| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/JS.Expaxk.BAWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.11.2012, 09:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  EXP/JS.Expaxk.BA Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.12.2012, 12:43
| #17 |
 | EXP/JS.Expaxk.BA sorry das ich paar tage nicht dazu kam am laptop die programme laufen zu lassen.
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-05 12:39:30
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O
Running: 7vy8vfr5.exe; Driver: C:\Users\Jacky\AppData\Local\Temp\fxriqpoc.sys
---- System - GMER 1.0.15 ----
SSDT 901E9166 ZwCreateSection
SSDT 901E9170 ZwRequestWaitReplyPort
SSDT 901E916B ZwSetContextThread
SSDT 901E9175 ZwSetSecurityObject
SSDT 901E917A ZwSystemDebugControl
SSDT 901E9107 ZwTerminateProcess
INT 0x62 ? 87654E88
INT 0x72 ? 87654E88
INT 0x82 ? 85D23BF8
INT 0x82 ? 87654E88
INT 0x82 ? 87654E88
INT 0x82 ? 87654E88
INT 0x82 ? 85D23BF8
INT 0x92 ? 8538EF00
INT 0x92 ? 8538EF00
INT 0x92 ? 8538EF00
INT 0x92 ? 87654E88
INT 0x92 ? 8538EF00
INT 0x92 ? 8538EF00
INT 0xB2 ? 87654E88
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 82ABD8D8 4 Bytes [66, 91, 1E, 90] {XCHG CX, AX; PUSH DS; NOP }
.text ntkrnlpa.exe!KeSetEvent + 539 82ABDBFC 4 Bytes [70, 91, 1E, 90] {JO 0xffffffffffffff93; PUSH DS; NOP }
.text ntkrnlpa.exe!KeSetEvent + 56D 82ABDC30 4 Bytes [6B, 91, 1E, 90]
.text ntkrnlpa.exe!KeSetEvent + 5D1 82ABDC94 4 Bytes [75, 91, 1E, 90] {JNZ 0xffffffffffffff93; PUSH DS; NOP }
.text ntkrnlpa.exe!KeSetEvent + 619 82ABDCDC 4 Bytes [7A, 91, 1E, 90] {JP 0xffffffffffffff93; PUSH DS; NOP }
.text ...
? System32\Drivers\spzu.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E806340, 0x3EB347, 0xE8000020]
.text USBPORT.SYS!DllUnload 8E72E41B 5 Bytes JMP 87654468
.text argnu0tk.SYS 8F809000 22 Bytes [82, 23, DD, 82, 6C, 22, DD, ...]
.text argnu0tk.SYS 8F809017 145 Bytes [00, 32, F7, 78, 80, 3D, F5, ...]
.text argnu0tk.SYS 8F8090A9 35 Bytes [72, A5, 82, A0, 69, A5, 82, ...]
.text argnu0tk.SYS 8F8090CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text argnu0tk.SYS 8F8090DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA0C79300, 0x3AF78, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA0CC3300, 0x1BCE, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in "" section [0x907F841C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0x907F9000, 0x1000, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateFile + 6 7740424A 4 Bytes [28, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateFile + B 7740424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateKey + 6 7740428A 4 Bytes [68, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateKey + B 7740428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateMutant + 6 774042BA 4 Bytes [28, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateMutant + B 774042BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateSection + 6 7740433A 4 Bytes [68, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtCreateSection + B 7740433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtMapViewOfSection + 6 7740499A 4 Bytes [A8, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtMapViewOfSection + B 7740499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenFile + 6 77404A2A 4 Bytes [68, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenFile + B 77404A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenKey + 6 77404A5A 4 Bytes [A8, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenKey + B 77404A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenMutant + 6 77404A7A 4 Bytes CALL 76406080 C:\Windows\system32\RPCRT4.dll (Remoteprozeduraufruf-Laufzeitumgebung/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenMutant + B 77404A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcess + 6 77404AAA 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcess + 6 77404AAA 4 Bytes [28, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcess + B 77404AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcessToken + 6 77404ABA 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcessToken + 6 77404ABA 4 Bytes [68, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcessToken + B 77404ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcessTokenEx + 6 77404ACA 4 Bytes [28, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenProcessTokenEx + B 77404ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenSection + 6 77404ADA 4 Bytes [A8, 02, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenSection + B 77404ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenThread + 6 77404B1A 4 Bytes CALL 76406121 C:\Windows\system32\RPCRT4.dll (Remoteprozeduraufruf-Laufzeitumgebung/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenThread + B 77404B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenThreadToken + 6 77404B2A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenThreadToken + 6 77404B2A 4 Bytes CALL 76406132 C:\Windows\system32\RPCRT4.dll (Remoteprozeduraufruf-Laufzeitumgebung/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenThreadToken + B 77404B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenThreadTokenEx + 6 77404B3A 4 Bytes [68, 04, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtOpenThreadTokenEx + B 77404B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtQueryAttributesFile + 6 77404BCA 4 Bytes [A8, 00, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtQueryAttributesFile + B 77404BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtQueryFullAttributesFile + 6 77404C7A 4 Bytes CALL 7640627F C:\Windows\system32\RPCRT4.dll (Remoteprozeduraufruf-Laufzeitumgebung/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtQueryFullAttributesFile + B 77404C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtSetInformationFile + 6 7740515A 4 Bytes [28, 01, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtSetInformationFile + B 7740515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtSetInformationThread + 6 774051AA 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtSetInformationThread + 6 774051AA 4 Bytes [A8, 03, 16, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtSetInformationThread + B 774051AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtUnmapViewOfSection + 6 7740544A 4 Bytes CALL 76406A53 C:\Windows\system32\RPCRT4.dll (Remoteprozeduraufruf-Laufzeitumgebung/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ntdll.dll!NtUnmapViewOfSection + B 7740544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] kernel32.dll!CreateProcessW 75DA1BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] kernel32.dll!CreateProcessA 75DA1C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] kernel32.dll!OpenEventW 75DBC033 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] kernel32.dll!CreateEventW 75DEB87E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!DeleteObject 75A65A37 5 Bytes JMP 001801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetDeviceCaps 75A6617F 5 Bytes JMP 001803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SelectObject 75A662A0 5 Bytes JMP 001805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetTextColor 75A6666B 5 Bytes JMP 00180A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetBkMode 75A66716 5 Bytes JMP 001808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!DeleteDC 75A668CD 5 Bytes JMP 00180170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetCurrentObject 75A66B58 5 Bytes JMP 00180370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetStretchBltMode 75A67206 5 Bytes JMP 001806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SaveDC 75A675BA 5 Bytes JMP 00180570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!RestoreDC 75A67675 5 Bytes JMP 00180530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!StretchDIBits 75A678CF 5 Bytes JMP 00180770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!ExtSelectClipRgn 75A679F8 5 Bytes JMP 001802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SelectClipRgn 75A67AF9 5 Bytes JMP 001805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!MoveToEx 75A67C33 5 Bytes JMP 00180470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!Rectangle 75A67EA9 5 Bytes JMP 001809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetTextAlign 75A682E0 5 Bytes JMP 00180D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetTextAlign 75A685CB 5 Bytes JMP 001809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!ExtTextOutW 75A6872B 5 Bytes JMP 00180970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetTextMetricsW 75A68A81 5 Bytes JMP 00180E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!IntersectClipRect 75A68B64 5 Bytes JMP 001803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetClipBox 75A69071 5 Bytes JMP 00180330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetICMMode 75A694E7 5 Bytes JMP 00180DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!CreateDCW 75A6A91D 5 Bytes JMP 001800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!CreateDCA 75A6AA49 5 Bytes JMP 001800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!CreateICW 75A6B2E9 5 Bytes JMP 00180130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetTextFaceW 75A6B637 5 Bytes JMP 00180D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetFontData 75A6BA6C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetFontData 75A6BA6C 5 Bytes JMP 00180C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetTextExtentPoint32W 75A6C01A 5 Bytes JMP 00180670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetWorldTransform 75A6C46A 5 Bytes JMP 001806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!LineTo 75A6C65E 5 Bytes JMP 00180430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetTextMetricsA 75A6CCEB 5 Bytes JMP 00180DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!ExtTextOutA 75A700A5 5 Bytes JMP 00180930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetTextExtentPoint32A 75A70E58 5 Bytes JMP 00180630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!ExtEscape 75A722A7 5 Bytes JMP 001802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!Escape 75A727F1 5 Bytes JMP 00180270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!ResetDCW 75A73132 5 Bytes JMP 00180AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!EndPage 75A7375E 5 Bytes JMP 00180230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetPolyFillMode 75A761D3 5 Bytes JMP 00180B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SetMiterLimit 75A762E2 5 Bytes JMP 00180B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetTextFaceA 75A7F4C5 5 Bytes JMP 00180CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!GetGlyphOutlineW 75A8A41F 5 Bytes JMP 00180CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!CreateScalableFontResourceW 75A8C88B 5 Bytes JMP 00180BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!AddFontResourceW 75A8CC93 5 Bytes JMP 00180BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!RemoveFontResourceW 75A8D129 5 Bytes JMP 00180C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!AbortDoc 75A92CC4 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!EndDoc 75A930D8 5 Bytes JMP 