05-01 07:13 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 07:13 . 2013-05-01 07:13 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 07:13 . 2013-05-01 07:13 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 07:13 . 2013-05-01 07:13 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 07:13 . 2013-05-01 07:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-01 07:13 . 2013-05-01 07:13 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 07:13 . 2013-05-01 07:13 361984 ----a-w- c:\windows\system32\html.iec
2013-05-01 07:13 . 2013-05-01 07:13 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 07:13 . 2013-05-01 07:13 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 07:13 . 2013-05-01 07:13 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 07:13 . 2013-05-01 07:13 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 07:13 . 2013-05-01 07:13 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 07:13 . 2013-05-01 07:13 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 07:13 . 2013-05-01 07:13 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 07:13 . 2013-05-01 07:13 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 07:13 . 2013-05-01 07:13 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 07:12 . 2013-05-01 07:12 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-05-01 07:12 . 2013-05-01 07:12 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-01 07:12 . 2013-05-01 07:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-01 07:12 . 2013-05-01 07:12 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-01 07:12 . 2013-05-01 07:12 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-05-01 07:12 . 2013-05-01 07:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-05-01 07:12 . 2013-05-01 07:12 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-01 07:12 . 2013-05-01 07:12 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-01 07:12 . 2013-05-01 07:12 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-01 07:12 . 2013-05-01 07:12 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-01 07:12 . 2013-05-01 07:12 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-01 07:12 . 2013-05-01 07:12 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-01 07:12 . 2013-05-01 07:12 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-01 07:12 . 2013-05-01 07:12 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-05-01 07:12 . 2013-05-01 07:12 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-05-01 07:12 . 2013-05-01 07:12 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-05-01 07:12 . 2013-05-01 07:12 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-05-01 07:12 . 2013-05-01 07:12 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-01 07:12 . 2013-05-01 07:12 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-05-01 07:12 . 2013-05-01 07:12 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 17:27 . 2013-04-30 17:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-30 17:27 . 2012-08-06 21:41 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-30 17:27 . 2012-08-06 21:41 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-13 04:45 . 2013-05-15 12:10 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-30 17:18 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 12:50 . 2012-10-23 11:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 05:04 . 2013-04-30 17:18 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-30 17:18 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-30 17:18 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-30 17:18 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Radian"="c:\program files\Radian\Radian.exe" [2011-11-19 712704]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2012-01-24 254256]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-02-26 11877448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TimeLeft.exe [2008-8-7 2374832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant]
2012-09-20 14:02 1425208 ----a-w- c:\windows\System32\LogiLDA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\priPrinterTray]
2012-04-09 07:46 36624 ----a-w- c:\program files\priPrinter\pritray.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2012-01-24 195888]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 217088]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iprip;RIP-Überwachung;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MusicIP Server;MusicIP Server;c:\program files\MusicIP Mixer\MusicMagicServer.exe [2008-07-18 3059712]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [2009-02-08 99968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-02-16 514152]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - awtdrpod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 20:16 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\
FF - ExtSQL: 2013-06-04 13:02; firefox1@myibay.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cpuu2v6e.default\extensions\firefox1@myibay.com.xpi
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-04 13:44:43
ComboFix-quarantined-files.txt 2013-06-04 11:44
.
Vor Suchlauf: 14 Verzeichnis(se), 56.489.902.080 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 56.440.459.264 Bytes frei
.
- - End Of File - - 69DA06AC97BC58E17B8783682A3D9BDC |