| |
| |||||||
Log-Analyse und Auswertung: Click to Continue entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.07.2013, 23:20
| #1 |
| |  Click to Continue entfernen Hey, ich habe das Problem, dass auf vielen Webseiten manche Wörter unterstrichen sind und wenn ich mit der Maus drübergehe erscheint eine Werbeanzeige und darunter steht click to continue by text enhance. Manchmal öffnen sich auch neue Fenster mit Werbung. Hier zum Beispiel mal ein Screenshot, den ich bei meiner Anmeldung von den Regeln gemacht habe:  Und hier die Logs von Defogger, OTL und gmer: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:17 on 14/07/2013 (Leon)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 13.07.2013 23:32:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,84% Memory free 4,00 Gb Paging File | 2,42 Gb Available in Paging File | 60,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 347,47 Gb Free Space | 74,60% Space Free | Partition Type: NTFS Drive D: | 465,75 Gb Total Space | 324,86 Gb Free Space | 69,75% Space Free | Partition Type: NTFS Drive E: | 680,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 3,66 Gb Total Space | 0,55 Gb Free Space | 15,16% Space Free | Partition Type: FAT32 Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.13 23:06:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe PRC - [2013.07.12 20:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2013.06.27 23:48:10 | 006,427,008 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe PRC - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe PRC - [2012.11.13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe ========== Modules (No Company Name) ========== MOD - [2013.07.12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll MOD - [2013.07.12 20:49:43 | 013,599,184 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll MOD - [2013.07.12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\pdf.dll MOD - [2013.07.12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\libglesv2.dll MOD - [2013.07.12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\libegl.dll MOD - [2013.07.12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.07.12 18:21:37 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2013.06.11 21:49:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.30 07:39:10 | 004,889,032 | ---- | M] (SafeNet Inc.) [Disabled | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2011.09.23 00:40:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.02.23 07:59:00 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85710821-D163-42ED-85CC-3995B8456DBE}\MpKslf78d58f6.sys -- (MpKslf78d58f6) DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F45C2DA3-4E9C-48A6-A3F2-9E0501F87490}\MpKsl27a6719c.sys -- (MpKsl27a6719c) DRV - [2013.01.03 19:19:03 | 000,105,728 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura) DRV - [2012.07.26 16:05:44 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BSMEM.sys -- (BSMEM) DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner) DRV - [2012.01.17 19:52:11 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.10.04 13:03:48 | 000,367,560 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2011.09.23 00:40:00 | 010,318,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.08.10 14:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.05.06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.01.18 07:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 B6 2C BB 2D C3 CC 01 [binary data] IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Leon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Leon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.02 18:27:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2013.07.13 23:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\Mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Adblock Plus = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: Adblock for Youtube\u2122 = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\1.8_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKU\S-1-5-21-1348207587-1662218007-360504778-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O4 - Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Papa.Leon-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61E8E280-4D5B-4B7E-9B45-21FBCCC908F9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6975DBD5-D701-45AF-9D4B-C1FE64F909D5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\linkscanner - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.12 18:11:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.08.16 22:25:01 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.08.28 20:21:40 | 3327,074,647 | ---- | M] () - H:\Autodesk_3ds_Max_2012_German_Win_32-64bit.exe -- [ FAT32 ] O33 - MountPoints2\{705fcb28-2f1e-11e1-9b64-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{705fcb28-2f1e-11e1-9b64-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchRC.exe -- [2004.12.10 23:37:26 | 000,593,920 | R--- | M] () O33 - MountPoints2\{7c90b315-324a-11e1-bc0f-003067a4b1fc}\Shell - "" = AutoRun O33 - MountPoints2\{7c90b315-324a-11e1-bc0f-003067a4b1fc}\Shell\AutoRun\command - "" = I:\MediaManager.