001801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!StartPage 75A931C3 5 Bytes JMP 00180730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!StartDocW 75A93CA7 5 Bytes JMP 001807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!BeginPath 75A94465 5 Bytes JMP 00180830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!SelectClipPath 75A944BC 5 Bytes JMP 00180AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!CloseFigure 75A94517 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!EndPath 75A9456E 5 Bytes JMP 00180A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!StrokePath 75A947A0 5 Bytes JMP 001807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!FillPath 75A9482C 5 Bytes JMP 00180870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!PolylineTo 75A94C95 5 Bytes JMP 001804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!PolyBezierTo 75A94D25 5 Bytes JMP 001804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] GDI32.dll!PolyDraw 75A94DD6 5 Bytes JMP 001808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!SetCursor 75EBD37D 5 Bytes JMP 00190530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!RegisterClipboardFormatW 75EBD6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!RegisterClipboardFormatW 75EBD6AC 5 Bytes JMP 001902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!ActivateKeyboardLayout 75EC478C 5 Bytes JMP 001904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!IsWindowVisible 75EC878A 7 Bytes JMP 001906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!MonitorFromWindow 75EC88D4 7 Bytes JMP 00190630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!ScreenToClient 75EC8C56 7 Bytes JMP 00190670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetClientRect 75EC8F0D 7 Bytes JMP 001905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetParent 75EC90AA 7 Bytes JMP 001906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!RegisterClipboardFormatA 75ECA111 5 Bytes JMP 001902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!PostMessageW 75ECA175 5 Bytes JMP 001905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!MapWindowPoints 75ECA30D 5 Bytes JMP 00190570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetClipboardFormatNameA 75ECA552 5 Bytes JMP 00190270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetOpenClipboardWindow 75ED26A6 5 Bytes JMP 001903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!SetClipboardViewer 75EDBA2D 5 Bytes JMP 001904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!IsClipboardFormatAvailable 75EDC2E3 5 Bytes JMP 001900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!CloseClipboard 75EDC2F7 5 Bytes JMP 001900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!OpenClipboard 75EDC31D 5 Bytes JMP 00190070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetTopWindow 75EDCE0A 7 Bytes JMP 00190730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetClipboardSequenceNumber 75EDD8B7 5 Bytes JMP 00190330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!ChangeClipboardChain 75EDDF83 5 Bytes JMP 00190430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!CountClipboardFormats 75EE0048 5 Bytes JMP 001901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetClipboardOwner 75EE26EF 5 Bytes JMP 00190370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!SetClipboardData 75EF6410 5 Bytes JMP 00190170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!EnumClipboardFormats 75EF6D16 5 Bytes JMP 001901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!SetCursorPos 75EF6FB2 5 Bytes JMP 00190770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetClipboardData 75EF715A 5 Bytes JMP 00190030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetClipboardFormatNameW 75EFA99F 5 Bytes JMP 00190230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!EmptyClipboard 75F1398B 5 Bytes JMP 00190130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetClipboardViewer 75F139ED 5 Bytes JMP 00190470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] USER32.dll!GetPriorityClipboardFormat 75F13AEF 5 Bytes JMP 001903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ole32.dll!OleGetClipboard 75CC74C9 5 Bytes JMP 001A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ole32.dll!OleSetClipboard 75CF11E3 5 Bytes JMP 001A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] ole32.dll!OleIsCurrentClipboard 75CFA8F9 5 Bytes JMP 001A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!FreeContextBuffer 758F2D83 5 Bytes JMP 001C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!DeleteSecurityContext 758F2F18 5 Bytes JMP 001C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!FreeCredentialsHandle 758F3598 5 Bytes JMP 001C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!EncryptMessage 758F3745 5 Bytes JMP 001C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!DecryptMessage 758F3813 5 Bytes JMP 001C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!InitializeSecurityContextA 758F87DF 5 Bytes JMP 001C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!AcquireCredentialsHandleA 758F8A43 5 Bytes JMP 001C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!QueryContextAttributesA 758F8E77 5 Bytes JMP 001C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!ApplyControlToken 758FDE4F 5 Bytes JMP 001C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] Secur32.dll!QueryCredentialsAttributesA 758FE052 5 Bytes JMP 001C00B0
