| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum 3.6.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.09.2012, 08:55
| #1 |
 |  Live Security Platinum 3.6.1 Moin, gestern Abend hat sich auf meinem Rechner Live Security Platinum 3.6.1 gemeldet und erst einmal alles lahmgelegt. (Übrigens kurz nachdem sich Adobe Flash Player als Update gemeldet hatte und ich die Installation durchführen lies...). Nachdem ich den Inhalt des Ordners, auf den die Verknüpfung von LSP auf meinem Desktop verwiesen hatte, gelöscht und die *.exe umbenannt hatte, funktionierte das System scheinbar wieder. Habe dann als Admin Scans mit Malwarebytes, OTL und GMER durchgeführt. Hier nun die Logfiles: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.01.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Boludo :: BOLUDO-PC [Administrator] 01.09.2012 22:22:04 mbam-log-2012-09-01 (22-22-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 369910 Laufzeit: 1 Stunde(n), 29 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2555909198-2805718332-2460936450-1000\$30ad3e590ec1993ed8708247cc2bc33a\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 8 C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\n (Trojan.Siredef) -> Löschen bei Neustart. C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\800000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-21-2555909198-2805718332-2460936450-1000\$30ad3e590ec1993ed8708247cc2bc33a\n (Trojan.Siredef) -> Löschen bei Neustart. C:\Program Files\pdfsam\pdfsam-starter.exe (Trojan.Agent.VGENX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Boludo\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 02.09.2012 08:23:34 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Boludo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,91% Memory free 6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 8,26 Gb Free Space | 7,41% Space Free | Partition Type: NTFS Drive D: | 107,90 Gb Total Space | 3,42 Gb Free Space | 3,17% Space Free | Partition Type: NTFS Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe PRC - [2012.08.09 08:43:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.11 16:48:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Boludo\AppData\Local\Temp\RtkBtMnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.04.22 09:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.11 08:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 06:57:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.14 06:47:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 06:46:52 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.24 18:06:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.24 17:57:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.24 17:57:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.09.23 15:58:24 | 000,008,960 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2008.03.29 04:48:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.03.29 04:48:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.03.29 04:48:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll ========== Services (SafeList) ========== SRV - [2012.08.30 11:24:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2009.11.20 23:23:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.08 20:42:26 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4) DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 11:24:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 07:13:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.11 21:59:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boludo\AppData\Roaming\12011 [2009.11.20 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Extensions [2012.08.27 08:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions [2012.08.27 08:37:16 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\maps@ovi.com [2012.06.14 20:25:50 | 000,000,925 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\conduit.xml [2011.07.31 18:52:02 | 000,005,310 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\footiefox.xml [2012.06.17 07:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.15 07:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.06.15 07:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.05.26 19:21:38 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI [2012.05.23 19:03:31 | 000,355,956 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{9FB7D178-155A-4318-9173-1A8EAAEA7FE4}.XPI [2012.02.07 18:29:57 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI [2009.11.20 12:27:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.08.30 11:24:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 11:24:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.10 21:44:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8621F01D-1B82-4981-BC90-637664DB07CE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.02 07:57:08 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe [2012.08.04 19:20:25 | 000,000,000 | ---D | C] -- C:\Users\Boludo\Desktop\Barthstraße 23 ========== Files - Modified Within 30 Days ========== [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe [2012.09.02 07:52:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.09.02 07:52:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 07:52:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.02 07:51:45 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.09.02 07:50:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.01 21:52:08 | 000,018,432 | ---- | M] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.01 19:29:47 | 000,010,276 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben September.ods [2012.08.31 20:56:55 | 000,014,887 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben August.ods [2012.08.31 11:13:46 | 000,017,101 | ---- | M] () -- C:\Users\Boludo\Desktop\Arztrechnungen.ods [2012.08.31 09:10:45 | 000,084,934 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.08.29 09:52:20 | 000,000,680 | ---- | M] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat [2012.08.28 07:12:54 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.08.15 07:34:58 | 000,352,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.09 