| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum 3.6.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.09.2012, 08:55
| #1 |
 |  Live Security Platinum 3.6.1 Moin, gestern Abend hat sich auf meinem Rechner Live Security Platinum 3.6.1 gemeldet und erst einmal alles lahmgelegt. (Übrigens kurz nachdem sich Adobe Flash Player als Update gemeldet hatte und ich die Installation durchführen lies...). Nachdem ich den Inhalt des Ordners, auf den die Verknüpfung von LSP auf meinem Desktop verwiesen hatte, gelöscht und die *.exe umbenannt hatte, funktionierte das System scheinbar wieder. Habe dann als Admin Scans mit Malwarebytes, OTL und GMER durchgeführt. Hier nun die Logfiles: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.01.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Boludo :: BOLUDO-PC [Administrator] 01.09.2012 22:22:04 mbam-log-2012-09-01 (22-22-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 369910 Laufzeit: 1 Stunde(n), 29 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-2555909198-2805718332-2460936450-1000\$30ad3e590ec1993ed8708247cc2bc33a\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 8 C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\n (Trojan.Siredef) -> Löschen bei Neustart. C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-18\$30ad3e590ec1993ed8708247cc2bc33a\U\800000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$RECYCLE.BIN\S-1-5-21-2555909198-2805718332-2460936450-1000\$30ad3e590ec1993ed8708247cc2bc33a\n (Trojan.Siredef) -> Löschen bei Neustart. C:\Program Files\pdfsam\pdfsam-starter.exe (Trojan.Agent.VGENX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Boludo\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 02.09.2012 08:23:34 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Boludo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,91% Memory free 6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 8,26 Gb Free Space | 7,41% Space Free | Partition Type: NTFS Drive D: | 107,90 Gb Total Space | 3,42 Gb Free Space | 3,17% Space Free | Partition Type: NTFS Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe PRC - [2012.08.09 08:43:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.11 16:48:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Boludo\AppData\Local\Temp\RtkBtMnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.04.22 09:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.11 08:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 06:57:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.14 06:47:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 06:46:52 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.24 18:06:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.24 17:57:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.24 17:57:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.09.23 15:58:24 | 000,008,960 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2008.03.29 04:48:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.03.29 04:48:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.03.29 04:48:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll ========== Services (SafeList) ========== SRV - [2012.08.30 11:24:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2009.11.20 23:23:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.08 20:42:26 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4) DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 11:24:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 07:13:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.11 21:59:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boludo\AppData\Roaming\12011 [2009.11.20 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Extensions [2012.08.27 08:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions [2012.08.27 08:37:16 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\maps@ovi.com [2012.06.14 20:25:50 | 000,000,925 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\conduit.xml [2011.07.31 18:52:02 | 000,005,310 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\footiefox.xml [2012.06.17 07:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.15 07:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.06.15 07:13:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.05.26 19:21:38 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI [2012.05.23 19:03:31 | 000,355,956 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{9FB7D178-155A-4318-9173-1A8EAAEA7FE4}.XPI [2012.02.07 18:29:57 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI [2009.11.20 12:27:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.08.30 11:24:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 11:24:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.10 21:44:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8621F01D-1B82-4981-BC90-637664DB07CE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.02 07:57:08 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe [2012.08.04 19:20:25 | 000,000,000 | ---D | C] -- C:\Users\Boludo\Desktop\Barthstraße 23 ========== Files - Modified Within 30 Days ========== [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe [2012.09.02 07:52:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.09.02 07:52:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 07:52:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 07:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.02 07:51:45 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.09.02 07:50:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.01 21:52:08 | 000,018,432 | ---- | M] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.01 19:29:47 | 000,010,276 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben September.ods [2012.08.31 20:56:55 | 000,014,887 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben August.ods [2012.08.31 11:13:46 | 000,017,101 | ---- | M] () -- C:\Users\Boludo\Desktop\Arztrechnungen.ods [2012.08.31 09:10:45 | 000,084,934 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.08.29 09:52:20 | 000,000,680 | ---- | M] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat [2012.08.28 07:12:54 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.08.15 07:34:58 | 000,352,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.09 19:37:33 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.09 19:37:33 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.09 19:37:33 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.09 19:37:33 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.06 20:36:48 | 000,000,699 | ---- | M] () -- C:\Windows\wiso.ini ========== Files Created - No Company Name ========== [2012.08.31 09:10:47 | 000,010,276 | ---- | C] () -- C:\Users\Boludo\Desktop\Ausgaben September.ods [2012.08.08 19:35:43 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.06.01 09:31:43 | 000,000,008 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat [2011.06.11 19:02:43 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe [2011.03.15 23:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.02.20 15:09:34 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.04 