Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
System Anti Virus

System Anti Virus


Log-Analyse und Auswertung: System Anti Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.05.2013, 13:06   #1
red_angel
 
System Anti Virus - Standard

System Anti Virus


Hallo, liebe Helfer,
auch ich habe mir System Care Antivirus eingefangen.
Der Administratoraccount kommt nicht mehr ins Internet.
Ich habe nun aber gelesen, man soll nicht die Hinweise der anderen Threads befolgen, daher habe ich erstmal nichts gemacht, außer Punkt 2, Schritt 1 und 2 der Anleitung.

OTL.txt

OTL logfile created on: 24.05.2013 12:50:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Teilnehmer\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

895,29 Mb Total Physical Memory | 326,03 Mb Available Physical Memory | 36,42% Memory free
1,87 Gb Paging File | 0,86 Gb Available in Paging File | 45,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 118,87 Gb Free Space | 79,80% Space Free | Partition Type: NTFS

Computer Name: PC-RAUM-1 | User Name: Dozent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.24 12:49:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Teilnehmer\Desktop\OTL.exe
PRC - [2013.05.22 15:03:51 | 000,516,096 | ---- | M] () -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.20 13:55:48 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.02.02 01:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 01:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.11.02 03:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.04.19 09:33:38 | 000,387,616 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009.04.19 09:33:38 | 000,178,720 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe


========== Modules (No Company Name) ==========

MOD - [2013.05.22 15:03:51 | 000,516,096 | ---- | M] () -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe
MOD - [2010.02.18 09:51:27 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Services (SafeList) ==========

