| |  Weiterleitung auf rocketnews im Browser
 Hi,
Meine Mutter hat sich auf ihrem Laptop einen Trojaner eingefangen, der Google-Suchanfragen auf "rocketnews" weiterleitet, welches dann auf werbung oä weiterleitet. Antivir hat schon einige Viren gefunden und entfernt, das Problem besteht jedoch weiterhin. Das Problem trat schonmal vor einigen Monaten auf, damals hatte aber Antivir Abhilfe geleistet.
Hier also die Logs:
OTL: Zitat:
OTL logfile created on: 28.07.2012 09:53:26 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\****\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,30 Mb Total Physical Memory | 426,91 Mb Available Physical Memory | 41,72% Memory free
2,00 Gb Paging File | 1,24 Gb Available in Paging File | 62,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 53,02 Gb Free Space | 71,24% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 126,98 Gb Free Space | 85,19% Space Free | Partition Type: NTFS
Computer Name: ****-NBW7 | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.09 12:39:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe
PRC - [2012.05.21 05:27:00 | 000,788,376 | ---- | M] () -- C:\Programme\Lidl_Fotos\dd.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.08.26 07:05:08 | 003,511,296 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe
PRC - [2011.08.20 19:05:44 | 000,048,618 | ---- | M] (The Pidgin developer community) -- C:\Programme\Pidgin\pidgin.exe
PRC - [2011.07.22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.07.20 14:40:28 | 000,094,120 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.04.10 09:03:46 | 000,077,824 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2009.02.23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Programme\MagicDisc\MagicDisc.exe
PRC - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.21 05:27:00 | 000,788,376 | ---- | M] () -- C:\Programme\Lidl_Fotos\dd.exe
MOD - [2011.08.26 07:01:51 | 002,920,960 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll
MOD - [2011.08.20 19:05:44 | 000,325,180 | ---- | M] () -- C:\Programme\Pidgin\libjabber.dll
MOD - [2011.08.20 19:05:44 | 000,288,309 | ---- | M] () -- C:\Programme\Pidgin\plugins\libmsn.dll
MOD - [2011.08.20 19:05:44 | 000,251,285 | ---- | M] () -- C:\Programme\Pidgin\liboscar.dll
MOD - [2011.08.20 19:05:44 | 000,190,214 | ---- | M] () -- C:\Programme\Pidgin\libymsg.dll
MOD - [2011.08.20 19:05:44 | 000,180,516 | ---- | M] () -- C:\Programme\Pidgin\plugins\libgg.dll
MOD - [2011.08.20 19:05:44 | 000,147,158 | ---- | M] () -- C:\Programme\Pidgin\plugins\libsilc.dll
MOD - [2011.08.20 19:05:44 | 000,119,368 | ---- | M] () -- C:\Programme\Pidgin\plugins\libmxit.dll
MOD - [2011.08.20 19:05:44 | 000,093,250 | ---- | M] () -- C:\Programme\Pidgin\plugins\libsametime.dll
MOD - [2011.08.20 19:05:44 | 000,087,918 | ---- | M] () -- C:\Programme\Pidgin\plugins\libnovell.dll
MOD - [2011.08.20 19:05:44 | 000,086,376 | ---- | M] () -- C:\Programme\Pidgin\plugins\libmyspace.dll
MOD - [2011.08.20 19:05:44 | 000,075,085 | ---- | M] () -- C:\Programme\Pidgin\plugins\libirc.dll
MOD - [2011.08.20 19:05:44 | 000,070,345 | ---- | M] () -- C:\Programme\Pidgin\plugins\libbonjour.dll
MOD - [2011.08.20 19:05:44 | 000,061,569 | ---- | M] () -- C:\Programme\Pidgin\plugins\spellchk.dll
MOD - [2011.08.20 19:05:44 | 000,043,176 | ---- | M] () -- C:\Programme\Pidgin\plugins\libsimple.dll
MOD - [2011.08.20 19:05:44 | 000,038,873 | ---- | M] () -- C:\Programme\Pidgin\plugins\log_reader.dll
MOD - [2011.08.20 19:05:44 | 000,033,896 | ---- | M] () -- C:\Programme\Pidgin\plugins\xmppdisco.dll
MOD - [2011.08.20 19:05:44 | 000,029,185 | ---- | M] () -- C:\Programme\Pidgin\plugins\xmppconsole.dll
MOD - [2011.08.20 19:05:44 | 000,023,339 | ---- | M] () -- C:\Programme\Pidgin\plugins\themeedit.dll
MOD - [2011.08.20 19:05:44 | 000,022,446 | ---- | M] () -- C:\Programme\Pidgin\plugins\ticker.dll
MOD - [2011.08.20 19:05:44 | 000,022,242 | ---- | M] () -- C:\Programme\Pidgin\plugins\pidginrc.dll
