| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Seth.anzutracking öffnet Werbung im FirefoxbrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.03.2013, 23:46
| #1 |
 |  Seth.anzutracking öffnet Werbung im Firefoxbrowser seth.anzutracking öffnet plötzlich auf der Seite yugioh.wikia.com (aus Hobbygründen) fremde Werbung. Dabei flimmert dann der Cursor auf. Meines Wissens kann fremde Schadensoftware neue Schadware aufspielen. Darum will ich das loswerden, kann man da was machen um das los zuwerden? Es gibt da ein paar Guides auf englisch, aber ob man den Vertrauen kann...weiß man auch nicht. Solche Anleitungen z.B.: hxxp://blog.yoocare.com/how-to-remove-seth-avazutracking-net-redirect-virus-manual-removal/ hxxp://blog.teesupport.com/how-to-get-rid-of-seth-avazutracking-net-completely-seth-avazutracking-net-donmain-hijacker-malware-remove-guide/ Anmerkung: Avast hat dazu nichts gefunden. Malware Byte Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.10.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 xxx:: xxx-PC [Administrator] 10.03.2013 22:23:35 mbam-log-2013-03-10 (22-23-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204200 Laufzeit: 6 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 3/10/2013 10:34:00 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.89% Memory free 5.98 Gb Paging File | 4.88 Gb Available in Paging File | 81.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 555.07 Gb Total Space | 523.22 Gb Free Space | 94.26% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 19.60 Gb Free Space | 49.00% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/06 14:16:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2013/02/28 09:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/02/28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/02/07 13:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\PSIA.exe PRC - [2013/02/07 13:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/22 18:57:36 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009/12/17 17:18:24 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/12/17 17:17:54 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013/03/06 08:54:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/03/06 08:54:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/03/06 08:54:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/03/06 08:54:18 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/03/06 08:54:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/03/06 08:54:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/03/06 08:54:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/03/06 08:53:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll MOD - [2010/11/13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/08/24 12:13:16 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3638.29735__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3638.29705__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3638.29613__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3638.29671__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:16 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3638.29633__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3638.29672__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3638.29685__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3638.29622__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3638.29706__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3638.29666__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3638.29656__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3638.29628__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3638.29622__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3638.29736__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3638.29731__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3638.29659__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3638.29634__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3638.29680__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/08/24 12:13:15 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3638.29633__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3638.29704__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3638.29664__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3638.29671__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3638.29704__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3638.29663__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3638.29653__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3638.29665__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3638.29638__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/08/24 12:13:14 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/08/24 12:13:14 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3638.29657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/08/24 12:13:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3638.29638__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3638.29665__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/08/24 12:13:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/08/24 12:13:14 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/08/24 12:13:13 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3638.29730__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/08/24 12:13:13 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3638.29694__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/08/24 12:13:13 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3638.29627__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/08/24 12:13:13 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3638.29699__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/08/24 12:13:13 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3638.29698__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/08/24 12:13:13 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3638.29611__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/08/24 12:13:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3638.29612__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/08/24 12:13:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/08/24 12:13:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3638.29710__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/08/24 12:13:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/08/24 12:13:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/08/24 12:13:13 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3638.29611__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010/08/24 12:13:12 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3638.29618__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/08/24 12:13:12 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3638.29609__90ba9c70f846762e\APM.Server.dll MOD - [2010/08/24 12:13:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3638.29610__90ba9c70f846762e\AEM.Server.dll MOD - [2010/08/24 12:13:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/08/24 12:13:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/08/24 12:13:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/08/24 12:13:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/08/24 12:13:12 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3638.29699__90ba9c70f846762e\CCC.Implementation.dll ========== Services (SafeList) ========== SRV - [2013/03/07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/02/26 21:58:56 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/07 13:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013/02/07 13:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/12/17 17:17:54 