SRV - [2013.04.16 17:47:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.09 18:48:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.04.19 09:33:38 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.04.19 09:33:38 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{056C60D5-8BBE-463E-A15C-0A905ABC7CB1}\MpKsle2e68444.sys -- (MpKsle2e68444)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FEAC21CF-9A9B-4DFE-BD30-7E843138E57F}\MpKsld6d4cfda.sys -- (MpKsld6d4cfda)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{669806A4-7F9A-45C1-A7CE-2D56ED51AA98}\MpKslcf90afa7.sys -- (MpKslcf90afa7)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5BDAE7A8-7C27-4ABA-B80F-2F50663CAF46}\MpKslccbc9a8b.sys -- (MpKslccbc9a8b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A87641E7-074B-421E-A51F-33D7D46F5164}\MpKslb0fa1f9a.sys -- (MpKslb0fa1f9a)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{959A5DFF-6FAC-4F9E-B0AB-B4D63015F2AE}\MpKsl9f126476.sys -- (MpKsl9f126476)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7A43E73-EE7A-49B9-8527-2D7C42E2FF4C}\MpKsl7b710871.sys -- (MpKsl7b710871)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60CD31B5-34FE-46A1-A8C3-727EA82A8245}\MpKsl7237ef53.sys -- (MpKsl7237ef53)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D34291F-34D8-48FE-8ED6-682855D1DAEB}\MpKsl6a532c04.sys -- (MpKsl6a532c04)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5C55BAF-D378-451A-AE3A-A3F13B7A52B1}\MpKsl35d48099.sys -- (MpKsl35d48099)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB329A3F-9D9C-4059-A62C-1201699670C0}\MpKsl2013e79b.sys -- (MpKsl2013e79b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EEA5D51-DD77-4592-8F94-1963CBD54F7D}\MpKsl0f5e3759.sys -- (MpKsl0f5e3759)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB329A3F-9D9C-4059-A62C-1201699670C0}\MpKsl0b0b7015.sys -- (MpKsl0b0b7015)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8A35E2A-8355-4AF8-B14C-5F7E00B5ED80}\MpKsl0128d60a.sys -- (MpKsl0128d60a)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dozent\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009.09.28 00:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.16 16:22:10 | 000,019,064 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Users\Dozent\Desktop\hwinfo32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.05.13 13:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.05.01 15:06:56 | 000,287,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.04.30 21:08:30 | 000,210,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lernstudio-barbarossa.de/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=190712_n_mont_3012_6&babsrc=SP_ss&mntrId=a49549d000000000000090e6ba7bcb72
IE - HKCU\..\SearchScopes\{27CE8DB3-8045-46BD-8403-1D24B79650CB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE485
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8zX7xrLh&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=&SearchSource=2"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.16 17:47:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.16 17:47:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.07.26 13:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Extensions
[2013.02.20 16:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions
[2012.11.28 15:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}.oldbackup
[2013.02.20 16:08:36 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Dozent\AppData\Roaming\mozilla\Firefox\Profiles\t9wogsya.default\extensions\sparpilot@sparpilot.com
[2013.01.23 15:24:07 | 000,001,050 | ---- | M] () -- C:\Users\Dozent\AppData\Roaming\mozilla\firefox\profiles\t9wogsya.default\searchplugins\web-search-customized-web-search.xml
[2013.04.16 17:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.16 17:47:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.22 15:25:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.22 15:25:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.22 15:25:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.22 15:25:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.22 15:25:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.22 15:25:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\RunOnce: [A49C15FB3DB849D00000A49B71654F53] C:\ProgramData\A49C15FB3DB849D00000A49B71654F53\A49C15FB3DB849D00000A49B71654F53.exe ()
O4 - Startup: C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Downloader.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\pnrpnsp.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E455B332-9A38-4180-ABCE-BAE71CE83ADE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.24 12:46:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dozent\Desktop\OTL.exe
[2013.05.22 15:11:49 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.05.22 15:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\A49C15FB3DB849D00000A49B71654F53
[2013.05.15 10:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dozent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman
[2013.05.15 10:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman
[2013.05.15 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Dozent\Documents\Expert CAE CD-ROM
[2013.04.24 14:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.24 14:02:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.24 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2013.05.24 12:46:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dozent\Desktop\OTL.exe
[2013.05.24 12:43:21 | 000,000,000 | ---- | M] () -- C:\Users\Dozent\defogger_reenable
[2013.05.24 12:28:10 | 000,017,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 12:28:10 | 000,017,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 12:20:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 12:20:53 | 704,081,920 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 15:11:49 | 000,002,048 | ---- | M] () -- C:\Users\Dozent\Desktop\System Care Antivirus.lnk
[2013.05.16 11:50:08 | 000,483,346 | ---- | M] () -- C:\Users\Dozent\Documents\gmx Kündigung.PDF
[2013.05.15 12:01:46 | 000,659,798 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.15 12:01:46 | 000,621,074 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.15 12:01:46 | 000,132,070 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.15 12:01:46 | 000,108,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.24 14:03:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk

========== Files Created - No Company Name ==========

[2013.05.24 12:43:21 | 000,000,000 | ---- | C] () -- C:\Users\Dozent\defogger_reenable
[2013.05.22 15:11:48 | 000,002,048 | ---- | C] () -- C:\Users\Dozent\Desktop\System Care Antivirus.lnk
[2013.05.16 11:49:56 | 000,483,346 | ---- | C] () -- C:\Users\Dozent\Documents\gmx Kündigung.PDF
[2013.04.24 14:03:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.22 08:45:41 | 000,002,707 | ---- | C] () -- C:\Users\Dozent\.recently-used.xbel
[2013.02.28 17:15:40 | 000,000,311 | ---- | C] () -- C:\Users\Dozent\.authorrc1
[2012.08.27 12:31:50 | 000,000,002 | ---- | C] () -- C:\Users\Dozent\uz.dat
[2012.07.02 13:24:23 | 000,000,074 | ---- | C] () -- C:\Users\Dozent\geonext.ini
[2010.02.18 09:57:27 | 000,001,444 | ---- | C] () -- C:\Users\Dozent\.zir.cfg
[2010.02.17 14:21:25 | 000,000,680 | RHS- | C] () -- C:\Users\Dozent\ntuser.pol