MOD - [2011.08.20 19:05:44 | 000,021,753 | ---- | M] () -- C:\Programme\Pidgin\plugins\win2ktrans.dll
MOD - [2011.08.20 19:05:44 | 000,021,709 | ---- | M] () -- C:\Programme\Pidgin\plugins\winprefs.dll
MOD - [2011.08.20 19:05:44 | 000,021,699 | ---- | M] () -- C:\Programme\Pidgin\plugins\notify.dll
MOD - [2011.08.20 19:05:44 | 000,018,706 | ---- | M] () -- C:\Programme\Pidgin\plugins\ssl-nss.dll
MOD - [2011.08.20 19:05:44 | 000,017,910 | ---- | M] () -- C:\Programme\Pidgin\plugins\convcolors.dll
MOD - [2011.08.20 19:05:44 | 000,016,371 | ---- | M] () -- C:\Programme\Pidgin\plugins\libxmpp.dll
MOD - [2011.08.20 19:05:44 | 000,016,330 | ---- | M] () -- C:\Programme\Pidgin\plugins\libyahoo.dll
MOD - [2011.08.20 19:05:44 | 000,016,291 | ---- | M] () -- C:\Programme\Pidgin\plugins\timestamp_format.dll
MOD - [2011.08.20 19:05:44 | 000,014,269 | ---- | M] () -- C:\Programme\Pidgin\plugins\markerline.dll
MOD - [2011.08.20 19:05:44 | 000,013,426 | ---- | M] () -- C:\Programme\Pidgin\plugins\autoaccept.dll
MOD - [2011.08.20 19:05:44 | 000,013,291 | ---- | M] () -- C:\Programme\Pidgin\plugins\libyahoojp.dll
MOD - [2011.08.20 19:05:44 | 000,012,953 | ---- | M] () -- C:\Programme\Pidgin\plugins\timestamp.dll
MOD - [2011.08.20 19:05:44 | 000,012,380 | ---- | M] () -- C:\Programme\Pidgin\plugins\history.dll
MOD - [2011.08.20 19:05:44 | 000,011,517 | ---- | M] () -- C:\Programme\Pidgin\plugins\idle.dll
MOD - [2011.08.20 19:05:44 | 000,011,029 | ---- | M] () -- C:\Programme\Pidgin\plugins\joinpart.dll
MOD - [2011.08.20 19:05:44 | 000,010,521 | ---- | M] () -- C:\Programme\Pidgin\plugins\offlinemsg.dll
MOD - [2011.08.20 19:05:44 | 000,010,015 | ---- | M] () -- C:\Programme\Pidgin\plugins\libicq.dll
MOD - [2011.08.20 19:05:44 | 000,009,712 | ---- | M] () -- C:\Programme\Pidgin\plugins\extplacement.dll
MOD - [2011.08.20 19:05:44 | 000,009,476 | ---- | M] () -- C:\Programme\Pidgin\plugins\statenotify.dll
MOD - [2011.08.20 19:05:44 | 000,009,084 | ---- | M] () -- C:\Programme\Pidgin\plugins\libaim.dll
MOD - [2011.08.20 19:05:44 | 000,009,055 | ---- | M] () -- C:\Programme\Pidgin\plugins\sendbutton.dll
MOD - [2011.08.20 19:05:44 | 000,008,927 | ---- | M] () -- C:\Programme\Pidgin\plugins\relnot.dll
MOD - [2011.08.20 19:05:44 | 000,008,878 | ---- | M] () -- C:\Programme\Pidgin\plugins\psychic.dll
MOD - [2011.08.20 19:05:44 | 000,007,645 | ---- | M] () -- C:\Programme\Pidgin\plugins\gtkbuddynote.dll
MOD - [2011.08.20 19:05:44 | 000,006,954 | ---- | M] () -- C:\Programme\Pidgin\plugins\newline.dll
MOD - [2011.08.20 19:05:44 | 000,006,875 | ---- | M] () -- C:\Programme\Pidgin\plugins\iconaway.dll
MOD - [2011.08.20 19:05:44 | 000,006,751 | ---- | M] () -- C:\Programme\Pidgin\plugins\buddynote.dll
MOD - [2011.08.20 19:05:44 | 000,006,526 | ---- | M] () -- C:\Programme\Pidgin\plugins\ssl.dll
MOD - [2011.08.20 19:05:42 | 002,719,062 | ---- | M] () -- C:\Programme\Pidgin\libsilc-1-1-2.dll
MOD - [2011.08.20 19:05:42 | 001,206,642 | ---- | M] () -- C:\Programme\Pidgin\libsilcclient-1-1-2.dll
MOD - [2011.08.20 19:05:42 | 000,582,656 | ---- | M] () -- C:\Programme\Pidgin\exchndl.dll
MOD - [2011.08.20 19:05:42 | 000,475,580 | ---- | M] () -- C:\Programme\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2011.08.20 19:05:42 | 000,417,501 | ---- | M] () -- C:\Programme\Pidgin\sqlite3.dll
MOD - [2011.08.20 19:05:42 | 000,173,805 | ---- | M] () -- C:\Programme\Pidgin\libmeanwhile-1.dll
MOD - [2011.08.20 19:05:40 | 001,213,633 | ---- | M] () -- C:\Programme\Pidgin\libxml2-2.dll
MOD - [2011.08.06 21:08:15 | 000,219,305 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2011.08.06 21:08:15 | 000,090,496 | ---- | M] () -- C:\Programme\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2011.08.06 21:08:15 | 000,055,808 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\zlib1.dll