17:07:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010.11.05 20:03:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.18 18:29:23 | 000,000,680 | ---- | C] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat [2010.01.16 14:36:39 | 000,034,923 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\mdbu.bin [2009.11.22 17:43:57 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.11.22 17:40:22 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.22 00:41:26 | 000,018,432 | ---- | C] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2009.11.20 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer [2008.03.29 05:06:10 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Acer GameZone Console [2009.12.24 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\AnvSoft [2011.02.20 15:11:25 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Buhl Data Service [2009.12.29 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Canon [2009.12.01 19:49:49 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\FreeFLVConverter [2011.12.30 21:05:34 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\GMX [2010.05.26 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\IrfanView [2009.11.20 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Leadertech [2010.08.01 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\MusicBrainz [2012.02.11 22:02:35 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia [2010.05.09 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Ovi Suite [2012.02.12 10:06:05 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Nokia Suite [2009.11.21 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\OpenOffice.org [2012.03.02 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\PC Suite [2011.06.11 19:03:23 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\pics [2010.02.07 19:03:53 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\StreamTorrent [2009.11.20 09:35:43 | 000,000,000 | ---D | M] -- C:\Users\Boludo\AppData\Roaming\Validity [2012.09.02 07:50:48 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.09.2012 08:23:34 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,91% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 8,26 Gb Free Space | 7,41% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 3,42 Gb Free Space | 3,17% Space Free | Partition Type: NTFS
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AceBackup] -- "C:\Program Files\AceBIT\AceBackup 3\AceBackup.exe" -as "%1" (AceBIT)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}" = AceBackup 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9F70E36A-8C0F-4069-9C81-9708E46E6F5E}" = O&O PartitionManager Professional
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"DirSync" = DirSync 2.93
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Fotoservice" = Fotoservice
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GMX ProfiFax" = GMX ProfiFax
"GMX SMS-Manager" = GMX SMS-Manager
"GridVista" = Acer GridVista
"InstallShield_{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5.5
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"MyCamera" = Canon Utilities MyCamera
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Suite" = Nokia Suite
"NTI Open File Manager" = NTI Open File Manager
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"pdfsam" = pdfsam
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Saturn Fotoservice" = Saturn Fotoservice
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2012 15:23:57 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 15:27:55 | Computer Name = Boludo-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1460 Anfangszeit: 01cd8877cf1c1573 Zeitpunkt
der Beendigung: 202
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.09.2012 20:51:38 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.09.2012 20:51:39 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7218291
Error - 01.09.2012 20:51:39 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7218291
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17129222
Error - 02.09.2012 01:37:22 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17129222
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 05.04.2012 14:31:30 | Computer Name = Boludo-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 01.09.2012 15:23:58 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 01.09.2012 15:23:58 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 01.09.2012 15:30:08 | Computer Name = Boludo-PC | Source = DCOM | ID = 10010
Description =
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 01.09.2012 15:55:09 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 02.09.2012 01:51:45 | Computer Name = Boludo-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 02.09.2012 01:52:28 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7003
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-02 09:42:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: e1rvr27y.exe; Driver: C:\Users\Boludo\AppData\Local\Temp\pfriipog.sys
---- System - GMER 1.0.15 ----
SSDT 8CA61636 ZwCreateSection
SSDT 8CA61640 ZwRequestWaitReplyPort
SSDT 8CA6163B ZwSetContextThread
SSDT 8CA61645 ZwSetSecurityObject
SSDT 8CA6164A ZwSystemDebugControl
SSDT 8CA615D7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822E48D8 4 Bytes [36, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 822E4BFC 4 Bytes [40, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 822E4C30 4 Bytes [3B, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822E4C94 4 Bytes [45, 16, A6, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 822E4CDC 4 Bytes [4A, 16, A6, 8C]
.text ...
? System32\drivers\rxgqhbs.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E800340, 0x3D50E7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!GetWindowInfo 767F428E 5 Bytes JMP 626FF66F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4240] USER32.dll!SetMenuItemBitmaps + 71 768014EE 7 Bytes JMP 626FFCA8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] ntdll.dll!LdrLoadDll 77439378 5 Bytes JMP 625A6C40 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!HeapSetInformation + 26 771AA8C0 7 Bytes JMP 625AFE71 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!LockResource + C 771C6B0B 7 Bytes JMP 627E2D9C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] kernel32.dll!VirtualAllocEx + 54 771CAF70 7 Bytes JMP 627E2DBF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5396] GDI32.dll!SetStretchBltMode + 256 76B6745C 7 Bytes JMP 627E2D1D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateFile + 6 7747424A 4 Bytes [28, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateFile + B 7747424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateKey + 6 7747428A 4 Bytes [68, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateKey + B 7747428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateMutant + 6 774742BA 4 Bytes [28, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateMutant + B 774742BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateSection + 6 7747433A 4 Bytes [68, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtCreateSection + B 7747433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtMapViewOfSection + 6 7747499A 4 Bytes [A8, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtMapViewOfSection + B 7747499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenFile + 6 77474A2A 4 Bytes [68, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenFile + B 77474A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenKey + 6 77474A5A 4 Bytes [A8, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenKey + B 77474A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenMutant + B 77474A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + 6 77474AAA 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + 6 77474AAA 4 Bytes [28, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcess + B 77474AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + 6 77474ABA 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + 6 77474ABA 4 Bytes [68, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessToken + B 77474ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessTokenEx + 6 77474ACA 4 Bytes [28, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenProcessTokenEx + B 77474ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenSection + 6 77474ADA 4 Bytes [A8, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenSection + B 77474ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThread + B 77474B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadToken + 6 77474B2A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadToken + B 77474B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadTokenEx + 6 77474B3A 4 Bytes [68, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtOpenThreadTokenEx + B 77474B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryAttributesFile + 6 77474BCA 4 Bytes [A8, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryAttributesFile + B 77474BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtQueryFullAttributesFile + B 77474C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationFile + 6 7747515A 4 Bytes [28, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationFile + B 7747515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + 6 774751AA 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + 6 774751AA 4 Bytes [A8, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtSetInformationThread + B 774751AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ntdll.dll!NtUnmapViewOfSection + B 7747544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateProcessW 77181BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateProcessA 77181C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!OpenEventW 7719C033 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] kernel32.dll!CreateEventW 771CB87E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!DeleteObject 76B65A37 5 Bytes JMP 001801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetDeviceCaps 76B6617F 5 Bytes JMP 001803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectObject 76B662A0 5 Bytes JMP 001805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetTextColor 76B6666B 5 Bytes JMP 001809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetBkMode 76B66716 5 Bytes JMP 001808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!DeleteDC 76B668CD 5 Bytes JMP 00180170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetCurrentObject 76B66B58 5 Bytes JMP 00180370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetStretchBltMode 76B67206 5 Bytes JMP 00180670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SaveDC 76B675BA 5 Bytes JMP 00180570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!RestoreDC 76B67675 5 Bytes JMP 00180530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StretchDIBits 76B678CF 5 Bytes JMP 00180730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtSelectClipRgn 76B679F8 5 Bytes JMP 001802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectClipRgn 76B67AF9 5 Bytes JMP 001805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!MoveToEx 76B67C33 5 Bytes JMP 00180470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!Rectangle 76B67EA9 5 Bytes JMP 00180970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextAlign 76B682E0 5 Bytes JMP 00180D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetTextAlign 76B685CB 5 Bytes JMP 001809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtTextOutW 76B6872B 5 Bytes JMP 00180930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextMetricsW 76B68A81 5 Bytes JMP 00180DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!IntersectClipRect 76B68B64 5 Bytes JMP 001803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetClipBox 76B69071 5 Bytes JMP 00180330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetICMMode 76B694E7 5 Bytes JMP 00180D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateDCW 76B6A91D 5 Bytes JMP 001800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateDCA 76B6AA49 5 Bytes JMP 001800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateICW 76B6B2E9 5 Bytes JMP 00180130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextFaceW 76B6B637 5 Bytes JMP 00180CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetFontData 76B6BA6C 5 Bytes JMP 00180C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextExtentPoint32W 76B6C01A 5 Bytes JMP 00180630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetWorldTransform 76B6C46A 5 Bytes JMP 001806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!LineTo 76B6C65E 5 Bytes JMP 00180430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextMetricsA 76B6CCEB 5 Bytes JMP 00180DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtTextOutA 76B700A5 5 Bytes JMP 001808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ExtEscape 76B722A7 5 Bytes JMP 001802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!Escape 76B727F1 5 Bytes JMP 00180270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!ResetDCW 76B73132 5 Bytes JMP 00180A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndPage 76B7375E 5 Bytes JMP 00180230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetPolyFillMode 76B761D3 5 Bytes JMP 00180AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SetMiterLimit 76B762E2 5 Bytes JMP 00180B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetTextFaceA 76B7F4C5 5 Bytes JMP 00180CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!GetGlyphOutlineW 76B8A41F 5 Bytes JMP 00180C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CreateScalableFontResourceW 76B8C88B 5 Bytes JMP 00180B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!AddFontResourceW 76B8CC93 5 Bytes JMP 00180BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!RemoveFontResourceW 76B8D129 5 Bytes JMP 00180BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!AbortDoc 76B92CC4 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndDoc 76B930D8 5 Bytes JMP 001801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StartPage 76B931C3 5 Bytes JMP 001806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StartDocW 76B93CA7 5 Bytes JMP 001807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!BeginPath 76B94465 5 Bytes JMP 001807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!SelectClipPath 