========== ZeroAccess Check ==========

[2013.01.17 18:56:53 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB43389$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P6PTQQTG\t.cxt.ms\lso.swf\u.sol
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.08.27 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Azureus
[2012.07.10 17:49:10 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Babylon
[2013.05.22 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Canon
[2013.03.21 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Diron
[2013.02.20 16:21:58 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\DynaGeo
[2013.04.09 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Ekexi
[2012.06.19 12:37:12 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\EPSON
[2013.04.22 08:45:41 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\gtk-2.0
[2010.02.18 10:12:49 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\KompoZer
[2012.04.25 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\mathegrafix
[2012.06.26 21:45:54 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\OmegaT
[2010.02.18 09:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\OpenOffice.org
[2013.04.03 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\Yhdon
[2012.07.10 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Dozent\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB43389$] -> Error: Cannot create file handle -> Unknown point type

< End of report >




Extra.txt

OTL Extras logfile created on: 24.05.2013 12:50:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Teilnehmer\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

895,29 Mb Total Physical Memory | 326,03 Mb Available Physical Memory | 36,42% Memory free
1,87 Gb Paging File | 0,86 Gb Available in Paging File | 45,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 118,87 Gb Free Space | 79,80% Space Free | Partition Type: NTFS

Computer Name: PC-RAUM-1 | User Name: Dozent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E931A51-A183-4E66-8562-D82896E74C67}" = BCool Gadget
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Calc 3D Pro_is1" = Calc 3D Pro 2.1.10
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DynaGeo_is1" = DynaGeo 3.8
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series
"Epson Stylus S21_T21_T27 Benutzerhandbuch" = Epson Stylus S21_T21_T27 Handbuch
"f(x)-Viewer_is1" = f(x)-Viewer 2.0.1
"GEONExT_is1" = GEONExT 1.74
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KompoZer_is1" = KompoZer 0.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MatheGrafix 9_is1" = MatheGrafix 9 (Version 9.50)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OmegaT 2.5.5_is1" = OmegaT version 2.5.5
"PROHYBRIDR" = 2007 Microsoft Office system
"TIPP10_is1" = TIPP10 Version 2.0.3
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Z.u.L._is1" = Z.u.L. Version 9.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DirectDownloader" = DirectDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12.04.2013 11:06:21 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ~!#5C72.tmp, Version: 5.1.2600.0,
Zeitstempel: 0x51671b05 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012ff96 ID des fehlerhaften
Prozesses: 0x600 Startzeit der fehlerhaften Anwendung: 0x01ce378f49567d38 Pfad der
fehlerhaften Anwendung: C:\Users\TEILNE~1\AppData\Local\Temp\~!#5C72.tmp Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 8851a058-a382-11e2-ba7f-90e6ba7bcb72

Error - 18.04.2013 10:15:26 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x012ea594 ID des fehlerhaften
Prozesses: 0x974 Startzeit der fehlerhaften Anwendung: 0x01ce3c3f01077820 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 6a0a5770-a832-11e2-bf36-90e6ba7bcb72

Error - 18.04.2013 10:23:21 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0x80000003 Fehleroffset: 0x004ea594 ID des fehlerhaften
Prozesses: 0xc80 Startzeit der fehlerhaften Anwendung: 0x01ce3c3ffe819350 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 850774a8-a833-11e2-bf36-90e6ba7bcb72

Error - 23.04.2013 04:02:46 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000d059 ID des fehlerhaften
Prozesses: 0x7cc Startzeit der fehlerhaften Anwendung: 0x01ce3ff8667132e8 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\System32\mshtml.dll Berichtskennung: 2ea72268-abec-11e2-bd28-90e6ba7bcb72