19:37:33 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.09 19:37:33 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.09 19:37:33 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.09 19:37:33 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.06 20:36:48 | 000,000,699 | ---- | M] () -- C:\Windows\wiso.ini ========== Files Created - No Company Name ========== [2012.08.31 09:10:47 | 000,010,276 | ---- | C] () -- C:\Users\Boludo\Desktop\Ausgaben September.ods [2012.08.08 19:35:43 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.06.01 09:31:43 | 000,000,008 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat [2011.06.11 19:02:43 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe [2011.03.15 23:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.02.20 15:09:34 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.04 17:07:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010.11.05 20:03:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.18 18:29:23 | 000,000,680 | ---- | C] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat [2010.01.16 14:36:39 | 000,034,923 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\mdbu.bin [2009.11.22 17:43:57 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.11.22 17:40:22 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.22 00:41:26 | 000,018,432 | ---- | C] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2009.11.20 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer [2008.03.29 05:06:10 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer GameZone Console [2009.12.24 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\AnvSoft [2011.02.20 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Buhl Data Service [2009.12.29 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Canon [2009.12.01 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\FreeFLVConverter [2011.12.30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\GMX [2010.05.26 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\IrfanView [2009.11.20 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Leadertech [2010.08.01 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\MusicBrainz [2012.02.11 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia [2010.05.09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Ovi Suite [2012.02.12 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Suite [2009.11.21 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\OpenOffice.org [2012.03.02 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\PC Suite [2011.06.11 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\pics [2010.02.07 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\StreamTorrent [2009.11.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Validity [2012.09.02 07:50:48 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.09.2012 08:23:34 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,91% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 8,26 Gb Free Space | 7,41% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 3,42 Gb Free Space | 3,17% Space Free | Partition Type: NTFS
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AceBackup] -- "C:\Program Files\AceBIT\AceBackup 3\AceBackup.exe" -as "%1" (AceBIT)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}" = AceBackup 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9F70E36A-8C0F-4069-9C81-9708E46E6F5E}" = O&O PartitionManager Professional
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"DirSync" = DirSync 2.93
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Fotoservice" = Fotoservice
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GMX ProfiFax" = GMX ProfiFax
"GMX SMS-Manager" = GMX SMS-Manager
"GridVista" = Acer GridVista
"InstallShield_{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5.5
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"MyCamera" = Canon Utilities MyCamera
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Suite" = Nokia Suite
"NTI Open File Manager" = NTI Open File Manager
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"pdfsam" = pdfsam
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Saturn Fotoservice" = Saturn Fotoservice
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2012 15:23:57 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 15:27:55 | Computer Name = Boludo-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1460 Anfangszeit: 01cd8877cf1c1573 Zeitpunkt
der Beendigung: 202
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 20:51:38 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.09.2012 20:51:39 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7218291
Error - 01.09.2012 20:51:39 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7218291
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17129222
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17129222
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 05.04.2012 14:31:30 | Computer Name = Boludo-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 01.09.2012 15:23:58 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 01.09.2012 15:23:58 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 01.09.2012 15:30:08 | Computer Name = Boludo-PC | Source = DCOM | ID = 10010
Description =
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 02.09.2012 01:51:45 | Computer Name = Boludo-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-02 09:42:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: e1rvr27y.exe; Driver: C:\Users\Boludo\AppData\Local\Temp\pfriipog.sys
---- System - GMER 1.0.15 ----
SSDT 8CA61636 ZwCreateSection
SSDT 8CA61640 ZwRequestWaitReplyPort
SSDT 8CA6163B ZwSetContextThread
SSDT 8CA61645 ZwSetSecurityObject
SSDT 8CA6164A ZwSystemDebugControl
SSDT 8CA615D7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822E48D8 4 Bytes [36, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 822E4BFC 4 Bytes [40, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 822E4C30 4 Bytes [3B, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822E4C94 4 Bytes [45, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 822E4CDC 4 Bytes [4A, 16, A6, 8C]
.text ...