76B944BC 5 Bytes JMP 00180AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!CloseFigure 76B94517 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!EndPath 76B9456E 5 Bytes JMP 00180A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!StrokePath 76B947A0 5 Bytes JMP 00180770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!FillPath 76B9482C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!FillPath 76B9482C 5 Bytes JMP 00180830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolylineTo 76B94C95 5 Bytes JMP 001804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolyBezierTo 76B94D25 5 Bytes JMP 001804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] GDI32.dll!PolyDraw 76B94DD6 5 Bytes JMP 00180870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetCursor 767ED37D 5 Bytes JMP 00190530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatW 767ED6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatW 767ED6AC 5 Bytes JMP 001902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ActivateKeyboardLayout 767F478C 5 Bytes JMP 001904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!IsWindowVisible 767F878A 7 Bytes JMP 001906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MonitorFromWindow 767F88D4 4 Bytes JMP 00190630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MonitorFromWindow + 5 767F88D9 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ScreenToClient 767F8C56 7 Bytes JMP 00190670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClientRect 767F8F0D 7 Bytes JMP 001905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetParent 767F90AA 7 Bytes JMP 001906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!RegisterClipboardFormatA 767FA111 5 Bytes JMP 001902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!PostMessageW 767FA175 5 Bytes JMP 001905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!MapWindowPoints 767FA30D 5 Bytes JMP 00190570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardFormatNameA 767FA552 5 Bytes JMP 00190270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetOpenClipboardWindow 768026A6 5 Bytes JMP 001903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetClipboardViewer 7680BA2D 5 Bytes JMP 001904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!IsClipboardFormatAvailable 7680C2E3 5 Bytes JMP 001900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!CloseClipboard 7680C2F7 5 Bytes JMP 001900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!OpenClipboard 7680C31D 5 Bytes JMP 00190070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetTopWindow 7680CE0A 7 Bytes JMP 00190730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardSequenceNumber 7680D8B7 5 Bytes JMP 00190330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!ChangeClipboardChain 7680DF83 5 Bytes JMP 00190430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!CountClipboardFormats 76810048 5 Bytes JMP 001901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardOwner 768126EF 5 Bytes JMP 00190370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetClipboardData 76826410 5 Bytes JMP 00190170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!EnumClipboardFormats 76826D16 5 Bytes JMP 001901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!SetCursorPos 76826FB2 5 Bytes JMP 00190770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardData 7682715A 5 Bytes JMP 00190030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardFormatNameW 7682A99F 5 Bytes JMP 00190230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!EmptyClipboard 7684398B 5 Bytes JMP 00190130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetClipboardViewer 768439ED 5 Bytes JMP 00190470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] USER32.dll!GetPriorityClipboardFormat 76843AEF 5 Bytes JMP 001903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleGetClipboard 769274C9 5 Bytes JMP 001A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleSetClipboard 769511E3 5 Bytes JMP 001A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] ole32.dll!OleIsCurrentClipboard 7695A8F9 5 Bytes JMP 001A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!FreeContextBuffer 75962D83 5 Bytes JMP 002C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!DeleteSecurityContext 75962F18 5 Bytes JMP 002C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!FreeCredentialsHandle 75963598 5 Bytes JMP 002C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!EncryptMessage 75963745 5 Bytes JMP 002C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!DecryptMessage 75963813 5 Bytes JMP 002C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!InitializeSecurityContextA 759687DF 5 Bytes JMP 002C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!AcquireCredentialsHandleA 75968A43 5 Bytes JMP 002C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!QueryContextAttributesA 75968E77 5 Bytes JMP 002C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!ApplyControlToken 7596DE4F 5 Bytes JMP 002C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[5416] Secur32.dll!QueryCredentialsAttributesA 7596E052 5 Bytes JMP 002C00B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001f3aec4348
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001f3aec4348 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM02.00.00.01PRO D4A20DAD5868B6041F04324742A5C08A4AA057E0733C7E4C1DDFA45CC1C941D4674BF258D6B8800A9109D0A2DEC8CD5CDFEC54BDF821889B189644EF887B7147759D09E7C5D7030263D371F0AB431E839090CAB02DAF89AECE10BF7BBE58BC9CC5E410B933BB7857EF7015D65A9D3B06ED769747841FF8C2A53BEF16C06A24ECB3AD7E8AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34529DB7CE019D40AA5C80ABBC8B1D9C3EF8987473BA6BA15654E4CBE3AEE6BAB6D9675FC46044E9E6C0A7A78D5E861D47FEF8887DA770D2876F1307FC96BFE0E9027914C65B44C0D801B65E65853D6ACB60613C009E07C77824F6A3F658A2B0DACF04A8CFC0FE770B689C1D72939D8CDB8AA433B50D8329D48868B2B85A768EF32204C195140FD5C2C19E3BD7441CCA3CCF6E12CC054C60FE1A174C1E2AB7A852404D874078A7687DB9D10FAAF53C326667B9826A3FDD9A0CB6830BF875F6EB4A5186A5EC370D7E68632577F4299A16856C57B1A316C4C9C6A1848C0B92580BE0E02A4CAD3D98ADE832D5D3350565887A5B6CD10408A7A5AB0343740D77937F5260862C869B37CC1701F8885D53DCE4DA9871998AB7BB28ECE5BCE82CC175028B24408070076BF8BB0C76FE528159C6EDE834C02BE
---- EOF - GMER 1.0.15 ----
Bin ich den Plagegeist nun los oder soll ich noch weitere Scans durchführen? Ach so: Der normale Windows-Modus funktioniert scheinbar einwandfrei und leere Ordner sind im Startmenü nicht vorhanden, vermisst wird auch nichts. Vielen Dank vorab & Gruß Boludo Geändert von Boludo (02.09.2012 um 08:58 Uhr) Grund: Ergänzung |
|
03.09.2012, 12:49
| #2 | |
| /// Selecta Jahrusso   | Live Security Platinum 3.6.1 Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
03.09.2012, 16:00
| #3 |
| | Live Security Platinum 3.6.1 Hallo Daniel,
__________________gesagt getan! Anbei das Logfile: Code:
ATTFilter ComboFix 12-09-03.06 - Boludo 03.09.2012 16:31:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1866 [GMT 2:00]
ausgeführt von:: c:\users\Boludo\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-03 bis 2012-09-03 ))))))))))))))))))))))))))))))
.
