| |
| |||||||
Log-Analyse und Auswertung: Spybot meldet: Win32.Downloader.gen - Maleware CWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.12.2013, 00:13
| #1 |
| |  Spybot meldet: Win32.Downloader.gen - Maleware C Hallo, Spybot meldet die im Titel genannte Maleware. Avira Free und Malewarebytes finden diese nicht. Ich kann keine Veränderung am Rechner feststellen. Bei googlen zum Thema bin ich auf Eure Seite gestoßen und möchte der Sache nun nachgehen. Der komplette Scan mit Avira Free hat zuletzt 0 Treffer ergeben, der Echtzeit-Scanner hat am früheren Abend jedoch was gefunden, hier die Logs: 1. Additional; 2. FRST; 3. GMER; 4. Malewarebytes; 5. Avira Free Vorab schon einmal danke! 1. AdditionalFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-12-2013
Ran by Admin at 2013-12-19 19:50:25
Running from C:\Firefox Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958)
1&1 Surf-Stick (Version: 1.0.0.2)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
AC3Filter 1.63b (Version: 1.63b)
Acer Arcade Deluxe (Version: 1.14.5018)
Acer Crystal Eye webcam (Version: 1.0.14)
Acer Crystal Eye webcam (Version: 5.7.29.500-1.0)
Acer GridVista (Version: 2.72.317)
Acer Mobility Center Plug-In (Version: 1.0.4301)
Acer ScreenSaver (Version: 1.21.20071207)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Amazon MP3-Downloader 1.0.9
Anki
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 12.7.0.2390) <==== ATTENTION
ATI Catalyst Install Manager (Version: 3.0.664.0)
Avira Free Antivirus (Version: 14.0.2.286)
Avira SearchFree Toolbar (Version: 12.6.0.1900)
Bamboo Dock (Version: 4.0.0)
Bamboo Dock 3.3 (Version: 3.3)
Bass Audio Decoder (remove only)
Boxcryptor 2.0 (Version: 2.0.402.252)
Broadcom Gigabit Integrated Controller (Version: 10.15.10)
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.2.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248)
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248)
CCC Help Chinese Standard (Version: 2008.0508.2150.37248)
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248)
CCC Help Czech (Version: 2008.0508.2150.37248)
CCC Help Danish (Version: 2008.0508.2150.37248)
CCC Help Dutch (Version: 2008.0508.2150.37248)
CCC Help English (Version: 2008.0508.2150.37248)
CCC Help Finnish (Version: 2008.0508.2150.37248)
CCC Help French (Version: 2008.0508.2150.37248)
CCC Help German (Version: 2008.0508.2150.37248)
CCC Help Greek (Version: 2008.0508.2150.37248)
CCC Help Hungarian (Version: 2008.0508.2150.37248)
CCC Help Italian (Version: 2008.0508.2150.37248)
CCC Help Japanese (Version: 2008.0508.2150.37248)
CCC Help Korean (Version: 2008.0508.2150.37248)
CCC Help Norwegian (Version: 2008.0508.2150.37248)
CCC Help Polish (Version: 2008.0508.2150.37248)
CCC Help Portuguese (Version: 2008.0508.2150.37248)
CCC Help Russian (Version: 2008.0508.2150.37248)
CCC Help Spanish (Version: 2008.0508.2150.37248)
CCC Help Swedish (Version: 2008.0508.2150.37248)
CCC Help Thai (Version: 2008.0508.2150.37248)
CCC Help Turkish (Version: 2008.0508.2150.37248)
ccc-core-static (Version: 2008.0508.2151.37248)
ccc-utility (Version: 2008.0508.2151.37248)
CCleaner (Version: 4.08)
CD Audio Reader Filter (remove only)
DCoder Image Source (remove only)
DirectVobSub (remove only)
DivX-Setup (Version: 2.6.1.44)
DScaler 5 Mpeg Decoders
EaseUS Partition Master 9.2.2
ElsterFormular (Version: 14.4.20130909)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.3.0.0)
EPSON Easy Photo Print (Version: 1.5.0.0)
EPSON File Manager (Version: 1.3.0.0)
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
EPSON-Drucker-Software
ESET Online Scanner v3
f4 2012
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FireJump (Version: 1.0.2.5)
Foxit Creator (Version: 3,0,2,0506)
Foxit PDF Editor (Version: 2.2.0.0205)
Foxit PDF IFilter (Version: 2.1.1.1503)
Free 3D Photo Maker version 2.0
Free FLV Converter V 6.92.0 (Version: 6.92.0.0)
Free Studio version 2013 (Version: 6.1.12.925)
Free Video to MP3 Converter version 5.0.28.827 (Version: 5.0.28.827)
Free YouTube Download version 3.2.11.812 (Version: 3.2.11.812)