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2013/02/28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/02/28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/02/28 09:36:37 | 000,163,784 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/02/28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/02/28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/02/28 09:36:36 | 000,060,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2013/02/28 09:36:36 | 000,049,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/02/28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013/02/07 13:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2013/01/31 10:50:58 | 000,022,656 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012/10/11 04:08:10 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/06/09 12:00:48 | 001,554,472 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrdCap.sys -- (TrdCap) DRV - [2010/05/24 14:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009/12/17 17:52:18 | 005,145,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/09/30 08:33:58 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/05/13 20:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 20:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{469CEF17-C4C5-41DB-B566-0B22FFC3D79A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ce2600fe-5456-4fea-af94-64535f2c33be&apn_sauid=26D66C6B-D6C0-433F-A56B-2F7C786F2F1D IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CCB2728A-D514-4A42-959D-F237DF1932BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/05 17:20:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 05:52:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/14 19:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2013/03/04 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\vivet5t1.default\extensions [2013/03/08 05:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/03/07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/03/07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/03/07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/03/07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/03/07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/03/07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/03/07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.mozilla.org/de/plugincheck/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\ CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/06 14:16:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16601466-C772-4CB6-A238-F2D88C533590}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/10 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Pc Überprüfung [2013/03/08 06:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/03/06 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\DevPro [2013/03/06 14:16:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/06 14:16:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013/03/06 06:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/05 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Secunia PSI [2013/03/05 17:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013/03/05 17:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/03/05 17:21:14 | 000,368,248 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013/03/05 17:21:14 | 000,029,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013/03/05 17:21:12 | 000,060,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013/03/05 17:21:11 | 000,765,808 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013/03/05 17:21:11 | 000,062,448 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013/03/05 17:21:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013/03/05 17:21:07 | 000,066,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013/03/05 17:20:41 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/03/05 17:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/05 17:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/05 16:38:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Yugioh [2013/03/05 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2013/03/05 13:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 13:39:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/03/05 13:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/03/04 21:15:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/04 20:46:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/03/04 20:36:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/04 15:00:32 | 000,103,680 | ---- | C] (GMER) -- C:\uwldrkob.sys [2013/03/04 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/04 04:51:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2013/03/04 04:49:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2013/03/03 21:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/03 21:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/02/28 11:39:45 | 000,034,432 | ---- | C] (ManyCam LLC) -- C:\Windows\System32\drivers\mcvidrv.sys [2013/02/28 11:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam [2013/02/26 12:30:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Rinteln_Dateien [2013/02/20 18:53:15 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013/02/20 07:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/10 22:31:34 | 000,377,856 | ---- | M] () -- C:\Users\xxx\Desktop\gmer_2.1.19155.exe [2013/03/10 21:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/10 21:54:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/10 20:52:04 | 000,030,991 | ---- | M] () -- C:\Users\xxx\Desktop\Unbenannt 1.odt [2013/03/10 18:09:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 18:09:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 18:02:46 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/10 18:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/10 18:02:34 | 2406,924,288 | -HS- | M] () -- C:\hiberfil.sys [2013/03/08 05:52:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/03/06 21:35:39 | 321,848,743 | ---- | M] () -- C:\Users\xxx\Desktop\YGOPro DevPro 1.7.3.2.7z [2013/03/06 14:16:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2013/03/06 14:16:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013/03/05 22:19:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/03/05 22:19:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/05 22:19:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/03/05 22:19:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/03/05 22:12:04 | 000,311,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/03/05 22:03:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2013/03/05 17:56:23 | 000,001,072 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/03/05 17:21:15 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/05 17:21:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013/03/05 13:39:22 | 000,001,075 | ---- | M] () -- C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 15:00:32 | 000,103,680 | ---- | M] (GMER) -- C:\uwldrkob.sys [2013/03/04 06:13:10 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2013/03/03 21:18:18 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013/02/28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013/02/28 09:36:37 | 000,163,784 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013/02/28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013/02/28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013/02/28 09:36:36 | 000,060,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013/02/28 09:36:36 | 000,049,320 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013/02/28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013/02/28 09:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013/02/28 09:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013/02/25 