.
2012-09-03 14:45 . 2012-09-03 14:50 -------- d-----w- c:\users\Boludo\AppData\Local\temp
2012-09-03 14:45 . 2012-09-03 14:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-03 14:45 . 2012-09-03 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 14:45 . 2012-09-03 14:45 -------- d-----w- c:\users\Catja Mobil\AppData\Local\temp
2012-09-01 03:56 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED14920F-8513-4F40-BB4E-E1331C422AC2}\mpengine.dll
2012-08-30 09:24 . 2012-08-30 09:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-15 05:05 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-14 18:57 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:11 . 2012-06-07 05:30 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:11 . 2011-05-24 04:45 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-06-02 09:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-15 05:13 . 2012-06-15 05:13 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-15 05:13 . 2010-06-15 05:53 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 04:54 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 04:54 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-30 09:24 . 2012-06-17 05:59 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2009-09-22 33024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-29 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-03 16:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3828)
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-03 16:55:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-03 14:55
.
Vor Suchlauf: 8.961.388.544 Bytes frei
Nach Suchlauf: 9.626.333.184 Bytes frei
.
- - End Of File - - 7107B1425AFDB8F3DE329B5CF22263C4
Micha |
|
03.09.2012, 16:17
| #4 |
| /// Selecta Jahrusso | Live Security Platinum 3.6.1 Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die  + R Taste --> Notepad (hinein schreiben) --> OKKopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
FireFox::
FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
ClearJavaCache::
Wichtig:
Downloade dir bitte Farbar's Service Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.09.2012, 17:30
| #5 |
| | Live Security Platinum 3.6.1 Combo Fix: Code:
ATTFilter ComboFix 12-09-03.06 - Boludo 03.09.2012 17:38:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1955 [GMT 2:00]
ausgeführt von:: c:\users\Boludo\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Boludo\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-03 bis 2012-09-03 ))))))))))))))))))))))))))))))
.
.
2012-09-03 16:06 . 2012-09-03 16:10 -------- d-----w- c:\users\Boludo\AppData\Local\temp
2012-09-03 16:06 . 2012-09-03 16:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-03 16:06 . 2012-09-03 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 16:06 . 2012-09-03 16:06 -------- d-----w- c:\users\Catja Mobil\AppData\Local\temp
2012-09-01 03:56 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED14920F-8513-4F40-BB4E-E1331C422AC2}\mpengine.dll
2012-08-30 09:24 . 2012-08-30 09:24 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-15 05:05 . 2012-06-29 00:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-14 18:57 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 19:11 . 2012-06-07 05:30 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-01 19:11 . 2011-05-24 04:45 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-06-02 09:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-15 05:13 . 2012-06-15 05:13 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-15 05:13 . 2010-06-15 05:53 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 04:54 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 04:54 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-30 09:24 . 2012-06-17 05:59 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-07 13527584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-07 92704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2009-09-22 33024]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-8-29 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\
FF - prefs.js: browser.search.selectedEngine -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-03 18:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2112)
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-03 18:15:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-03 16:14
ComboFix2.txt 2012-09-03 14:55
.
Vor Suchlauf: 9.659.248.640 Bytes frei
Nach Suchlauf: 9.627.549.696 Bytes frei
.
- - End Of File - - D5BB24BDB16C7FF72360ABB23EE54408
Code:
ATTFilter Farbar Service Scanner Version: 06-08-2012
Ran by Boludo (administrator) on 03-09-2012 at 18:27:40
Running from "C:\Users\Boludo\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: ".".
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Micha |
|
03.09.2012, 17:59
| #6 |
| /// Selecta Jahrusso | Live Security Platinum 3.6.1 Downloade dir bitte ServiceRepair.exe auf deinem Desktop. Doppelklick auf die Datei und bestätige die ersten Nachricht mit Yes. Das Tool wird einen Neustart verlangen, dies bitte zulassen. Starte bitte FSS.exe erneut und klicke auf den Scan Button. Poste die FSS.txt bitte hier und berichte, wie der Rechner läuft.