Free YouTube to MP3 Converter version 3.12.8.717 (Version: 3.12.8.717)
FreeRIP 4.1.1 (Version: 4.1.1)
Gabest MPEG Splitter (remove only)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 5.1.7938.4346)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
GPL Ghostscript 8.71
Haali Media Splitter
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2 (Version: 2.0.2)
Intel® Matrix Storage Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 35 (Version: 6.0.350)
Launch Manager
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Image Composite Editor (Version: 1.3.5)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0822)
MONOGRAM AMR Splitter/Decoder (remove only)
MOV Player 1.0.1
Mozilla Firefox 11.0 (x86 de) (Version: 11.0)
Mozilla Thunderbird (3.1.6) (Version: 3.1.6 (de))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MyFreeCodec
NCH DE Toolbar (Version: 6.10.2.5)
No23 Recorder (Version: 2.1.0.3)
Nokia Connectivity Cable Driver (Version: 6.80.5.1)
OpenOffice.org 3.1 (Version: 3.1.9420)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paint.NET v3.5.11 (Version: 3.61.0)
PandoraRecovery (Remove Only)
PHOTOfunSTUDIO 6.0 (Version: 6.00.135)
Picasa 3 (Version: 3.9)
Pinnacle TVCenter Pro
PowerProducer (Version: 4.1.2821)
QuickTime (Version: 7.74.80.86)
RealMedia (remove only)
Realtek High Definition Audio Driver (Version: 6.0.1.5470)
Revo Uninstaller 1.94 (Version: 1.94)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (Version: 3.55.01)
Samsung Kies (Version: 2.3.0.12035_16)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
Sentinel Protection Installer 7.2.2 (Version: 7.2.2)
SHOUTcast Source (remove only)
Similarity 1.1.0 (Version: 1.1.0)
Skins (Version: 2008.0508.2151.37248)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.11 (Version: 6.11.102)
Spybot - Search & Destroy (Version: 1.6.2)
Super LoiLoScope WebShortcut (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 10.0.15.0)
Tinypic 3.18 (Version: Tinypic 3.18)
TreeSize Free V2.4 (Version: 2.4)
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.11 (Version: 1.1.11)
WDR RadioRecorder
WebTablet IE Plugin (Version: 1.1.0.5)
WebTablet Netscape Plugin (Version: 1.1.0.4)
Winbond CIR Drivers (Version: 7.60.1002)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Winload Toolbar (Version: )
WinRAR archiver
Yahoo! Toolbar
YTD Video Downloader 4.7.2 (Version: 4.7.2)
Zattoo4 4.0.5 (Version: 4.0.5)
Zoom Player (remove only)
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 11:23 - 2010-01-29 19:34 - 00377782 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F3965DE-07AB-4512-9FB8-1EC6129ECEA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {209AC4DD-A31C-458F-AF5B-87EDEA8A27BC} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files\PC Beschleunigen\PCSUSD.exe
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42B5C135-A18C-4040-B00F-B770309AA7C7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4F080D81-EC90-4690-8946-3A725C871404} - System32\Tasks\{85125C2B-B683-495F-A717-C8BE4C7F6868} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/de/go/help.faq.installer?LastError=1601
Task: {662A469B-80FD-4D23-A956-B2A1BE6B8B00} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {6C87FA89-24D7-4AD9-A3C3-5B68E36AC389} - System32\Tasks\Microsoft\Windows\RestartManager\{D6CA3FFF-2561-4ddc-A062-142F27973501} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {8991C7F1-55F2-4E06-A272-2265BF86FA3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {976A5FEF-9A3E-405A-ABF0-813B392966C9} - System32\Tasks\NCH Software\ExpressReminder => C:\Users\Guido\AppData\Roaming\NCH Software\Program Files\Express\express.exe [2012-11-18] (NCH Software)
Task: {A4C21FE3-82C6-4924-A36F-6E1C2BC1C107} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {C1B48E07-5F90-496E-8A3D-3285F91BE838} - System32\Tasks\NCH Software\ScribeDowngrade => C:\Users\Guido\AppData\Roaming\NCH Software\Program Files\Scribe\scribe.exe [2012-10-05] (NCH Software)
Task: {C1C280CE-86A3-4DB6-AD07-8AEE038EE3FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-22] (Google Inc.)