Error - 15.05.2013 05:57:12 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften
Prozesses: 0xca8 Startzeit der fehlerhaften Anwendung: 0x01ce5143a7dd50e8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: cff095e0-bd45-11e2-ba20-90e6ba7bcb72

Error - 15.05.2013 07:14:38 | Computer Name = PC-Raum-1 | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7600.16667 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: fc4 Startzeit: 01ce5159be434958 Endzeit: 6 Anwendungspfad: C:\Program
Files\Windows Media Player\wmplayer.exe Berichts-ID:

Error - 15.05.2013 10:15:13 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d9aa6 ID des fehlerhaften
Prozesses: 0x92c Startzeit der fehlerhaften Anwendung: 0x01ce517593be0d14 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\System32\mshtml.dll Berichtskennung: db27a574-bd69-11e2-b114-90e6ba7bcb72

Error - 22.05.2013 03:01:19 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16447,
Zeitstempel: 0x4fc9d776 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d9aa6 ID des fehlerhaften
Prozesses: 0x6cc Startzeit der fehlerhaften Anwendung: 0x01ce56b8eb6ca460 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\System32\mshtml.dll Berichtskennung: 66cd4eb0-c2ad-11e2-a14d-90e6ba7bcb72

Error - 22.05.2013 09:12:18 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 20.0.1.4847,
Zeitstempel: 0x51650a74 Name des fehlerhaften Moduls: NPSWF32_11_5_502_146.dll,
Version: 11.5.502.146, Zeitstempel: 0x50cfc317 Ausnahmecode: 0x80000003 Fehleroffset:
0x0032fded ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung:
0x01ce56ba5a7313c0 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
Berichtskennung:
3a80c36c-c2e1-11e2-a14d-90e6ba7bcb72

Error - 24.05.2013 06:43:34 | Computer Name = PC-Raum-1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768,
Zeitstempel: 0x4d6878c3 Name des fehlerhaften Moduls: MediaShellOverlays.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4ff471b8 Ausnahmecode: 0xc0000005 Fehleroffset:
0x6de0c225 ID des fehlerhaften Prozesses: 0xda8 Startzeit der fehlerhaften Anwendung:
0x01ce586923a76390 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad
des fehlerhaften Moduls: MediaShellOverlays.dll Berichtskennung: c7f1628c-c45e-11e2-b2ea-90e6ba7bcb72

[ Media Center Events ]
Error - 08.12.2012 04:07:29 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 09:07:28 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
09:07:28
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 09:07:28 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 09:07:28 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 08.12.2012 04:07:30 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 09:07:30 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 10.12.2012 11:07:46 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 16:07:45 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
16:07:45
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 16:07:45 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 16:07:45 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 10.12.2012 11:07:52 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 16:07:48 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 11.12.2012 10:25:37 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 15:25:27 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
15:25:29
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 15:25:29 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 15:25:29 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 11.12.2012 10:26:52 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 15:25:39 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 12.12.2012 06:59:19 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 11:59:18 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
11:59:18
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 11:59:18 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 11:59:18 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 12.12.2012 06:59:25 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 11:59:20 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

Error - 13.12.2012 08:47:08 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 13:47:07 - dSM-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)
13:47:08
- Logos-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 13:47:08 -
SMTiles-2.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424) 13:47:08 -
UpdateableMarkup.cab konnte nicht abgerufen werden (Fehler: BITS 0x80070424)

Error - 13.12.2012 08:47:09 | Computer Name = PC-Raum-1 | Source = MCUpdate | ID = 0
Description = 13:47:09 - Broadband-2.enc konnte nicht abgerufen werden (Fehler:
BITS 0x80070424)

[ OSession Events ]
Error - 01.09.2010 11:59:26 | Computer Name = PC-Raum-1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7726
seconds with 6720 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15.05.2013 11:35:32 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 16.05.2013 06:36:34 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 16.05.2013 13:47:51 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 22.05.2013 04:39:25 | Computer Name = PC-Raum-1 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 22.05.2013 04:39:25 | Computer Name = PC-Raum-1 | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.