.text C:\Windows\Explorer.EXE[3076] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 765DB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!InSendMessageEx + 4C9 75EBE7C8 7 Bytes JMP 67DFAAB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!CreateWindowExW + AA 75EC13AF 7 Bytes JMP 67DFAA3F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!GetWindowInfo 75EC428E 5 Bytes JMP 67C44559 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3416] USER32.dll!SetMenuItemBitmaps + 71 75ED14EE 7 Bytes JMP 67C44BB1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3444] ntdll.dll!LdrLoadDll 773C9378 5 Bytes JMP 67AE5B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3444] kernel32.dll!HeapSetInformation + 26 75DCA8C0 7 Bytes JMP 67AEEF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3444] kernel32.dll!LockResource + C 75DE6B0B 7 Bytes JMP 67D27B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3444] kernel32.dll!VirtualAllocEx + 54 75DEAF70 7 Bytes JMP 67D27B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3444] GDI32.dll!SetStretchBltMode + 256 75A6745C 7 Bytes JMP 67D27AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806856D6] \SystemRoot\System32\Drivers\spzu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80685042] \SystemRoot\System32\Drivers\spzu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80685800] \SystemRoot\System32\Drivers\spzu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806850C0] \SystemRoot\System32\Drivers\spzu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068513E] \SystemRoot\System32\Drivers\spzu.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80694E9C] \SystemRoot\System32\Drivers\spzu.sys
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortWritePortUchar] 838F82EF
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8F82C0
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\argnu0tk.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetKeyState] 001907D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 001907D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010110
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00190790
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe[2640] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001907D0
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C8B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73C773F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73CCCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3444] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [08AB2B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3444] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [08AB11D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3444] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [08AB27E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3444] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [08AB1B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85D261F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 853911F8
Device \Driver\usbuhci \Device\USBPDO-0 8754F1F8
Device \Driver\usbuhci \Device\USBPDO-1 8754F1F8
Device \Driver\usbuhci \Device\USBPDO-2 8754F1F8
Device \Driver\usbehci \Device\USBPDO-3 8766D1F8
Device \Driver\sptd \Device\3709736379 spzu.sys
Device \Driver\usbuhci \Device\USBPDO-4 8754F1F8
Device \Driver\PCI_PNP8366 \Device\00000061 spzu.sys
Device \Driver\usbuhci \Device\USBPDO-5 8754F1F8
Device \Driver\usbuhci \Device\USBPDO-6 8754F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 853911F8
Device \Driver\usbehci \Device\USBPDO-7 8766D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 853911F8
Device \Driver\cdrom \Device\CdRom0 8773C1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8AAE3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8AAE3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8AAE3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 [8AAE3A60] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 853911F8
Device \Driver\cdrom \Device\CdRom1 8773C1F8
Device \Driver\volmgr \Device\HarddiskVolume4 853911F8
Device \Driver\netbt \Device\NetBT_Tcpip_{F1CC8EA9-5D6B-4F25-ACCB-BF0F0CA74F0A} 893C8500
Device \Driver\netbt \Device\NetBt_Wins_Export 893C8500
Device \Driver\Smb \Device\NetbiosSmb 8930C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8786C1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{F2C94D24-2588-4679-8BC1-7AA151DB010F} 893C8500
Device \Driver\usbuhci \Device\USBFDO-0 8754F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8754F1F8
Device \Driver\usbuhci \Device\USBFDO-2 8754F1F8
Device \Driver\usbehci \Device\USBFDO-3 8766D1F8
Device \Driver\usbuhci \Device\USBFDO-4 8754F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8754F1F8
Device \Driver\usbuhci \Device\USBFDO-6 8754F1F8
Device \Driver\usbehci \Device\USBFDO-7 8766D1F8
Device \Driver\argnu0tk \Device\Scsi\argnu0tk1 8773A1F8
Device \Driver\argnu0tk \Device\Scsi\argnu0tk1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\argnu0tk \Device\Scsi\argnu0tk1Port6Path0Target0Lun0 8773A1F8
Device \Driver\argnu0tk \Device\Scsi\argnu0tk1Port6Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\JMCR \Device\Scsi\JMCR1 8767F1F8
Device \Driver\JMCR \Device\Scsi\JMCR2 8767F1F8
Device \Driver\JMCR \Device\Scsi\JMCR3 8767F1F8
Device \Driver\JMCR \Device\Scsi\JMCR4 8767F1F8
Device \FileSystem\cdfs \Cdfs 858301F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x8F 0xC4 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x50 0xB4 0x33 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE5 0xFA 0xC1 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x8F 0xC4 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x50 0xB4 0x33 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE5 0xFA 0xC1 0xB8 ...