Task: {DD769FD6-D6F4-440D-B304-3AA167D7AA79} - System32\Tasks\{B9071283-9FC5-4588-9D88-9452394366F9} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F68CA666-231E-43ED-B37D-A9C71CB15C30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-12 00:53 - 2008-05-08 23:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2010-02-06 11:36 - 2009-12-12 15:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2010-03-24 11:52 - 2011-08-01 13:20 - 08617472 _____ () C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
2010-03-24 11:52 - 2011-08-02 11:15 - 00213504 _____ () C:\Program Files\Tobit Radio.fx\Client\rfx-client$.ger
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Guido\AppData\Roaming\Dropbox\bin\libcef.dll
2009-08-18 15:54 - 2009-08-18 15:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2009-08-19 10:28 - 2009-08-19 10:28 - 00139264 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll
2009-04-16 13:03 - 2009-04-16 13:03 - 00166400 _____ () C:\Program Files\OpenOffice.org 3\Basis\program\libxslt.dll
2011-06-23 14:20 - 2011-06-23 14:20 - 00638560 ____N () C:\Program Files\Conduit\Community Alerts\Alert.dll
2013-11-16 16:28 - 2013-11-16 16:28 - 03363952 _____ () C:\Users\Guido\AppData\Local\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SYMTDI => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (12/19/2013 02:53:04 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x80070422).
Error: (12/19/2013 02:15:12 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{121A3D04-95C4-49BC-A2BF-08C5A64657CC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2013 02:14:54 PM) (Source: Application Hang) (User: )
Description: Programm SpybotSD.exe, Version 1.6.2.46 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 15a0
Anfangszeit: 01cefcb59f4c40cf
Zeitpunkt der Beendigung: 26
Error: (12/19/2013 00:59:59 PM) (Source: EventSystem) (User: )
Description: 80070005{121A3D04-95C4-49BC-A2BF-08C5A64657CC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (12/19/2013 11:23:38 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Pen_Tablet.exe, Version 5.2.3.4, Zeitstempel 0x4c3cd8eb, fehlerhaftes Modul Pen_Tablet.exe, Version 5.2.3.4, Zeitstempel 0x4c3cd8eb, Ausnahmecode 0xc0000005, Fehleroffset 0x000481e3,
Prozess-ID 0xc70, Anwendungsstartzeit Pen_Tablet.exe0.
Error: (12/19/2013 11:19:24 AM) (Source: .NET Runtime) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at System.Diagnostics.ProcessManager.OpenProcess(Int32, Int32, Boolean)
at System.Diagnostics.Process.GetProcessHandle(Int32, Boolean)
at System.Diagnostics.Process.OpenProcessHandle(Int32)
at System.Diagnostics.Process.get_Handle()
at Kies.App.CheckExistenceTrayAgent()
at Kies.App..ctor()
at Kies.App.Main()
Error: (12/19/2013 11:11:29 AM) (Source: Windows Search Service) (User: )
Description: Die Aktualisierung kann nicht gestartet werden, da kein Zugriff auf die Inhaltsquellen bestand. Beheben Sie die Fehler, und starten Sie die Aktualisierung erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (12/19/2013 11:11:23 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\LH0WUO84\ZZZZZZZZZZZZZZZZZZZZZ.ZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/19/2013 11:11:23 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YZPHRV46\ZZZZZZZZZZZZZZZZZZZZZ.ZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/19/2013 11:11:23 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\ADMIN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\M3YLWNA2\ZZZZZZZZZZZZZZZZZZZZZ.ZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
System errors:
=============
Error: (12/19/2013 00:59:35 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/19/2013 09:11:51 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/18/2013 06:04:03 PM) (Source: Service Control Manager) (User: )
Description: 30000AntiVirSchedulerService
Error: (12/18/2013 08:04:43 AM) (Source: DCOM) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}
Error: (12/18/2013 08:04:13 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst%%1053
Error: (12/18/2013 08:04:00 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player-Netzwerkfreigabedienst
Error: (12/18/2013 08:03:28 AM) (Source: Service Control Manager) (User: )
Description: Avira Browser-Schutz%%1053
Error: (12/18/2013 08:03:27 AM) (Source: Service Control Manager) (User: )
Description: 30000Avira Browser-Schutz
Error: (12/18/2013 08:02:08 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (12/17/2013 07:35:37 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
Error: (08/18/2012 08:20:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 58%
Total physical RAM: 3069.5 MB
Available physical RAM: 1261.12 MB
Total Pagefile: 6343.29 MB