? System32\drivers\rxgqhbs.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E800340, 0x3D50E7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!GetWindowInfo 767F428E 5 Bytes JMP 626FF66F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!SetMenuItemBitmaps + 71 768014EE 7 Bytes JMP 626FFCA8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] ntdll.dll!LdrLoadDll 77439378 5 Bytes JMP 625A6C40 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!HeapSetInformation + 26 771AA8C0 7 Bytes JMP 625AFE71 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!LockResource + C 771C6B0B 7 Bytes JMP 627E2D9C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!VirtualAllocEx + 54 771CAF70 7 Bytes JMP 627E2DBF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] GDI32.dll!SetStretchBltMode + 256 76B6745C 7 Bytes JMP 627E2D1D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateFile + 6 7747424A 4 Bytes [28, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateFile + B 7747424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateKey + 6 7747428A 4 Bytes [68, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateKey + B 7747428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateMutant + 6 774742BA 4 Bytes [28, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateMutant + B 774742BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateSection + 6 7747433A 4 Bytes [68, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateSection + B 7747433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtMapViewOfSection + 6 7747499A 4 Bytes [A8, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtMapViewOfSection + B 7747499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenFile + 6 77474A2A 4 Bytes [68, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenFile + B 77474A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenKey + 6 77474A5A 4 Bytes [A8, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenKey + B 77474A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenMutant + B 77474A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + 6 77474AAA 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + 6 77474AAA 4 Bytes [28, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + B 77474AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + 6 77474ABA 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + 6 77474ABA 4 Bytes [68, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + B 77474ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessTokenEx + 6 77474ACA 4 Bytes [28, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessTokenEx + B 77474ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenSection + 6 77474ADA 4 Bytes [A8, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenSection + B 77474ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThread + B 77474B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadToken + 6 77474B2A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadToken + B 77474B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadTokenEx + 6 77474B3A 4 Bytes [68, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadTokenEx + B 77474B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryAttributesFile + 6 77474BCA 4 Bytes [A8, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryAttributesFile + B 77474BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryFullAttributesFile + B 77474C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationFile + 6 7747515A 4 Bytes [28, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationFile + B 7747515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + 6 774751AA 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + 6 774751AA 4 Bytes [A8, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + B 774751AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtUnmapViewOfSection + B 7747544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateProcessW 77181BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateProcessA 77181C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!OpenEventW 7719C033 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateEventW 771CB87E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!DeleteObject 76B65A37 5 Bytes JMP 001801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetDeviceCaps 76B6617F 5 Bytes JMP 001803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectObject 76B662A0 5 Bytes JMP 001805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetTextColor 76B6666B 5 Bytes JMP 001809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetBkMode 76B66716 5 Bytes JMP 001808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!DeleteDC 76B668CD 5 Bytes JMP 00180170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetCurrentObject 76B66B58 5 Bytes JMP 00180370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetStretchBltMode 76B67206 5 Bytes JMP 00180670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SaveDC 76B675BA 5 Bytes JMP 00180570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!RestoreDC 76B67675 5 Bytes JMP 00180530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StretchDIBits 76B678CF 5 Bytes JMP 