Error - 22.05.2013 09:15:37 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 22.05.2013 11:39:44 | Computer Name = PC-Raum-1 | Source = DCOM | ID = 10010
Description =

Error - 22.05.2013 11:42:18 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 23.05.2013 10:23:56 | Computer Name = PC-Raum-1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
Status gemeldet: 32

Error - 24.05.2013 06:26:03 | Computer Name = PC-Raum-1 | Source = DCOM | ID = 10010
Description =


< End of report >


Gmer.txt

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-24 14:01:29
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\00000032 WDC_WD16 rev.01.0 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dozent\AppData\Local\Temp\ufrirpob.sys


---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83683599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836A8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.rsrc C:\Windows\system32\DRIVERS\cdrom.sys section is executable [0x8B877000, 0x5AEE, 0x68000020]
? C:\Windows\system32\DRIVERS\cdrom.sys suspicious PE modification

---- User code sections - GMER 2.1 ----

.text C:\Windows\System32\svchost.exe[1336] user32.dll!GetCursorPos 770AC198 5 Bytes JMP 001B000A
.text C:\Windows\System32\svchost.exe[1336] user32.dll!DialogBoxIndirectParamAorW 770D551D 5 Bytes JMP 001C000A
.text C:\Windows\System32\svchost.exe[1336] ole32.dll!CoCreateInstance 773A590C 5 Bytes JMP 001A000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!CharToOemA + 3A 770AB1DE 7 Bytes JMP 663C43E6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!AdjustWindowRectEx + 117 770B660F 7 Bytes JMP 663C4375 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!GetWindowInfo 770B6A82 5 Bytes JMP 6600E50D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2040] USER32.dll!MenuItemFromPoint + F 770D4B36 7 Bytes JMP 6600E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!wcsncmp + 33B 77B7F420 7 Bytes JMP 65E36D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7726C057 7 Bytes JMP 6618D713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!CloseHandle + 38 7727058F 7 Bytes JMP 6618D736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!GetExitCodeProcess + 2C 772730DD 7 Bytes JMP 65E51C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] GDI32.dll!GetViewportOrgEx + 21C 773085EB 7 Bytes JMP 6618D694 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] CRYPT32.dll!I_CryptAddRefLruEntry + 209E 75D4C679 7 Bytes JMP 005CF630
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] CRYPT32.dll!I_CryptEnumMatchingLruEntries + 188B 75D4E505 7 Bytes JMP 005CF6A0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateFile + 6 77B646B6 4 Bytes [28, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateFile + B 77B646BB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateKey + 6 77B646F6 4 Bytes [68, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateKey + B 77B646FB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateMutant + 6 77B64736 4 Bytes [68, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateMutant + B 77B6473B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateSection + 6 77B647D6 4 Bytes [A8, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtCreateSection + B 77B647DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtMapViewOfSection + B 77B64D1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenFile + 6 77B64DC6 4 Bytes [68, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenFile + B 77B64DCB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKey + 6 77B64DF6 4 Bytes [A8, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKey + B 77B64DFB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenKeyEx + B 77B64E0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenMutant + 6 77B64E46 4 Bytes [28, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenMutant + B 77B64E4B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + 6 77B64E76 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + 6 77B64E76 4 Bytes [68, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcess + B 77B64E7B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + 6 77B64E86 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + 6 77B64E86 4 Bytes [A8, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessToken + B 77B64E8B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessTokenEx + 6 77B64E96 4 Bytes [68, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenProcessTokenEx + B 77B64E9B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenSection + B 77B64EBB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + 6 77B64EF6 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + 6 77B64EF6 4 Bytes [28, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThread + B 77B64EFB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadToken + 6 77B64F06 4 Bytes [28, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadToken + B 77B64F0B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadTokenEx + 6 77B64F16 4 Bytes [A8, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtOpenThreadTokenEx + B 77B64F1B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryAttributesFile + 6 77B65026 4 Bytes [A8, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryAttributesFile + B 77B6502B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtQueryFullAttributesFile + B 77B650DB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationFile + 6 77B65726 4 Bytes [28, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationFile + B 77B6572B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationThread + 6 77B65786 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtSetInformationThread + B 77B6578B 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtUnmapViewOfSection + 6 77B65AA6 4 Bytes [28, 05, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ntdll.dll!NtUnmapViewOfSection + B 77B65AAB 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] kernel32.dll!CreateProcessW 7722202D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] kernel32.dll!CreateProcessA 77222062 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectObject 773061D0 5 Bytes JMP 001505F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetTextColor 77306622 5 Bytes JMP 00150A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetBkMode 773066CD 5 Bytes JMP 001508F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!DeleteObject 773068B4 5 Bytes JMP 001501B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!DeleteDC 77306A2C 5 Bytes JMP 00150170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtSelectClipRgn 77306C72 5 Bytes JMP 001502F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectClipRgn 77306D84 5 Bytes JMP 001505B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetDeviceCaps 77306E03 5 Bytes JMP 001503B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetStretchBltMode 773073CE 5 Bytes JMP 001506B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetCurrentObject 7730777C 5 Bytes JMP 00150370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextMetricsW 7730798F 5 Bytes JMP 00150E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!IntersectClipRect 77307CCA 5 Bytes JMP 001503F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextAlign 77307D15 5 Bytes JMP 00150D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetTextAlign 77307F92 5 Bytes JMP 001509F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtTextOutW 77308053 5 Bytes JMP 00150970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetClipBox 773081F2 5 Bytes JMP 00150330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!MoveToEx 77308A16 5 Bytes JMP 00150470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateDCA 77309975 5 Bytes JMP 001500B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!RestoreDC 77309A10 5 Bytes JMP 00150530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SaveDC 77309AD2 5 Bytes JMP 00150570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StretchDIBits 7730AC38 5 Bytes JMP 00150770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextFaceW 7730B4CC 5 Bytes JMP 00150D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextExtentPoint32W 7730B535 5 Bytes JMP 00150670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetFontData 7730B8E8 5 Bytes JMP 00150C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateDCW 7730BD21 5 Bytes JMP 001500F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateICW 7730C660 5 Bytes JMP 00150130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!LineTo 7730CA20 5 Bytes JMP 00150430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetWorldTransform 7730CB42 5 Bytes JMP 001506F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextMetricsA 7730CE46 5 Bytes JMP 00150DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!Rectangle 7730F5BE 5 Bytes JMP 001509B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetICMMode 7730F8D4 5 Bytes JMP 00150DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtTextOutA 77310158 5 Bytes JMP 00150930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextExtentPoint32A 773108BB 5 Bytes JMP 00150630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!Escape 77310B0D 5 Bytes JMP 00150270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ExtEscape 77313472 5 Bytes JMP 001502B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetTextFaceA 77313E49 5 Bytes JMP 00150CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetPolyFillMode 77316CE1 5 Bytes JMP 00150B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SetMiterLimit 77316E54 5 Bytes JMP 00150B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!ResetDCW 7732031C 5 Bytes JMP 00150AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndPage 773207CD 5 Bytes JMP 00150230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!GetGlyphOutlineW 