Available Pagefile: 4065.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.1 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:68.45 GB) (Free:8.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:211.63 GB) (Free:16.84 GB) NTFS
Drive e: (APACER) (Removable) (Total:28.86 GB) (Free:10.27 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: BF6A0DB7)
Partition 1: (Not Active) - (Size=15 GB) - (Type=12)
Partition 2: (Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=212 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)
==================== End Of Log ============================
2. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-12-2013
Ran by Admin (administrator) on GUIDO-PC on 19-12-2013 19:49:37
Running from C:\Firefox Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SafeNet, Inc) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\1&1 Surf-Stick\UIExec.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Tobit.Software) C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Dropbox, Inc.) C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Realtek Semiconductor Corp.) C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Mozilla Corporation) C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-24] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2008-01-24] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [PLFSet] - rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM\...\Run: [UIExec] - C:\Program Files\1&1 Surf-Stick\UIExec.exe [139088 2010-09-30] ()
HKLM\...\Run: [BambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-10-10] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [EaseUS EPM tray] - C:\Users\Admin\Downloads\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-07] (APN)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-01-24] (Realtek Semiconductor Corp.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [4324120 2013-11-22] (Piriform Ltd)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\Windows\ACER\run_NB.exe [ 2007-08-21] ()
HKU\Gast\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
ShortcutTarget: FRITZ!DSL Internet.lnk -> C:\Program Files\FRITZ!DSL\FritzDsl.exe (No File)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
URLSearchHook: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
URLSearchHook: HKLM - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - No File
URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {D74A3892-F57E-480B-8501-3A03683A21BD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {DB9733F3-39C3-43BD-A7AA-278EFF59C77F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=8e284242-30a3-4c3c-b7f3-7774ec3caf3b&apn_sauid=4157D447-68F3-482C-A260-D87C26D2C9CF
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
Toolbar: HKLM - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKCU - Winload Toolbar - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - NCH DE Toolbar - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Program Files\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\user.js
FF DefaultSearchEngine: NCH DE Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: www.ecosia.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: FireJump - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\firejump@firejump.net
FF Extension: BrowseToolE0191 Community Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF Extension: Yahoo! Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: NCH DE - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
FF Extension: Ecosia (eco-friendly search engine) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
FF Extension: preisspion.de - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\finder@meingutscheincode.de.xpi
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: Ask Toolbar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\toolbar_SGT-V7@apn.ask.com.xpi
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\extensions\firejump@firejump.net
FF Extension: FireJump - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\a9fjsumn.default\extensions\firejump@firejump.net
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [ommhmgednjnodcljhlljkaiidghdmikk] - C:\Users\Admin\AppData\Local\CRE\ommhmgednjnodcljhlljkaiidghdmikk.crx
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-07] (APN LLC.)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
R2 Radio.fx; C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe [3673944 2011-11-18] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-04] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [206400 2006-03-14] (SafeNet, Inc)
R2 UI Assistant Service; C:\Program Files\1&1 Surf-Stick\AssistantServices.exe [253264 2010-09-30] ()
S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2013-03-07] ()
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [596352 2008-06-11] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.)