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.13 23:24:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe [2013.07.13 23:15:44 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Mozilla [2013.07.13 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.07.13 18:31:15 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.07.13 18:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.13 18:09:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.13 00:12:33 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\CrashDumps [2013.07.12 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Autodesk [2013.07.12 18:21:43 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Inventor Server x86 Autodesk 3ds Max 2012 32-bit - German [2013.07.12 18:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2013.07.12 18:20:27 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\3dsMax [2013.07.12 18:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2013.07.12 18:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2013.07.12 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2013.07.12 18:11:26 | 000,000,000 | ---D | C] -- C:\Autodesk [2013.07.12 17:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.07.12 17:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.07.12 17:08:45 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Google [2013.07.12 17:06:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Mozilla [2013.07.12 17:04:57 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\VirtualStore [2013.07.12 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Apps [2013.07.12 15:09:29 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Autodesk [2013.07.11 21:42:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Star Wars Republic Commando II - Kopie [2013.07.11 20:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.11 13:47:04 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\.minecraft [2013.07.11 00:20:26 | 000,000,000 | ---D | C] -- C:\UDK [2013.07.10 20:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.07.10 20:10:09 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2013.07.10 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Battlefield 3 [2013.07.10 19:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.07.10 19:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Battlefield 3 [2013.07.10 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\NVIDIA [2013.07.09 19:03:48 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.07.09 18:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.07.09 18:16:24 | 000,017,024 | ---- | C] (BIOSTAR Group) -- C:\Windows\System32\drivers\BSMEM.sys [2013.07.09 16:27:41 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.07.09 14:00:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.07.09 11:11:58 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Apple Computer [2013.07.09 11:11:29 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.07.09 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.07.09 10:39:33 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Canon [2013.07.01 17:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.07.01 17:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.07.01 17:03:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.07.01 17:03:14 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2013.07.01 17:02:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.07.01 17:02:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING [2013.07.01 16:59:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJETV [2013.07.01 16:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.06.30 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Star Wars Republic Commando II Development Files [2013.06.29 23:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.06.29 23:50:09 | 000,000,000 | ---D | C] -- C:\Fraps [2012.11.05 20:59:17 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Users\Leon\FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 [2011.12.25 20:14:31 | 000,032,768 | ---- | C] (Macrovision Corporation) -- C:\Users\Leon\objectps.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.13 23:25:27 | 000,377,856 | ---- | M] () -- C:\Users\Leon\Desktop\gmer_2.1.19163.exe [2013.07.13 23:23:45 | 000,050,477 | ---- | M] () -- C:\Users\Leon\Desktop\Defogger.exe [2013.07.13 23:18:45 | 000,133,369 | ---- | M] () -- C:\Users\Leon\Desktop\Unbenannt.JPG [2013.07.13 23:18:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.13 23:13:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA.job [2013.07.13 23:06:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe [2013.07.13 23:04:13 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.13 23:04:13 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.13 22:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.13 22:57:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.13 22:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.13 22:56:59 | 1609,523,200 | -HS- | M] () -- C:\hiberfil.sys [2013.07.13 22:53:58 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003UA.job [2013.07.13 18:44:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003Core.job [2013.07.13 18:31:16 | 000,002,246 | ---- | M] () -- C:\Users\Leon\Desktop\SpyHunter.lnk [2013.07.13 18:07:36 | 000,000,168 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.07.13 17:16:16 | 000,323,216 | ---- | M] () -- C:\Users\Leon\Desktop\CloneTrooperWave.FBX [2013.07.13 16:22:03 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.12 18:21:11 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max.lnk [2013.07.12 15:13:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core.job [2013.07.12 15:06:51 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.12 15:06:51 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.12 15:06:51 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.12 15:06:51 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.12 13:49:15 | 000,001,242 | ---- | M] () -- C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk [2013.07.12 12:55:18 | 000,000,004 | ---- | M] () -- C:\ProgramData\icw09hbs.inf [2013.07.11 15:18:49 | 000,001,739 | ---- | M] () -- C:\Users\Leon\Desktop\UDK.lnk [2013.07.10 19:27:47 | 000,000,975 | ---- | M] () -- C:\Users\Leon\Desktop\Battlefield 3.lnk [2013.07.09 14:20:55 | 173,592,306 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.07.09 