18:26:55 | 000,005,120 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/10 22:31:32 | 000,377,856 | ---- | C] () -- C:\Users\xxx\Desktop\gmer_2.1.19155.exe [2013/03/06 21:26:28 | 321,848,743 | ---- | C] () -- C:\Users\xxx\Desktop\YGOPro DevPro 1.7.3.2.7z [2013/03/05 22:03:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2013/03/05 22:02:21 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/03/05 22:01:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/03/05 17:56:23 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/03/05 17:56:23 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/03/05 17:21:15 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/05 17:21:11 | 000,163,784 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013/03/05 17:21:10 | 000,049,320 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013/03/05 13:39:22 | 000,001,075 | ---- | C] () -- C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 06:13:10 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2013/02/21 23:48:40 | 000,030,991 | ---- | C] () -- C:\Users\xxx\Desktop\Unbenannt 1.odt [2013/01/08 19:37:13 | 000,005,120 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/01/29 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Audacity [2013/01/23 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics [2013/01/15 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2013/03/06 07:13:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/10/2013 10:34:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.89% Memory free
5.98 Gb Paging File | 4.88 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 555.07 Gb Total Space | 523.22 Gb Free Space | 94.26% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 19.60 Gb Free Space | 49.00% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BA33F67A-AF2B-4FB5-A1AA-14DBCD248E2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9F34EFE-1E5D-4068-BB14-27330F673971}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5034C34A-FE9D-407C-B509-C90B5F2054CB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CD1056BA-4E75-4D29-898D-C68578ED5C47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB0D9957-F921-4F3D-8376-66138673B9AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05111291-C4F7-8292-01A2-C113286286A4}" = CCC Help Russian
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{071B5C15-8CD0-744E-B0BC-F5855F8DECB0}" = CCC Help Hungarian
"{0AAC425C-6B3E-CD6E-BFFB-5D751CC6753C}" = CCC Help Japanese
"{0DAAFBE9-86D2-BDF6-CC64-34DE56EF5960}" = CCC Help Spanish
"{14191227-D02E-B89F-9B98-95EBB3A547AD}" = Catalyst Control Center Localization All
"{1573631D-6883-DA31-9A46-9FB22B38F75F}" = CCC Help Italian
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AD017B8-F7C4-D914-A38C-4756F2DD09F6}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343F5BC0-7765-BE30-08AF-798781247903}" = ccc-core-static
"{3ABC3B58-0CAD-E52D-4F36-9379D25794FE}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7F3C64-0CF2-71E6-25A2-C4093A1D50D5}" = ccc-utility
"{3D4A7623-61FE-BF12-C2A8-39C1D0E533CF}" = Catalyst Control Center InstallProxy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{472B7916-CB4E-6F58-056E-804781DFEFF8}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FF5A6ED-9A89-3E3D-5ADB-60602DA8FB6D}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5914674F-5E85-103E-AE01-C69177C320AF}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6FC9A3FA-61F5-0D3E-062D-D2C85DA71651}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80FE4054-30AD-A402-BD23-0D3580376EAF}" = CCC Help Dutch
"{838CFC61-FA8C-5AD2-7E86-1BA036D5479F}" = ATI Catalyst Install Manager
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{93C95468-5FFB-101B-FE4F-1B2460AD4791}" = CCC Help French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96534FAB-69B3-CB78-3312-5416A253792C}" = CCC Help Turkish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A13AB951-00E5-F431-A1E4-E430F6DF0BD0}" = CCC Help Thai
"{A43A4D7C-8D09-E5AA-F10A-FA99C2D6B400}" = CCC Help Danish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8832278-3937-6753-A07A-DF23FA6A569A}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA484486-87CC-91E3-C8C1-F505D06A9BEE}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2934A24-C863-7ABE-B054-AD4E97BE48E4}" = CCC Help Finnish
"{B972E956-F6FB-FAD7-43BF-09F558DCFFE6}" = Catalyst Control Center Graphics Previews Common
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C05900D1-D58F-4E26-C60D-605E49583F7E}" = CCC Help Swedish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3876972-1660-0FC0-5550-B903D161E4D8}" = Catalyst Control Center Graphics Light
"{DAB36FAD-35DE-486A-9F1A-7784AC1E78B5}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFC1FA94-6D9D-7093-A60D-BEFF1A083023}" = CCC Help Chinese Traditional
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEE369FB-0F44-D01A-C953-2BFA81362638}" = CCC Help Czech
"{EF33D4A2-8A46-84FF-CFAA-7F90F8EE670F}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A6830D-689F-C34E-5F38-9D66D7D5B3C3}" = CCC Help Chinese Standard
"{F53F4595-BDF7-C392-1CD5-1D425EBAA1A9}" = CCC Help Polish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"CamStudio" = CamStudio
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/6/2013 4:10:03 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d98 Startzeit:
01ce1aa68dab337f Endzeit: 8 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
d398cf6a-8699-11e2-916b-0022200b8836
Error - 3/6/2013 4:10:33 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1378 Startzeit:
01ce1aa6a031e771 Endzeit: 6 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
e53dd29e-8699-11e2-916b-0022200b8836
Error - 3/6/2013 4:12:14 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f4 Startzeit: 01ce1aa6dc5aded3
Endzeit:
10 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe Berichts-ID: 2180e211-869a-11e2-916b-0022200b8836
Error - 3/6/2013 4:13:23 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1f94 Startzeit:
01ce1aa706317977 Endzeit: 5 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
4a8f47c7-869a-11e2-916b-0022200b8836
Error - 3/6/2013 4:15:21 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 848 Startzeit:
01ce1aa7481cfb60 Endzeit: 9 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
910321ed-869a-11e2-916b-0022200b8836
Error - 3/6/2013 4:18:55 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1140 Startzeit:
01ce1aa7c6bf5ede Endzeit: 7 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
0dc0b8c2-869b-11e2-916b-0022200b8836
Error - 3/6/2013 4:19:14 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1744 Startzeit:
01ce1aa7d486a434 Endzeit: 5 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
1b974091-869b-11e2-916b-0022200b8836
Error - 3/6/2013 4:23:51 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 814 Startzeit:
01ce1aa8727f63ff Endzeit: 15 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
c07e8c28-869b-11e2-82ff-0022200b8836
Error - 3/6/2013 4:24:57 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1394 Startzeit:
01ce1aa891c6229c Endzeit: 8 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
e89fcf45-869b-11e2-82ff-0022200b8836
Error - 3/8/2013 12:53:26 AM | Computer Name = xxx-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 3/6/2013 3:40:59 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 3:47:58 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 3:47:58 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 7:59:22 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:08:23 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:11:57 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:11:57 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:11:57 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:12:00 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/8/2013 2:21:57 AM | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