U0 recvtk; C:\Windows\System32\drivers\igakf.sys [54016 2013-12-19] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-17] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-05] (Avira GmbH)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-24] (Winbond Electronics Corporation)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
U3 al53qzg5; C:\Windows\System32\Drivers\al53qzg5.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-19 19:48 - 2013-12-19 19:48 - 00000000 ____D C:\FRST
2013-12-19 19:40 - 2013-12-19 19:46 - 00001011 _____ C:\Users\Admin\Desktop\Continue Mipony Download Accelerator Installation.lnk
2013-12-19 12:58 - 2013-12-19 12:58 - 00054016 _____ C:\Windows\system32\Drivers\igakf.sys
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-18 14:14 - 2013-12-19 10:49 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-17 21:26 - 2013-12-18 14:15 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-15 13:57 - 2013-12-15 13:58 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:10 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:10 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:10 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 08:10 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 08:10 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:10 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:10 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 08:10 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:10 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:09 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:09 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:09 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:09 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 08:56 - 2013-10-30 03:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 08:56 - 2013-10-30 02:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 08:56 - 2013-10-30 01:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 08:56 - 2013-10-30 01:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 08:56 - 2013-10-22 08:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 08:56 - 2013-10-11 03:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 08:56 - 2013-10-11 03:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 08:56 - 2013-10-11 01:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 08:56 - 2013-10-11 01:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-11-29 10:16 - 2013-12-06 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:32 - 2013-11-24 10:40 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:39 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-22 12:38 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-22 12:38 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2013-12-19 19:48 - 2013-12-19 19:48 - 00000000 ____D C:\FRST
2013-12-19 19:46 - 2013-12-19 19:40 - 00001011 _____ C:\Users\Admin\Desktop\Continue Mipony Download Accelerator Installation.lnk
2013-12-19 19:12 - 2012-04-04 12:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-19 19:12 - 2010-02-22 09:15 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 18:26 - 2012-10-10 14:31 - 01499916 _____ C:\Windows\WindowsUpdate.log
2013-12-19 15:12 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-19 15:12 - 2006-11-02 13:47 - 00004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-19 13:32 - 2010-01-29 18:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-19 13:27 - 2010-02-22 09:15 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 12:58 - 2013-12-19 12:58 - 00054016 _____ C:\Windows\system32\Drivers\igakf.sys
2013-12-19 12:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Speech
2013-12-19 12:57 - 2013-08-28 13:31 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-12-19 12:18 - 2011-01-03 18:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-12-19 11:09 - 2010-01-14 21:17 - 00000000 ____D C:\Program Files\CCleaner
2013-12-19 11:07 - 2010-01-14 16:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-19 11:04 - 2013-12-19 11:04 - 00000000 ____D C:\Users\Admin\AppData\Local\AskPartnerNetwork
2013-12-19 10:49 - 2013-12-18 14:14 - 00009352 _____ C:\Users\Guido\Desktop\Zugangsdaten.odt
2013-12-19 10:21 - 2010-01-14 17:19 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Skype
2013-12-19 10:13 - 2008-01-21 08:16 - 00006626 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 09:22 - 2011-07-28 10:50 - 00000000 ___RD C:\Users\Guido\Dropbox
2013-12-19 09:22 - 2011-07-28 10:48 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Dropbox
2013-12-19 09:19 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-19 09:11 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-18 21:56 - 2006-11-02 14:01 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-18 21:50 - 2013-05-01 14:10 - 00000000 ____D C:\Users\Guido\Documents\Anki
2013-12-18 14:15 - 2013-12-17 21:26 - 00008799 _____ C:\Users\Guido\Desktop\Silvester Liederliste.odt
2013-12-17 18:56 - 2010-04-29 16:25 - 00017408 _____ C:\Users\Guido\AppData\Local\WebpageIcons.db
2013-12-17 13:42 - 2013-08-05 14:21 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-17 13:42 - 2013-08-05 14:21 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 03:00 - 2010-02-19 19:05 - 00007620 _____ C:\Users\Guido\AppData\Local\d3d9caps.dat
2013-12-15 13:58 - 2013-12-15 13:57 - 555514226 _____ C:\Users\Guido\Desktop\Pascal Schumacher Quartet live - XIX Festiwal Jazz na Starówce 2013.mp4