__________________ --> Live Security Platinum 3.6.1 |
|
03.09.2012, 18:34
| #7 |
| | Live Security Platinum 3.6.1 FSS Log: Code:
ATTFilter Farbar Service Scanner Version: 06-08-2012
Ran by Boludo (administrator) on 03-09-2012 at 19:32:23
Running from "C:\Users\Boludo\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Gruß Micha |
|
03.09.2012, 18:59
| #8 |
| /// Selecta Jahrusso | Live Security Platinum 3.6.1 Sieht alles ganz gut aus  ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
04.09.2012, 05:09
| #9 |
| | Live Security Platinum 3.6.1 3 Funde  Code:
ATTFilter C:\$RECYCLE.BIN\S-1-5-21-2555909198-2805718332-2460936450-1000\$RZEDW1Q.exe a variant of Win32/InstallCore.AN application
C:\Users\Boludo\AppData\Local\temp\ICReinstall_DownloadManagerSetup.exe a variant of Win32/InstallCore.AN application
C:\Users\Boludo\AppData\Local\temp\is357113909\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe probably a variant of Win32/Adware.HLQFYSH application
Micha |
|
04.09.2012, 12:50
| #10 |
| /// Selecta Jahrusso | Live Security Platinum 3.6.1 Die Funde sind garnichts.
Code:
ATTFilter :commands
[emptytemp]
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
04.09.2012, 13:20
| #11 | |
| | Live Security Platinum 3.6.1Zitat:
Gruß Micha |
|
04.09.2012, 18:11
| #12 |
| /// Selecta Jahrusso | Live Security Platinum 3.6.1 Danke für den Hinweis. Ja
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
04.09.2012, 19:03
| #13 |
| | Live Security Platinum 3.6.1 OTL Fix Log: Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Boludo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24155794 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65860081 bytes
->Flash cache emptied: 506 bytes
User: Catja Mobil
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7288 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 86,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09042012_140005
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 04.09.2012 19:41:47 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Boludo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,36% Memory free 6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 8,27 Gb Free Space | 7,42% Space Free | Partition Type: NTFS Drive D: | 107,90 Gb Total Space | 3,33 Gb Free Space | 3,09% Space Free | Partition Type: NTFS Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.03 18:26:20 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Boludo\AppData\Local\Temp\RtkBtMnt.exe PRC - [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe PRC - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.04.22 09:58:48 | 000,724,536 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2012.04.19 08:57:16 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2012.04.19 08:57:16 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.03.13 11:24:20 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.01.31 18:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.11 08:46:14 | 000,121,344 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2007.10.11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 06:57:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.14 06:47:10 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 06:46:52 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.24 18:06:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.24 18:01:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.24 17:57:36 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.24 17:57:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.04.13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2012.04.13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.09.23 15:58:24 | 000,008,960 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.03.29 04:48:02 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.03.29 04:48:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.03.29 04:48:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2012.08.30 11:24:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.22 10:05:38 | 000,474,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2009.11.20 23:23:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.11.01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.09.08 20:42:26 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4) DRV - [2009.08.05 07:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.07 19:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.15 10:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.7 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 11:24:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.04 19:39:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.11 21:59:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Boludo\AppData\Roaming\12011 [2009.11.20 12:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Extensions [2012.08.27 08:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions [2012.08.27 08:37:16 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Boludo\AppData\Roaming\mozilla\Firefox\Profiles\lb90ov9f.default\extensions\maps@ovi.com [2012.06.14 20:25:50 | 000,000,925 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\conduit.xml [2011.07.31 18:52:02 | 000,005,310 | ---- | M] () -- C:\Users\Boludo\AppData\Roaming\Mozilla\Firefox\Profiles\lb90ov9f.default\searchplugins\footiefox.xml [2012.09.04 14:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.26 19:21:38 | 000,222,562 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI [2012.05.23 19:03:31 | 000,355,956 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\{9FB7D178-155A-4318-9173-1A8EAAEA7FE4}.XPI [2012.02.07 18:29:57 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\BOLUDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LB90OV9F.