7732C292 5 Bytes JMP 00150CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CreateScalableFontResourceW 7732E8EF 5 Bytes JMP 00150BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!AddFontResourceW 7732ECEB 5 Bytes JMP 00150BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!RemoveFontResourceW 7732F1E1 5 Bytes JMP 00150C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!AbortDoc 77334D37 5 Bytes JMP 00150030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndDoc 7733517E 5 Bytes JMP 001501F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StartPage 77335269 5 Bytes JMP 00150730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StartDocW 77335BB6 5 Bytes JMP 001507F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!BeginPath 7733635D 5 Bytes JMP 00150830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!SelectClipPath 773363B4 5 Bytes JMP 00150AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!CloseFigure 7733640F 5 Bytes JMP 00150070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!EndPath 77336466 5 Bytes JMP 00150A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!StrokePath 77336699 5 Bytes JMP 001507B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!FillPath 77336726 5 Bytes JMP 00150870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolylineTo 77336B94 5 Bytes JMP 001504F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolyBezierTo 77336C25 5 Bytes JMP 001504B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] GDI32.dll!PolyDraw 77336CD7 5 Bytes JMP 001508B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ActivateKeyboardLayout 770A817D 5 Bytes JMP 001604F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ScreenToClient 770AC1F2 7 Bytes JMP 00160670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!RegisterClipboardFormatA 770AE6B1 5 Bytes JMP 001602F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!RegisterClipboardFormatW 770AEDFD 5 Bytes JMP 001602B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetCursor 770B52EA 5 Bytes JMP 00160530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!MonitorFromWindow 770B590A 7 Bytes JMP 00160630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!PostMessageW 770B6225 5 Bytes JMP 001605F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!IsWindowVisible 770B6939 7 Bytes JMP 001606B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClientRect 770B74B1 7 Bytes JMP 001605B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!MapWindowPoints 770B7915 5 Bytes JMP 00160570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetParent 770B7AB3 7 Bytes JMP 001606F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetClipboardData 770C4979 5 Bytes JMP 00160170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!EmptyClipboard 770C4A28 5 Bytes JMP 00160130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardData 770C4B47 5 Bytes JMP 00160030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!EnumClipboardFormats 770C4D98 5 Bytes JMP 001601B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardFormatNameW 770C7EB2 5 Bytes JMP 00160230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetClipboardViewer 770C8F4D 5 Bytes JMP 001604B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardFormatNameA 770C8F61 5 Bytes JMP 00160270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetOpenClipboardWindow 770C902F 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetOpenClipboardWindow 770C902F 5 Bytes JMP 001603F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!ChangeClipboardChain 770D3425 5 Bytes JMP 00160430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetTopWindow 770D3A5D 7 Bytes JMP 00160730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!CloseClipboard 770D5BA7 5 Bytes JMP 001600B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!OpenClipboard 770D5BB9 5 Bytes JMP 00160070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!IsClipboardFormatAvailable 770D5C3A 5 Bytes JMP 001600F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardSequenceNumber 770D5C4E 5 Bytes JMP 00160330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardOwner 770D5C60 5 Bytes JMP 00160370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!CountClipboardFormats 770D5DC9 5 Bytes JMP 001601F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!SetCursorPos 770EC1D8 5 Bytes JMP 00160770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetClipboardViewer 77104B57 5 Bytes JMP 00160470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] USER32.dll!GetPriorityClipboardFormat 77104C59 5 Bytes JMP 001603B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleSetClipboard 773AF2FE 5 Bytes JMP 00170030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleIsCurrentClipboard 773B2489 5 Bytes JMP 00170070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[3772] ole32.dll!OleGetClipboard 773DF825 5 Bytes JMP 001700B0