2013-12-13 08:23 - 2010-01-11 15:58 - 00000000 ____D C:\Windows\system32\RTCOM
2013-12-13 08:20 - 2008-03-25 15:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 08:16 - 2013-08-02 15:12 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 08:12 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-11 19:12 - 2012-04-04 12:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 19:12 - 2011-05-20 07:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:54 - 2010-01-14 17:35 - 00000000 ____D C:\Program Files\Google
2013-12-09 16:07 - 2011-07-14 16:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Foxit Software
2013-12-08 13:53 - 2010-01-14 15:34 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Adobe
2013-12-08 13:52 - 2010-03-24 16:05 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-12-08 13:51 - 2013-12-08 13:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-08 13:51 - 2010-12-20 23:17 - 00000000 ____D C:\Program Files\Adobe
2013-12-08 13:51 - 2008-03-25 15:09 - 00000000 ____D C:\ProgramData\Adobe
2013-12-07 17:32 - 2013-10-13 16:54 - 00000000 ____D C:\Users\Guido\Desktop\Webseite
2013-12-07 17:23 - 2013-09-24 13:21 - 00000000 ____D C:\Users\Guido\AppData\Local\Paint.NET
2013-12-06 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-04 13:05 - 2011-07-08 09:38 - 00000000 ____D C:\Users\Guido\AppData\Roaming\Foxit Software
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ___RD C:\Program Files\Skype
2013-12-02 12:38 - 2010-01-14 17:19 - 00000000 ____D C:\ProgramData\Skype
2013-12-02 09:04 - 2013-12-02 09:04 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-12-02 08:34 - 2012-05-13 15:16 - 00000000 ____D C:\Users\Guido\Documents\SelfMV
2013-11-30 18:45 - 2013-08-05 14:21 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-29 10:35 - 2013-11-02 14:43 - 00007934 _____ C:\Users\Guido\Desktop\Wohnungsanzeigen.odt
2013-11-29 10:16 - 2013-11-29 10:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-27 11:39 - 2013-11-27 11:39 - 00008988 _____ C:\Users\Guido\Desktop\Adecco.odt
2013-11-24 10:40 - 2013-11-24 10:32 - 00000000 ____D C:\Users\Guido\Desktop\Boney M
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 12:39 - 2013-11-22 12:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 12:38 - 2013-11-22 12:38 - 00004874 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-22 12:38 - 2010-01-14 17:00 - 00000000 ____D C:\Program Files\Java
2013-11-19 18:12 - 2013-11-01 14:32 - 00025065 _____ C:\Users\Guido\Desktop\Wohnungsanschreiben.odt
2013-11-19 03:33 - 2010-01-15 09:31 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\Admin\BackupResult.DAT
C:\Users\Admin\HiJackThis204.exe
C:\Users\Admin\SCHDLR.DAT
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\temp\avgnt.exe
C:\Users\Admin\AppData\Local\temp\ICReinstall_DownloadAcceleratorSetup.exe
C:\Users\Admin\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Gast\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Guido\AppData\Local\temp\avgnt.exe
C:\Users\Guido\AppData\Local\temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-19 09:25
==================== End Of Log ============================
3. GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-19 20:21:07
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fwdoqpob.sys
---- System - GMER 2.1 ----
SSDT 8F887936 ZwCreateSection
SSDT 8F887940 ZwRequestWaitReplyPort
SSDT 8F88793B ZwSetContextThread
SSDT 8F887945 ZwSetSecurityObject
SSDT 8F88794A ZwSystemDebugControl
SSDT 8F8878D7 ZwTerminateProcess
INT 0x52 ? 875AECD0
INT 0x62 ? 875AECD0
INT 0x72 ? 85371BF8
INT 0x82 ? 85371BF8
INT 0x92 ? 85375BF8
INT 0xA3 ? 875AECD0
INT 0xB0 ? 90B6BCD0
INT 0xB2 ? 875AECD0
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828C8860 4 Bytes [36, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 539 828C8B84 4 Bytes [40, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 56D 828C8BB8 4 Bytes [3B, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 5D1 828C8C1C 4 Bytes [45, 79, 88, 8F]
.text ntkrnlpa.exe!KeSetEvent + 619 828C8C64 4 Bytes [4A, 79, 88, 8F]
.text ...
? System32\Drivers\spsm.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC04000, 0x1FB95A, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0xA351A000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0xA351B000, 0x1000, 0x00000000]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[2212] kernel32.dll!SetUnhandledExceptionFilter 7602A8B5 5 Bytes JMP 00641870 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueExA 75BB3BEC 7 Bytes JMP 10162050 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueExW 75BC3D5A 7 Bytes JMP 10162110 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueW 75BDB3E4 5 Bytes JMP 10161F90 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] ADVAPI32.dll!RegSetValueA 75C15811 5 Bytes JMP 10161ED0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CreateDialogParamW 770472A2 5 Bytes JMP 101622E0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!EnableWindow 7704CD8B 5 Bytes JMP 68019ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!TrackPopupMenu 770614F3 5 Bytes JMP 101615C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!CreateDialogParamA 770617AA 5 Bytes JMP 10162460 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!TrackPopupMenuEx 77070CE7 5 Bytes JMP 10161720 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamW 770710B0 5 Bytes JMP 10162640 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamW 77072EF5 5 Bytes JMP 6816915E C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxParamA 77088152 5 Bytes JMP 10162550 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!DialogBoxIndirectParamA 7708847D 5 Bytes JMP 681691C3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectA 7709D4D9 5 Bytes JMP 68169080 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxIndirectW 7709D5D3 5 Bytes JMP 68169007 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExA 7709D639 5 Bytes JMP 68168FA3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxExW 7709D65D 5 Bytes JMP 68168F3F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxA 7709D681 5 Bytes JMP 101627C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3288] USER32.dll!MessageBoxW 7709D6CF 5 Bytes JMP 101628A0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!SetScrollRange 7704D185 5 Bytes JMP 1006DE70 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!DefWindowProcA 7704DB88 7 Bytes JMP 10036120 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetSysColorBrush 7704E21C 5 Bytes JMP 100604D0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetScrollInfo 7704F073 7 Bytes JMP 1006DD40 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!ShowScrollBar 7704F8AE 5 Bytes JMP 1006DEC0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!SetScrollInfo 770571D8 7 Bytes JMP 1006DDF0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetSysColor 77059BF6 5 Bytes JMP 10060490 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!DrawFrameControl 7706676D 7 Bytes JMP 1005E040 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!EnableScrollBar 7706AF53 7 Bytes JMP 1006DD00 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!EndDialog 7707326E 5 Bytes JMP 10036100 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetScrollPos 7707337D 5 Bytes JMP 1006DD80 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!GetScrollRange 770734A5 5 Bytes JMP 1006DDB0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[4552] USER32.dll!SetScrollPos 77073602 5 Bytes JMP 1006DE30 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] kernel32.dll!CreateThread 7604CB0E 5 Bytes JMP 67FD75CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateDialogParamW 770472A2 5 Bytes JMP 0AD722E0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!SetWindowsHookExW 770487AD 5 Bytes JMP 680125C4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CallNextHookEx 77048E3B 5 Bytes JMP 6803800F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!UnhookWindowsHookEx 770498DB 5 Bytes JMP 6805ED18 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!EnableWindow 7704CD8B 5 Bytes JMP 68019ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DefWindowProcA 7704DB88 3 Bytes JMP 67FD97F5 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DefWindowProcA + 4 7704DB8C 3 Bytes [F0, CC, CC] {INT 3 ; INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateWindowExA 7704DC2A 5 Bytes JMP 67FE362B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateWindowExW 77051305 5 Bytes JMP 680403FF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DefWindowProcW 770603B4 7 Bytes JMP 68038072 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!TrackPopupMenu 770614F3 5 Bytes JMP 0AD715C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!CreateDialogParamA 770617AA 5 Bytes JMP 0AD72460 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!TrackPopupMenuEx 77070CE7 5 Bytes JMP 0AD71720 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxParamW 770710B0 5 Bytes JMP 0AD72640 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxIndirectParamW 77072EF5 5 Bytes JMP 6816915E C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxParamA 77088152 5 Bytes JMP 0AD72550 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!DialogBoxIndirectParamA 7708847D 5 Bytes JMP 681691C3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxIndirectA 7709D4D9 5 Bytes JMP 68169080 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxIndirectW 7709D5D3 5 Bytes JMP 68169007 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxExA 7709D639 5 Bytes JMP 68168FA3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxExW 7709D65D 5 Bytes JMP 68168F3F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxA 7709D681 5 Bytes JMP 0AD727C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] USER32.dll!MessageBoxW 7709D6CF 5 Bytes JMP 0AD728A0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4628] ole32.dll!OleLoadFromStream 75A61E80 5 Bytes JMP 68169937 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] kernel32.dll!CreateThread 7604CB0E 5 Bytes JMP 67FD75CB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateDialogParamW 770472A2 5 Bytes JMP 095C22E0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!SetWindowsHookExW 770487AD 5 Bytes JMP 680125C4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CallNextHookEx 77048E3B 5 Bytes JMP 6803800F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!UnhookWindowsHookEx 770498DB 5 Bytes JMP 6805ED18 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!EnableWindow 7704CD8B 5 Bytes JMP 68019ECC C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DefWindowProcA 7704DB88 3 Bytes JMP 67FD97F5 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DefWindowProcA + 4 7704DB8C 3 Bytes [F0, CC, CC] {INT 3 ; INT 3 }