MOD - [2011.08.06 21:08:14 | 000,482,872 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2011.08.06 21:08:14 | 000,279,059 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2011.08.06 21:08:14 | 000,095,189 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2011.08.06 21:08:13 | 000,904,525 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2011.08.06 21:08:13 | 000,535,264 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\freetype6.dll
MOD - [2011.08.06 21:08:13 | 000,143,096 | ---- | M] () -- C:\Programme\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2011.07.20 14:40:28 | 000,094,120 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe
MOD - [2011.07.20 10:57:54 | 007,431,168 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncapp.dll
MOD - [2011.07.20 10:57:06 | 000,043,520 | ---- | M] () -- C:\Programme\Allway Sync\Bin\SyncHook.dll
MOD - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.09.30 10:14:19 | 000,055,296 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy_03.dll
MOD - [2010.04.21 11:00:35 | 000,058,368 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_30_Win32.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2D03057-0AFF-4F68-96BA-3574285BA261}\MpKslcf5db666.sys -- (MpKslcf5db666)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.09.08 09:23:36 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2011.08.09 08:11:50 | 000,016,512 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2011.02.09 10:36:04 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007.08.12 23:33:00 | 002,599,936 | ---- | M] (IntelŽ Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2007.05.11 18:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007.05.11 18:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.05.11 18:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2005.04.21 21:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ozscr.sys -- (OZSCR)
DRV - [2004.11.15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [1998.09.16 09:07:10 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sfc4.sys -- (SFC4)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 17 50 CC 88 50 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {E1BE8079-E07E-4407-BF11-A7156845E5AF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E1BE8079-E07E-4407-BF11-A7156845E5AF}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.27 21:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.08.01 21:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.07.27 21:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.09 14:53:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.27 21:13:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.08.01 21:17:05 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Allway Sync] C:\Program Files\Allway Sync\Bin\syncappw.exe ()
O4 - HKCU..\Run: [Device Detection] C:\Programme\Lidl_Fotos\dd.exe ()
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk = C:\Programme\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B79135B4-2A0D-4BB7-ABB8-57A57E2D0F78}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5E41DA1-DC2A-4D54-A30D-08025BEB5659}: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5cffdeea-bc73-11e0-8fad-0010c6c81e84}\Shell - "" = AutoRun
O33 - MountPoints2\{5cffdeea-bc73-11e0-8fad-0010c6c81e84}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{5cffdeea-bc73-11e0-8fad-0010c6c81e84}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{5cffdeea-bc73-11e0-8fad-0010c6c81e84}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.27 22:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.27 22:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.27 21:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.27 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.27 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.07.25 22:00:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.07.25 21:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\6F638BDF3D8C92A2C3691F55F875EF7E
========== Files - Modified Within 30 Days ==========