00180730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtSelectClipRgn 76B679F8 5 Bytes JMP 001802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectClipRgn 76B67AF9 5 Bytes JMP 001805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!MoveToEx 76B67C33 5 Bytes JMP 00180470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!Rectangle 76B67EA9 5 Bytes JMP 00180970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextAlign 76B682E0 5 Bytes JMP 00180D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetTextAlign 76B685CB 5 Bytes JMP 001809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtTextOutW 76B6872B 5 Bytes JMP 00180930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextMetricsW 76B68A81 5 Bytes JMP 00180DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!IntersectClipRect 76B68B64 5 Bytes JMP 001803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetClipBox 76B69071 5 Bytes JMP 00180330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetICMMode 76B694E7 5 Bytes JMP 00180D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateDCW 76B6A91D 5 Bytes JMP 001800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateDCA 76B6AA49 5 Bytes JMP 001800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateICW 76B6B2E9 5 Bytes JMP 00180130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextFaceW 76B6B637 5 Bytes JMP 00180CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetFontData 76B6BA6C 5 Bytes JMP 00180C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextExtentPoint32W 76B6C01A 5 Bytes JMP 00180630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetWorldTransform 76B6C46A 5 Bytes JMP 001806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!LineTo 76B6C65E 5 Bytes JMP 00180430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextMetricsA 76B6CCEB 5 Bytes JMP 00180DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtTextOutA 76B700A5 5 Bytes JMP 001808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtEscape 76B722A7 5 Bytes JMP 001802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!Escape 76B727F1 5 Bytes JMP 00180270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ResetDCW 76B73132 5 Bytes JMP 00180A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndPage 76B7375E 5 Bytes JMP 00180230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetPolyFillMode 76B761D3 5 Bytes JMP 00180AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetMiterLimit 76B762E2 5 Bytes JMP 00180B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextFaceA 76B7F4C5 5 Bytes JMP 00180CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetGlyphOutlineW 76B8A41F 5 Bytes JMP 00180C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateScalableFontResourceW 76B8C88B 5 Bytes JMP 00180B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!AddFontResourceW 76B8CC93 5 Bytes JMP 00180BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!RemoveFontResourceW 76B8D129 5 Bytes JMP 00180BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!AbortDoc 76B92CC4 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndDoc 76B930D8 5 Bytes JMP 001801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StartPage 76B931C3 5 Bytes JMP 001806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StartDocW 76B93CA7 5 Bytes JMP 001807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!BeginPath 76B94465 5 Bytes JMP 001807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectClipPath 76B944BC 5 Bytes JMP 00180AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CloseFigure 76B94517 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndPath 76B9456E 5 Bytes JMP 00180A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StrokePath 76B947A0 5 Bytes JMP 00180770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!FillPath 76B9482C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!FillPath 76B9482C 5 Bytes JMP 00180830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolylineTo 76B94C95 5 Bytes JMP 001804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolyBezierTo 76B94D25 5 Bytes JMP 001804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolyDraw 76B94DD6 5 Bytes JMP 00180870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetCursor 767ED37D 5 Bytes JMP 00190530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatW 767ED6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatW 767ED6AC 5 Bytes JMP 001902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ActivateKeyboardLayout 767F478C 5 Bytes JMP 001904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!IsWindowVisible 767F878A 7 Bytes JMP 001906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MonitorFromWindow 767F88D4 4 Bytes JMP 00190630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MonitorFromWindow + 5 767F88D9 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ScreenToClient 767F8C56 7 Bytes JMP 00190670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClientRect 767F8F0D 7 Bytes JMP 001905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetParent 767F90AA 7 Bytes JMP 001906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatA 767FA111 5 Bytes JMP 