---- EOF - GMER 1.0.15 ----
und hier das aswMBR: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-05 12:44:25 ----------------------------- 12:44:25.744 OS Version: Windows 6.0.6002 Service Pack 2 12:44:25.744 Number of processors: 2 586 0x170A 12:44:25.744 ComputerName: JACKYS-PC UserName: Jacky 12:44:27.039 Initialize success 12:44:38.962 AVAST engine download error: 0 12:45:10.973 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 12:45:10.973 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3 12:45:10.973 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 12:45:10.973 Disk 1 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3 12:45:11.191 Disk 0 MBR read successfully 12:45:11.191 Disk 0 MBR scan 12:45:11.207 Disk 0 unknown MBR code 12:45:11.223 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048 12:45:11.269 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145965 MB offset 27265024 12:45:11.347 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 145966 MB offset 326201344 12:45:11.363 Disk 0 scanning sectors +625139712 12:45:11.753 Disk 0 scanning C:\Windows\system32\drivers 12:45:52.391 Service scanning 12:46:07.929 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 12:46:13.872 Modules scanning 12:46:27.085 Disk 0 trace - called modules: 12:46:27.101 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys iaStor.sys spzu.sys >>UNKNOWN [0x85cdb938]<< 12:46:27.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868b6198] 12:46:27.132 3 CLASSPNP.SYS[8afc18b3] -> nt!IofCallDriver -> [0x85daa1c8] 12:46:27.132 5 acpi.sys[807bb6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85db3028] 12:46:27.148 Scan finished successfully 12:47:51.840 Disk 0 MBR has been saved successfully to "C:\Users\Jacky\Documents\MBR.dat" 12:47:51.856 The log file has been saved successfully to "C:\Users\Jacky\Documents\aswMBR.txt" Geändert von uschitrowski (05.12.2012 um 12:48 Uhr) |
|
05.12.2012, 15:22
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expaxk.BA Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
05.12.2012, 18:31
| #19 |
| | EXP/JS.Expaxk.BA Combofix Logfile: Code:
ATTFilter ComboFix 12-12-04.01 - Jacky 05.12.2012 16:35:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1657 [GMT 1:00]
ausgeführt von:: c:\users\Jacky\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
D:\install.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ERDNT\cache\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-05 bis 2012-12-05 ))))))))))))))))))))))))))))))
.
.
2012-12-05 15:40 . 2012-12-05 15:46 -------- d-----w- c:\users\Jacky\AppData\Local\temp
2012-12-05 15:40 . 2012-12-05 15:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-05 15:40 . 2012-12-05 15:40 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-12-05 15:40 . 2012-12-05 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-05 10:48 . 2012-12-05 10:48 100864 ----a-w- C:\fxriqpoc.sys
2012-12-04 06:19 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDDF9609-5B18-47EF-BDEF-E4E483EBE24E}\mpengine.dll
2012-11-26 08:36 . 2012-11-26 08:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-26 08:36 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-26 08:25 . 2012-11-26 08:26 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-15 15:31 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 15:31 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-12 15:49 . 2012-04-04 05:31 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-12 15:49 . 2011-06-02 08:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 13:28 . 2012-10-12 05:08 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-22 14:34 . 2011-06-13 10:23 660184 -c--a-r- c:\program files\speedsrv.dll
2010-09-22 14:34 . 2011-06-13 10:23 379608 -c--a-r- c:\program files\spd.exe
2010-09-17 18:23 . 2010-09-17 18:24 11242496 ----a-w- c:\program files\Vodafone Mobile Connect.msi
2012-10-27 17:16 . 2012-10-27 17:15 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Jacky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Jacky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-12 21:10 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-12 21:11 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-03-07 02:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 22:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-04-23 14:58 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 -c--a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-07-20 16:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-06-19 20:01 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-04-20 15:20 2327552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 09:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-28 07:35 6111232 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-18 03:31 1033512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:49]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-31 14:58]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-31 14:58]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_7730g
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Jacky\AppData\Roaming\Mozilla\Firefox\Profiles\tu1wtuwd.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2009-11-18 19:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Guard.Mail.ru - c:\program files\Guard-ICQ\GuardICQ.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-05 16:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3536)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\spd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-05 16:50:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-05 15:50
ComboFix2.txt 2012-03-19 13:23
.
Vor Suchlauf: 13 Verzeichnis(se), 91.146.985.472 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 91.108.769.792 Bytes frei
.
- - End Of File - - 5FF7F633342498486753F6939161EEE9
|
|
06.12.2012, 09:12
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expaxk.BA adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu EXP/JS.Expaxk.BA |
| zuverlässig |
Linear-Darstellung