[2012.07.28 09:48:11 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 09:48:11 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 09:40:00 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\LCDKALSF.job
[2012.07.28 09:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.28 09:39:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012.07.28 09:39:23 | 804,753,408 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 21:23:08 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.13 09:45:41 | 000,341,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.08 15:07:28 | 000,659,776 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.08 15:07:28 | 000,621,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.08 15:07:28 | 000,132,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.08 15:07:28 | 000,108,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2012.04.06 17:28:40 | 000,147,456 | RHS- | C] () -- C:\Windows\System32\runoncek.dll
[2011.12.27 18:29:33 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.08.13 21:26:44 | 000,041,472 | ---- | C] () -- C:\Windows\System32\drivers\sfc4.sys
[2011.08.09 21:18:13 | 000,056,378 | ---- | C] () -- C:\Users\****\AppData\Roaming\mdbu.bin
[2011.08.03 21:01:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.08.03 21:01:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.01 21:43:31 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe
[2011.08.01 21:43:31 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.04.12 03:30:05 | 000,659,776 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,132,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
========== LOP Check ==========
[2012.07.28 09:58:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.purple
[2011.08.13 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2012.07.20 09:50:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2011.08.02 08:11:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sync App Settings
[2011.12.25 17:54:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2012.07.28 09:40:00 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\LCDKALSF.job
[2012.06.11 14:36:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
| GMER: Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-28 14:41:00
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980815A rev._3.ALE
Running: ytlbkr7q.exe; Driver: C:\Users\EDELTR~1\AppData\Local\Temp\kwlcquod.sys
---- System - GMER 1.0.15 ----
SSDT 8CA45DF6 ZwCreateSection
SSDT 8CA45E00 ZwRequestWaitReplyPort
SSDT 8CA45DFB ZwSetContextThread
SSDT 8CA45E05 ZwSetSecurityObject
SSDT 8CA45E0A ZwSystemDebugControl
SSDT 8CA45D97 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C66989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C864E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C8D87C 4 Bytes [F6, 5D, A4, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C8DBD8 4 Bytes [00, 5E, A4, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C8DC1C 4 Bytes [FB, 5D, A4, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C8DC98 4 Bytes [05, 5E, A4, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C8DCEC 4 Bytes [0A, 5E, A4, 8C]
.text ...
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x8DF64400, 0x6EED8, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x8DFEF020] C:\Windows\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0x8DFEF020]
.protect˙˙˙˙hardlockunknown last code section [0x8DFEEE00, 0x50BA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x8DFEEE00, 0x50BA, 0xE0000020]
PAGE peauth.sys 9603ABEC 111 Bytes [19, 66, 58, E9, 24, C6, 7E, ...]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000048 halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006b bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006d bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0010c6c81e84
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0010c6c81e84 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
| Danke für eure Hilfe!
|
28.07.2012, 13:43
Baum-Darstellung