---- Trace I/O - GMER 2.1 ----

Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85de6698]<< 85de6698
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b5a030] 85b5a030
Trace 3 CLASSPNP.SYS[87bc159e] -> nt!IofCallDriver -> [0x85df3ef8] 85df3ef8
Trace \Driver\00000493[0x85df4350] -> IRP_MJ_CREATE -> 0x85de6698 85de6698

---- Modules - GMER 2.1 ----

Module (noname) (*** hidden *** ) 8B854000-8B869000 (86016 bytes)

---- Processes - GMER 2.1 ----

Process C:\Windows\System32\svchost.exe (*** hidden *** ) 1336

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Files - GMER 2.1 ----

File C:\Windows\$NtUninstallKB43389$\2657797194 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\@ 2048 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\00000004.@ 804 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\201d3dde 198 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\24fb4792 69 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\4cce1f70 2044 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\6715e287 69 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\76603ac3 2415 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\L\xadqgnnk 108544 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U 0 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\00000004.@ 2048 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\00000008.@ 1024 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\000000cb.@ 1632 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\80000000.@ 11776 bytes
File C:\Windows\$NtUninstallKB43389$\624790592\U\80000032.@ 90624 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1H0X9XI0\iframe3[5].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\st[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\player[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAX244AE\view[1].htm 198 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\stCA5XDO69 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\stCAQS2GKW 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3GCYD5Q\st[11] 0 bytes

---- EOF - GMER 2.1 ----



Vielen Dank im Voraus für eure Hilfe. Ich muss aber leider sagen, dass ich erst wieder am Montag eure Hinweise befolgen kann.

 

Themen zu System Anti Virus
0x8007042, 7-zip, antivirus, bho, canon, classpnp.sys, error, explorer, firefox, flash player, format, home, install.exe, logfile, mozilla, ntdll.dll, ntopenkeyex, nvidia, object, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, system, system anti virus, system care, temp, updates, virus, warnung, windows


« mydirtyhobby, anhang nicht geöffnet, avira half | Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause. »


Ähnliche Themen: System Anti Virus


  1. System doctor 2014 -> Google -> Spyhunter 4 -> Malebytes Anti Root kit
    Log-Analyse und Auswertung - 15.06.2013 (11)
  2. System Care Anti Virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (5)
  3. System Care Anti Virus
    Plagegeister aller Art und deren Bekämpfung - 27.05.2013 (31)
  4. System Care Anti Virus...auch mich hat es erwischt
    Log-Analyse und Auswertung - 27.05.2013 (12)
  5. 100 Euro Virus / IDP.Trojan.4724C1BC / AVG Anti-Virus nicht aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (18)
  6. Nach Troja: System läßt bei keinem Anti-Virus/Spy Programm Echtzeitschutz mehr zu
    Log-Analyse und Auswertung - 09.10.2012 (22)
  7. Anti-Virus Free Edition 2011 - Findet Virus namens Hacktool.QXO
    Mülltonne - 11.11.2011 (0)
  8. Malwarebytes Anti-Malware und System-Volume-Information
    Plagegeister aller Art und deren Bekämpfung - 14.07.2011 (37)
  9. Anti Virus Anti Spyware 2011 - Nach der Anleitung von AdminBot / DaGuRu gelöscht
    Log-Analyse und Auswertung - 03.04.2011 (1)
  10. Welcher Virus? Anti-Virus startet nicht mehr, MalWare Go
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (1)
  11. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)
  12. Anti-Malware Doctor entfernt, unklar ob das System clean ist
    Log-Analyse und Auswertung - 30.08.2010 (22)
  13. Antimalware Doctor - Probleme mit System trotz Entfernung durch Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (9)
  14. Anti Viren System
    Antiviren-, Firewall- und andere Schutzprogramme - 07.01.2010 (1)
  15. System Security 2009 Rogue Anti Spyware
    Plagegeister aller Art und deren Bekämpfung - 13.06.2009 (0)
  16. System Anti Virus 2008 - Hilfe bitte!
    Log-Analyse und Auswertung - 07.10.2008 (1)
  17. Trojaner getarnt als Anti virus System
    Mülltonne - 22.06.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema System Anti Virus - Hallo, liebe Helfer, auch ich habe mir System Care Antivirus eingefangen. Der Administratoraccount kommt nicht mehr ins Internet. Ich habe nun aber gelesen, man soll nicht die Hinweise der anderen - System Anti Virus...
Archiv
Du betrachtest: System Anti Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19