11:11:29 | 000,001,228 | ---- | M] () -- C:\Users\Leon\Desktop\Revo Uninstaller.lnk [2013.07.09 10:50:03 | 000,007,605 | ---- | M] () -- C:\Users\Leon\AppData\Local\Resmon.ResmonCfg [2013.06.30 18:17:10 | 000,546,732 | ---- | M] () -- C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend [2013.06.29 23:50:09 | 000,000,568 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.06.29 23:16:05 | 000,990,472 | ---- | M] () -- C:\Users\Leon\AppData\Local\CloneTrooper.blend [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.13 23:28:33 | 000,377,856 | ---- | C] () -- C:\Users\Leon\Desktop\gmer_2.1.19163.exe [2013.07.13 23:23:53 | 000,050,477 | ---- | C] () -- C:\Users\Leon\Desktop\Defogger.exe [2013.07.13 23:18:44 | 000,133,369 | ---- | C] () -- C:\Users\Leon\Desktop\Unbenannt.JPG [2013.07.13 18:31:16 | 000,002,246 | ---- | C] () -- C:\Users\Leon\Desktop\SpyHunter.lnk [2013.07.13 18:07:30 | 000,000,168 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.07.13 16:57:17 | 000,323,216 | ---- | C] () -- C:\Users\Leon\Desktop\CloneTrooperWave.FBX [2013.07.12 18:21:11 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max.lnk [2013.07.12 17:09:13 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.12 17:08:50 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.12 17:08:49 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.11 22:21:59 | 000,001,242 | ---- | C] () -- C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk [2013.07.11 21:17:31 | 000,000,004 | ---- | C] () -- C:\ProgramData\icw09hbs.inf [2013.07.11 15:18:49 | 000,001,739 | ---- | C] () -- C:\Users\Leon\Desktop\UDK.lnk [2013.07.10 19:27:47 | 000,000,975 | ---- | C] () -- C:\Users\Leon\Desktop\Battlefield 3.lnk [2013.07.09 19:03:09 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA.job [2013.07.09 19:03:09 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core.job [2013.07.09 14:00:45 | 173,592,306 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.07.09 10:50:03 | 000,007,605 | ---- | C] () -- C:\Users\Leon\AppData\Local\Resmon.ResmonCfg [2013.06.30 18:17:10 | 000,546,732 | ---- | C] () -- C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend [2013.06.29 23:50:09 | 000,000,568 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.06.29 23:16:01 | 000,990,472 | ---- | C] () -- C:\Users\Leon\AppData\Local\CloneTrooper.blend [2013.04.02 21:42:23 | 000,001,982 | ---- | C] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.03.30 21:53:21 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013.02.15 17:56:13 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2013.02.15 17:56:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2013.02.02 16:41:43 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.08.10 13:46:34 | 000,000,040 | ---- | C] () -- C:\ProgramData\kqmfvkarpqehfvx [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys [2012.04.14 13:31:00 | 000,000,113 | ---- | C] () -- C:\Windows\disney.ini [2012.04.02 20:15:19 | 000,000,065 | ---- | C] () -- C:\Windows\Maus2.ini [2012.03.07 21:43:12 | 003,640,812 | ---- | C] () -- C:\Users\Leon\AppData\Local\clone trooper phase 1 .blend [2012.03.07 21:41:47 | 004,544,340 | ---- | C] () -- C:\Users\Leon\AppData\Local\clone trooper phase 1.blend [2012.03.07 21:39:42 | 004,245,768 | ---- | C] () -- C:\Users\Leon\AppData\Local\clone trooper pilot.blend [2012.03.07 21:33:50 | 002,018,768 | ---- | C] () -- C:\Users\Leon\AppData\Local\raumstation.blend [2012.03.07 21:16:03 | 000,965,224 | ---- | C] () -- C:\Users\Leon\AppData\Local\air taxi.blend [2012.03.07 21:05:46 | 003,709,820 | ---- | C] () -- C:\Users\Leon\AppData\Local\raumschiff.blend [2012.03.05 20:53:28 | 003,982,856 | ---- | C] () -- C:\Users\Leon\AppData\Local\naboo starfighter.blend [2012.03.05 20:45:46 | 005,410,136 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade fedration aat.blend [2012.03.05 20:40:28 | 005,394,592 | ---- | C] () -- C:\Users\Leon\AppData\Local\vulture droid 3.blend [2012.03.05 20:37:34 | 003,659,144 | ---- | C] () -- C:\Users\Leon\AppData\Local\vulture droid 2.blend [2012.03.04 21:46:02 | 007,484,724 | ---- | C] () -- C:\Users\Leon\AppData\Local\coruscant.blend [2012.03.04 21:40:12 | 004,450,008 | ---- | C] () -- C:\Users\Leon\AppData\Local\obi wan kenobi lightsaber.blend [2012.03.04 21:35:29 | 029,480,448 | ---- | C] () -- C:\Users\Leon\AppData\Local\at-te.blend1 [2012.03.04 21:35:29 | 029,459,208 | ---- | C] () -- C:\Users\Leon\AppData\Local\at-te.blend [2012.03.04 20:54:31 | 007,691,140 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation mtt.blend [2012.03.04 20:54:31 | 005,492,080 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation mtt.blend1 [2012.03.04 20:38:23 | 003,167,892 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation landing craft.blend [2012.03.04 20:38:23 | 003,164,556 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation landing craft.blend1 [2012.03.04 20:38:23 | 003,036,192 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation landing craft.blend2 [2012.03.04 20:35:25 | 010,051,088 | ---- | C] () -- C:\Users\Leon\AppData\Local\t-16 skyhopper.blend [2012.03.04 20:31:33 | 007,903,140 | ---- | C] () -- C:\Users\Leon\AppData\Local\vulture droid.blend [2012.03.04 20:27:39 | 017,466,176 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation blockade.blend [2012.03.04 20:19:10 | 018,744,624 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic gunship.blend [2012.03.03 22:12:13 | 020,214,200 | ---- | C] () -- C:\Users\Leon\AppData\Local\clonetrooper.blend1 [2012.03.03 22:12:13 | 020,205,608 | ---- | C] () -- C:\Users\Leon\AppData\Local\clonetrooper.blend2 [2012.03.02 19:38:12 | 000,415,620 | ---- | C] () -- C:\Users\Leon\AppData\Local\seperatist frigate.blend1 [2012.02.18 22:45:55 | 004,898,160 | ---- | C] () -- C:\Users\Leon\AppData\Local\logo.blend1 [2012.02.18 22:45:55 | 004,894,268 | ---- | C] () -- C:\Users\Leon\AppData\Local\logo.blend [2012.02.18 22:45:55 | 004,885,460 | ---- | C] () -- C:\Users\Leon\AppData\Local\logo.blend2 [2012.02.14 21:40:39 | 004,319,124 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic cruiser.blend1 [2012.02.14 21:40:39 | 004,306,892 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic cruiser.blend [2012.02.14 21:40:39 | 000,933,148 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic cruiser.blend2 [2012.01.25 19:50:06 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.01.25 19:50:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.01.25 19:46:21 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012.01.24 20:40:22 | 000,012,800 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe ========== ZeroAccess Check ========== [2012.12.25 14:27:29 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB35896$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GYX29CL3\t.cxt.ms\lso.swf\u.sol [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.12.25 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Amelie\AppData\Roaming\AVG10 [2011.12.25 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\Amelie\AppData\Roaming\OpenOffice.org [2011.12.25 20:36:38 | 000,000,000 | ---D | M] -- C:\Users\Amelie\AppData\Roaming\Thunderbird [2013.01.06 16:53:58 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\.minecraft [2013.02.03 16:39:45 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\AVG [2013.01.02 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\AVG2013 [2013.07.03 17:25:55 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Canon [2013.07.11 13:35:38 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\FRITZ! [2012.08.09 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\LEGO Company [2011.12.28 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\OpenOffice.org [2012.02.29 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Scribus [2011.12.26 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Thunderbird [2013.05.24 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\TuneUp Software [2012.06.30 13:22:28 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Ulead Systems [2012.03.23 13:26:58 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Unity [2013.01.26 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.01.26 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.07.11 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\.minecraft [2012.01.24 20:26:59 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\AnvSoft [2012.09.09 09:55:13 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Audacity [2013.07.12 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Autodesk [2013.06.11 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\AVG [2011.12.25 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Blender Foundation [2013.07.09 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Canon [2012.01.02 23:25:30 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.07.10 16:18:32 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.06.11 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\FRITZ! [2012.07.26 12:07:02 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\LEGO Company [2011.12.25 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OpenOffice.org [2012.07.19 19:00:54 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Petroglyph [2011.12.25 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Thunderbird [2012.02.21 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Ulead Systems [2011.12.25 20:37:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\AVG10 [2011.12.25 20:37:09 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\OpenOffice.org [2011.12.25 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\QuickStoresToolbar [2012.01.13 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC\AppData\Roaming\FRITZ! [2012.01.13 20:08:35 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC\AppData\Roaming\Thunderbird [2013.01.29 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Autodesk [2013.01.29 16:55:14 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\AVG2013 [2013.07.01 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Canon [2012.08.08 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\FRITZ! [2012.08.08 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\QuickScan [2012.02.21 17:58:49 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Scribus [2013.01.29 16:55:35 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\TuneUp Software [2012.02.21 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Ulead Systems [2012.08.08 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\uTorrent [2013.01.26 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB35896$] -> Error: Cannot create file handle -> Unknown point type < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-14 00:08:14
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\00000061 SAMSUNG_ rev.1AJ1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Leon\AppData\Local\Temp\kwtdapog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x82E45FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82E45FEC] ZwCreateKey [0x82E45FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x82E45FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82E45FF1] ZwOpenKey [0x82E45FF1]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82E45FFB
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E833C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82EC3E74 4 Bytes [EC, 5F, E4, 82] {IN AL, DX; POP EDI; IN AL, 0x82}
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 82EC4034 4 Bytes [F1, 5F, E4, 82] {INT1 ; POP EDI; IN AL, 0x82}