001902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!PostMessageW 767FA175 5 Bytes JMP 001905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MapWindowPoints 767FA30D 5 Bytes JMP 00190570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardFormatNameA 767FA552 5 Bytes JMP 00190270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetOpenClipboardWindow 768026A6 5 Bytes JMP 001903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetClipboardViewer 7680BA2D 5 Bytes JMP 001904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!IsClipboardFormatAvailable 7680C2E3 5 Bytes JMP 001900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!CloseClipboard 7680C2F7 5 Bytes JMP 001900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!OpenClipboard 7680C31D 5 Bytes JMP 00190070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetTopWindow 7680CE0A 7 Bytes JMP 00190730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardSequenceNumber 7680D8B7 5 Bytes JMP 00190330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ChangeClipboardChain 7680DF83 5 Bytes JMP 00190430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!CountClipboardFormats 76810048 5 Bytes JMP 001901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardOwner 768126EF 5 Bytes JMP 00190370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetClipboardData 76826410 5 Bytes JMP 00190170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!EnumClipboardFormats 76826D16 5 Bytes JMP 001901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetCursorPos 76826FB2 5 Bytes JMP 00190770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardData 7682715A 5 Bytes JMP 00190030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardFormatNameW 7682A99F 5 Bytes JMP 00190230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!EmptyClipboard 7684398B 5 Bytes JMP 00190130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardViewer 768439ED 5 Bytes JMP 00190470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetPriorityClipboardFormat 76843AEF 5 Bytes JMP 001903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleGetClipboard 769274C9 5 Bytes JMP 001A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleSetClipboard 769511E3 5 Bytes JMP 001A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleIsCurrentClipboard 7695A8F9 5 Bytes JMP 001A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!FreeContextBuffer 75962D83 5 Bytes JMP 002C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!DeleteSecurityContext 75962F18 5 Bytes JMP 002C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!FreeCredentialsHandle 75963598 5 Bytes JMP 002C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!EncryptMessage 75963745 5 Bytes JMP 002C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!DecryptMessage 75963813 5 Bytes JMP 002C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!InitializeSecurityContextA 759687DF 5 Bytes JMP 002C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!AcquireCredentialsHandleA 75968A43 5 Bytes JMP 002C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!QueryContextAttributesA 75968E77 5 Bytes JMP 002C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!ApplyControlToken 7596DE4F 5 Bytes JMP 002C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!QueryCredentialsAttributesA 7596E052 5 Bytes JMP 002C00B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec4348
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec4348 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM02.00.00.01PRO D4A20DAD5868B6041F04324742A5C08A4AA057E0733C7E4C1DDFA45CC1C941D4674BF258D6B8800A9109D0A2DEC8CD5CDFEC54BDF821889B189644EF887B7147759D09E7C5D7030263D371F0AB431E839090CAB02DAF89AECE10BF7BBE58BC9CC5E410B933BB7857EF7015D65A9D3B06ED769747841FF8C2A53BEF16C06A24ECB3AD7E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34529DB7CE019D40AA5C80ABBC8B1D9C3EF8987473BA6BA15654E4CBE3AEE6BAB6D9675FC46044E9E6C0A7A78D5E861D47FEF8887DA770D2876F1307FC96BFE0E9027914C65B44C0D801B65E65853D6ACB60613C009E07C77824F6A3F658A2B0DACF04A8CFC0FE770B689C1D72939D8CDB8AA433B50D8329D48868B2B85A768EF32204C195140FD5C2C19E3BD7441CCA3CCF6E12CC054C60FE1A174C1E2AB7A852404D874078A7687DB9D10FAAF53C326667B9826A3FDD9A0CB6830BF875F6EB4A5186A5EC370D7E68632577F4299A16856C57B1A316C4C9C6A1848C0B92580BE0E02A4CAD3D98ADE832D5D3350565887A5B6CD10408A7A5AB0343740D77937F5260862C869B37CC1701F8885D53DCE4DA9871998AB7BB28ECE5BCE82CC175028B24408070076BF8BB0C76FE528159C6EDE834C02BE
---- EOF - GMER 1.0.15 ----
Bin ich den Plagegeist nun los oder soll ich noch weitere Scans durchführen? Ach so: Der normale Windows-Modus funktioniert scheinbar einwandfrei und leere Ordner sind im Startmenü nicht vorhanden, vermisst wird auch nichts. Vielen Dank vorab & Gruß Boludo Geändert von Boludo (02.09.2012 um 08:58 Uhr) Grund: Ergänzung |
| Themen zu Live Security Platinum 3.6.1 |
| 7-zip, ad-aware, antivir, autorun, avira, bho, bonjour, cursor, desktop, error, fastprox.dll, firefox, flash player, getwindowinfo, helper, home, iexplore.exe, installation, launch, mozilla, mp3, nodrives, ntdll.dll, plug-in, popup, realtek, recycle.bin, registry, rundll, security, software, system, vista |
Baum-Darstellung