< End of report >
[CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 23:33:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uwldrkob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90C2559C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91298388]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90C2602E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90C317F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90C3183E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90C319D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90C31760]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91298720]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90C317A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90C2652C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90C26748]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90C31992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90C26DE4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90C25602]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90C2A5C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91298450]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x912969B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90C25668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90C2A98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90C27874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90C3181C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90C31860]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90C319FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90C31786]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90C29EA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90C31910]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90C317D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90C2A29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90C319B6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x912985B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90C27740]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90C2744E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90C256CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90C25734]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90C26C5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90C25284]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90C2545A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90C253E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90C26FAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90C27110]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90C254E2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91298678]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90C26C3E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x912969E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90C2579A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x912984FC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x912B1BA0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4A9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C841C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C8B1E0 4 Bytes [9C, 55, C2, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C8B208 4 Bytes [88, 83, 29, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C8B268 4 Bytes [2E, 60, C2, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C8B2BC 8 Bytes [F2, 17, C3, 90, 3E, 18, C3, ...] {POP SS; RET ; NOP ; SBB BL, AL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C8B2C8 4 Bytes [D8, 19, C3, 90] {FCOMP DWORD [ECX]; RET ; NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E18C6B 5 Bytes JMP 912AEA3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E31280 5 Bytes JMP 912B056C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E463C7 4 Bytes CALL 90C27F37 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E601B0 4 Bytes CALL 90C27F4D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EEA008 7 Bytes JMP 912B1BA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91A1A000, 0x2CB832, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[424] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[444] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[496] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[580] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text ...
.text C:\Windows\system32\SearchProtocolHost.exe[2452] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchProtocolHost.exe[2452] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchProtocolHost.exe[2452] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 000B0A08
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000B03FC
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 000B0804
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000B01F8
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 000B0600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00200600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000701F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00320A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 003203FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00320804
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 003201F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00320600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00200600
.text C:\Windows\servicing\TrustedInstaller.exe[2924] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000603FC
.text C:\Windows\servicing\TrustedInstaller.exe[2924] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000601F8
.text C:\Windows\servicing\TrustedInstaller.exe[2924] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00080A08
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000803FC
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00080804
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000801F8
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 002203FC
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 002201F8
.text C:\Windows\system32\SearchIndexer.exe[3000] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00250A08
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 002503FC
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00250804
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 002501F8
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00250600
.text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskeng.exe[3128] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 001F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3496] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000701F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001903FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00190804
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001901F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00100600
.text C:\Users\xxx\Desktop\gmer_2.1.19155.exe[3768] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b4f859
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b4f859 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von DukeYGO (10.03.2013 um 23:53 Uhr) |
| Themen zu Seth.anzutracking öffnet Werbung im Firefoxbrowser |
| 7-zip, adobe reader xi, antivirus, aswrvrt.sys, autorun, bho, ccc.exe, cursor, error, fehler, firefox, flash player, helper, home, iexplore.exe, install.exe, log file, logfile, loswerden, mozilla, nodrives, ntdll.dll, plug-in, programm, realtek, registry, revo uninstaller, rundll, scan, schadware, secunia psi, security, software, svchost.exe, teamspeak, unknown mbr, werbung, öffnet werbung |
Baum-Darstellung