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI [2009.11.20 12:27:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.08.30 11:24:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 11:24:25 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.03 18:09:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8621F01D-1B82-4981-BC90-637664DB07CE}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Boludo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.04 19:25:43 | 000,000,000 | R--D | C] -- C:\Users\Boludo\Documents [2012.09.04 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.04 14:10:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.04 14:10:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.04 14:10:22 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.04 14:10:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.04 14:05:11 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Users\Boludo\Desktop\jxpiinstall.exe [2012.09.04 14:00:05 | 000,000,000 | ---D | C] -- C:\_OTL [2012.09.03 20:12:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Boludo\Desktop\esetsmartinstaller_enu.exe [2012.09.03 19:27:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support [2012.09.03 18:24:56 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.09.03 18:23:14 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Boludo\Desktop\FSS.exe [2012.09.03 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\Boludo\AppData\Local\temp [2012.09.03 18:10:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.09.03 17:33:05 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.09.03 17:28:54 | 004,743,334 | R--- | C] (Swearware) -- C:\Users\Boludo\Desktop\ComboFix.exe [2012.09.03 16:27:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.03 16:27:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.03 16:27:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.03 16:19:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.02 07:57:08 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe [2012.08.15 07:05:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.15 07:04:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.15 07:04:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.15 07:04:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.15 07:04:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.15 07:04:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.15 07:04:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.15 07:04:18 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2012.09.04 19:39:15 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.04 19:23:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.04 16:17:50 | 000,141,505 | ---- | M] () -- C:\Users\Boludo\Desktop\Kitaplatz_Interessentenbogen_Caven.pdf [2012.09.04 16:14:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 16:14:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 14:14:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.09.04 14:14:01 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.09.04 14:13:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.04 14:09:14 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.04 14:09:12 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2012.09.04 14:09:12 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.09.04 14:09:12 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.04 14:09:12 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.04 14:09:12 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.04 14:05:13 | 000,894,952 | ---- | M] (Oracle Corporation) -- C:\Users\Boludo\Desktop\jxpiinstall.exe [2012.09.04 13:16:34 | 000,013,915 | ---- | M] () -- D:\Daten\Ausgaben September.ods [2012.09.04 13:05:43 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.04 13:05:43 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.04 13:05:43 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.04 13:05:43 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.03 20:12:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Boludo\Desktop\esetsmartinstaller_enu.exe [2012.09.03 19:21:45 | 004,009,167 | ---- | M] () -- C:\Users\Boludo\Desktop\ServicesRepair.exe [2012.09.03 18:23:14 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Boludo\Desktop\FSS.exe [2012.09.03 18:09:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.03 17:29:10 | 004,743,334 | R--- | M] (Swearware) -- C:\Users\Boludo\Desktop\ComboFix.exe [2012.09.03 11:54:42 | 003,742,512 | ---- | M] () -- C:\Users\Boludo\Desktop\016.jpg [2012.09.03 11:53:50 | 003,683,039 | ---- | M] () -- C:\Users\Boludo\Desktop\019.jpg [2012.09.03 11:26:29 | 003,706,648 | ---- | M] () -- C:\Users\Boludo\Desktop\011.jpg [2012.09.03 11:25:26 | 003,590,641 | ---- | M] () -- C:\Users\Boludo\Desktop\010.jpg [2012.09.03 11:24:35 | 003,557,781 | ---- | M] () -- C:\Users\Boludo\Desktop\008.jpg [2012.09.03 11:23:32 | 003,656,740 | ---- | M] () -- C:\Users\Boludo\Desktop\009.jpg [2012.09.03 11:21:32 | 003,955,620 | ---- | M] () -- C:\Users\Boludo\Desktop\014.jpg [2012.09.03 11:20:22 | 003,887,138 | ---- | M] () -- C:\Users\Boludo\Desktop\015.jpg [2012.09.02 19:51:01 | 000,000,555 | ---- | M] () -- C:\Users\Boludo\Desktop\Ausgaben September - Verknüpfung.lnk [2012.09.02 19:50:34 | 000,000,469 | ---- | M] () -- C:\Users\Boludo\Desktop\Arztrechnungen - Verknüpfung.lnk [2012.09.02 08:53:17 | 000,302,592 | ---- | M] () -- C:\Users\Boludo\Desktop\e1rvr27y.exe [2012.09.02 08:50:19 | 000,084,934 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.02 07:57:11 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Boludo\Desktop\OTL.exe [2012.09.01 21:52:08 | 000,018,432 | ---- | M] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.01 21:11:56 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.09.01 21:11:56 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.31 20:56:55 | 000,014,887 | ---- | M] () -- D:\Daten\Ausgaben August.ods [2012.08.31 11:13:46 | 000,017,101 | ---- | M] () -- D:\Daten\Arztrechnungen.ods [2012.08.29 09:52:20 | 000,000,680 | ---- | M] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat [2012.08.28 07:12:54 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.08.15 07:34:58 | 000,352,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.06 20:36:48 | 000,000,699 | ---- | M] () -- C:\Windows\wiso.ini ========== Files Created - No Company Name ========== [2012.09.04 19:39:15 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.04 19:39:15 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.09.04 16:17:50 | 000,141,505 | ---- | C] () -- C:\Users\Boludo\Desktop\Kitaplatz_Interessentenbogen_Caven.pdf [2012.09.03 19:21:40 | 004,009,167 | ---- | C] () -- C:\Users\Boludo\Desktop\ServicesRepair.exe [2012.09.03 16:27:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.03 16:27:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.03 16:27:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.03 16:27:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.03 16:27:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.03 11:54:36 | 003,742,512 | ---- | C] () -- C:\Users\Boludo\Desktop\016.jpg [2012.09.03 11:53:45 | 003,683,039 | ---- | C] () -- C:\Users\Boludo\Desktop\019.jpg [2012.09.03 11:26:24 | 003,706,648 | ---- | C] () -- C:\Users\Boludo\Desktop\011.jpg [2012.09.03 11:25:21 | 003,590,641 | ---- | C] () -- C:\Users\Boludo\Desktop\010.jpg [2012.09.03 11:24:30 | 003,557,781 | ---- | C] () -- C:\Users\Boludo\Desktop\008.jpg [2012.09.03 11:23:27 | 003,656,740 | ---- | C] () -- C:\Users\Boludo\Desktop\009.jpg [2012.09.03 11:21:27 | 003,955,620 | ---- | C] () -- C:\Users\Boludo\Desktop\014.jpg [2012.09.03 11:20:16 | 003,887,138 | ---- | C] () -- C:\Users\Boludo\Desktop\015.jpg [2012.09.02 19:50:34 | 000,000,469 | ---- | C] () -- C:\Users\Boludo\Desktop\Arztrechnungen - Verknüpfung.lnk [2012.09.02 19:50:24 | 000,000,555 | ---- | C] () -- C:\Users\Boludo\Desktop\Ausgaben September - Verknüpfung.lnk [2012.09.02 08:53:17 | 000,302,592 | ---- | C] () -- C:\Users\Boludo\Desktop\e1rvr27y.exe [2012.08.31 09:10:47 | 000,013,915 | ---- | C] () -- D:\Daten\Ausgaben September.ods [2012.08.08 19:35:43 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog [2012.06.01 09:31:43 | 000,000,008 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\urhtps.dat [2011.06.11 19:02:43 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe [2011.03.15 23:41:32 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.02.20 15:09:34 | 000,000,699 | ---- | C] () -- C:\Windows\wiso.ini [2011.01.04 17:07:44 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2010.11.05 20:03:33 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.18 18:29:23 | 000,000,680 | ---- | C] () -- C:\Users\Boludo\AppData\Local\d3d9caps.dat [2010.01.16 14:36:39 | 000,034,923 | ---- | C] () -- C:\Users\Boludo\AppData\Roaming\mdbu.bin [2009.11.22 17:43:57 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.11.22 17:40:22 | 000,084,934 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.22 00:41:26 | 000,018,432 | ---- | C] () -- C:\Users\Boludo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.09.2012 19:41:47 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Boludo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,36% Memory free
6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 8,27 Gb Free Space | 7,42% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 3,33 Gb Free Space | 3,09% Space Free | Partition Type: NTFS
Computer Name: BOLUDO-PC | User Name: Boludo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AceBackup] -- "C:\Program Files\AceBIT\AceBackup 3\AceBackup.exe" -as "%1" (AceBIT)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}" = AceBackup 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9F70E36A-8C0F-4069-9C81-9708E46E6F5E}" = O&O PartitionManager Professional
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren)
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"DirSync" = DirSync 2.93
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Fotoservice" = Fotoservice
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GMX ProfiFax" = GMX ProfiFax
"GMX SMS-Manager" = GMX SMS-Manager
"GridVista" = Acer GridVista
"InstallShield_{B5577A8D-500A-4972-ADC4-E813C94FC510}" = NTI Backup Now 5.5
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MusicBrainz Picard" = MusicBrainz Picard
"MyCamera" = Canon Utilities MyCamera
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Suite" = Nokia Suite
"NTI Open File Manager" = NTI Open File Manager
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"pdfsam" = pdfsam
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Saturn Fotoservice" = Saturn Fotoservice
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.09.2012 10:34:15 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.09.2012 10:34:15 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 52869
Error - 04.09.2012 10:34:15 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 52869
Error - 04.09.2012 10:34:22 | Computer Name = Boludo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x15b8,
Anwendungsstartzeit 01cd8aaa5fc761a0.
Error - 04.09.2012 13:23:56 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.09.2012 13:23:56 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9515234
Error - 04.09.2012 13:23:56 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9515234
Error - 04.09.2012 13:24:05 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.09.2012 13:24:05 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9523799
Error - 04.09.2012 13:24:05 | Computer Name = Boludo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9523799
[ Media Center Events ]
Error - 05.04.2012 14:31:30 | Computer Name = Boludo-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 04.09.2012 08:00:06 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 04.09.2012 08:01:43 | Computer Name = Boludo-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 04.09.2012 08:02:21 | Computer Name = Boludo-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{8621F01D-1B82-4981-BC90-637664DB07CE} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 04.09.2012 08:14:01 | Computer Name = Boludo-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = DCOM | ID = 10005
Description =
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = DCOM | ID = 10005
Description =
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 04.09.2012 13:25:44 | Computer Name = Boludo-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Micha |
|
04.09.2012, 21:44
| #14 |
| /// Selecta Jahrusso | Live Security Platinum 3.6.1 Nabend. Noch Probleme ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
05.09.2012, 07:50
| #15 |
| | Live Security Platinum 3.6.1 Moin! Nein! (Also zumindest nicht mit dem Rechner) Aber eine Frage: Sollte ich mir wegen des auf c: liegenden ordners $recycle.bin Sorgen machen? Im Windows Explorer wird mir der Ordner als leer angezeigt, wenn ich mir allerdings die Eigenschaften anzeigen lasse, steht dort Inhalt 1 Datei mit einer Ordnergröße von 129 Bytes bzw 4.096 Bytes auf dem Datenträger. Hat dies überhaupt mit dem Befall zu tun? Dank und Gruß Micha |
|
| Themen zu Live Security Platinum 3.6.1 |
| 7-zip, ad-aware, antivir, autorun, avira, bho, bonjour, cursor, desktop, error, fastprox.dll, firefox, flash player, getwindowinfo, helper, home, iexplore.exe, installation, launch, mozilla, mp3, nodrives, ntdll.dll, plug-in, popup, realtek, recycle.bin, registry, rundll, security, software, system, vista |
Textbox.
Linear-Darstellung