? C:\Windows\system32\drivers\afd.sys suspicious PE modification
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9DE99000, 0x49C57, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9DEF0224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9DEF0000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9DEF4400, 0x6EED8, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DF7F020] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DF7F020]
.protectÿÿÿÿhardlockunknown last code section [0x9DF7EE00, 0x50BA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9DF7EE00, 0x50BA, 0xE0000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, AC, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, AF, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, AC, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, AD, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F08D50 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, AE, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, AD, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, AE, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F08DE1 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, AC, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F08F9F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, AD, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, AE, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, AF, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, A0, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, A3, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, A0, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, A1, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F10944 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, A2, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, A1, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, A2, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F109D5 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, A0, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F10B93 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, A1, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, A2, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, A3, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, AC, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, AF, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, AC, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, AD, 01, 01] {TEST AL, 0xad; ADD [ECX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F15F50 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, AE, 01, 01] {TEST AL, 0xae; ADD [ECX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, AD, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, AE, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F15FE1 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, AC, 01, 01] {TEST AL, 0xac; ADD [ECX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F1619F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, AD, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, AE, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, AF, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, 90, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, 93, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, 90, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, 91, 38, 00] {TEST AL, 0x91; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F09634 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, 92, 38, 00] {TEST AL, 0x92; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, 91, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, 92, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F096C5 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, 90, 38, 00] {TEST AL, 0x90; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F09883 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, 91, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, 92, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, 93, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, 80, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, 83, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, 80, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, 81, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F09B24 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, 82, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, 81, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, 82, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F09BB5 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, 80, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F09D73 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, 81, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, 82, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, 83, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
---- Devices - GMER 2.1 ----
Device \Driver\partmgr \Device\PartmgrControl aksfridge.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8657b698]<< 8657b698
Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85c68a20] 85c68a20
Trace 3 CLASSPNP.SYS[88fab59e] -> nt!IofCallDriver -> [0x86597668] 86597668
Trace \Driver\00000723[0x86553f38] -> IRP_MJ_CREATE -> 0x8657b698 8657b698
---- Modules - GMER 2.1 ----
Module (noname) (*** hidden *** ) 8F29A000-8F2CE000 (212992 bytes)
 |
| Themen zu Click to Continue entfernen |
| adblock, adobe, adobe flash player, autorun, avg, bho, classpnp.sys, continue, dsl, entfernen, error, esgscanner.sys, explorer, firefox, flash player, format, google, home, logfile, maus, ntdll.dll, nvidia, object, plug-in, problem, programme, registry, scan, software, unterstrichen, windows, wmp, wörter, wörter unterstrichen |
Baum-Darstellung