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateWindowExA 7704DC2A 5 Bytes JMP 67FE362B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateWindowExW 77051305 5 Bytes JMP 680403FF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DefWindowProcW 770603B4 7 Bytes JMP 68038072 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!TrackPopupMenu 770614F3 5 Bytes JMP 095C15C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!CreateDialogParamA 770617AA 5 Bytes JMP 095C2460 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!TrackPopupMenuEx 77070CE7 5 Bytes JMP 095C1720 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxParamW 770710B0 5 Bytes JMP 095C2640 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxIndirectParamW 77072EF5 5 Bytes JMP 6816915E C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxParamA 77088152 5 Bytes JMP 095C2550 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!DialogBoxIndirectParamA 7708847D 5 Bytes JMP 681691C3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxIndirectA 7709D4D9 5 Bytes JMP 68169080 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxIndirectW 7709D5D3 5 Bytes JMP 68169007 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxExA 7709D639 5 Bytes JMP 68168FA3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxExW 7709D65D 5 Bytes JMP 68168F3F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxA 7709D681 5 Bytes JMP 095C27C0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] USER32.dll!MessageBoxW 7709D6CF 5 Bytes JMP 095C28A0 C:\Users\Guido\AppData\LocalLow\NCH_DE\tbNCH_.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[6848] ole32.dll!OleLoadFromStream 75A61E80 5 Bytes JMP 68169937 C:\Windows\system32\IEFRAME.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] ntdll.dll!LdrLoadDll 76EA9378 5 Bytes JMP 5558E210 C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] kernel32.dll!HeapSetInformation + 26 7602A8B0 7 Bytes JMP 55592C10 C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] kernel32.dll!LockResource + C 76046ACB 7 Bytes JMP 55D522AA C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] kernel32.dll!VirtualAllocEx + 54 7604AF50 7 Bytes JMP 55D522CD C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
.text C:\Users\Guido\AppData\Local\Mozilla Firefox\firefox.exe[7080] GDI32.dll!SetStretchBltMode + 256 75C6745C 7 Bytes JMP 55D5222B C:\Users\Guido\AppData\Local\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 853771F8
Device \FileSystem\fastfat \FatCdrom 85AF5500
Device \Driver\netbt \Device\NetBT_Tcpip_{D9164FCC-8A83-403C-87EE-36B52E47082B} 8A35E500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\volmgr \Device\VolMgrControl 853731F8
Device \Driver\usbuhci \Device\USBPDO-0 876101F8
Device \Driver\usbuhci \Device\USBPDO-1 876101F8
Device \Driver\sptd \Device\3813547644 spsm.sys
Device \Driver\usbehci \Device\USBPDO-2 876141F8
Device \Driver\usbuhci \Device\USBPDO-3 876101F8
Device \Driver\usbuhci \Device\USBPDO-4 876101F8
Device \Driver\usbuhci \Device\USBPDO-5 876101F8
Device \Driver\usbehci \Device\USBPDO-6 876141F8
Device \Driver\volmgr \Device\HarddiskVolume1 853731F8
Device \Driver\volmgr \Device\HarddiskVolume2 853731F8
Device \Driver\cdrom \Device\CdRom0 876481F8
Device \Driver\volmgr \Device\HarddiskVolume3 853731F8
Device \Driver\cdrom \Device\CdRom1 876481F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 853761F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8AACA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 853761F8
Device \Driver\atapi \Device\Ide\IdePort1 853761F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8AACA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\USBSTOR \Device\000000b1 85C3E500
Device \Driver\USBSTOR \Device\000000b2 85C3E500
Device \Driver\volmgr \Device\HarddiskVolume4 853731F8
Device \Driver\volmgr \Device\HarddiskVolume5 853731F8
Device \Driver\PCI_PNP3630 \Device\00000081 spsm.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 8A35E500
Device \Driver\netbt \Device\NetBT_Tcpip_{54C50031-D5E3-4E0D-B5E7-560B76AB4CD0} 8A35E500
Device \Driver\Smb \Device\NetbiosSmb 8A3532A0
Device \Driver\iScsiPrt \Device\RaidPort0 876A51F8
Device \Driver\usbuhci \Device\USBFDO-0 876101F8
Device \Driver\usbuhci \Device\USBFDO-1 876101F8
Device \Driver\usbehci \Device\USBFDO-2 876141F8
Device \Driver\usbuhci \Device\USBFDO-3 876101F8
Device \Driver\usbuhci \Device\USBFDO-4 876101F8
Device \Driver\usbuhci \Device\USBFDO-5 876101F8
Device \Driver\usbehci \Device\USBFDO-6 876141F8
Device \Driver\al53qzg5 \Device\Scsi\al53qzg51 876491F8
Device \Driver\al53qzg5 \Device\Scsi\al53qzg51Port4Path0Target0Lun0 876491F8
Device \FileSystem\fastfat \Fat 85AF5500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
Device \FileSystem\cdfs \Cdfs 8598A1F8
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spsm.sys >>UNKNOWN [0x85ce2938]<< 85ce2938
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868f8ac8] 868f8ac8
Trace 3 CLASSPNP.SYS[8b1a38b3] -> nt!IofCallDriver -> [0x85dbc700] 85dbc700
Trace 5 acpi.sys[82fbc6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85dc6028] 85dc6028
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0x27 0x30 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x06 0x22 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0x2A 0x53 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0x27 0x30 0x62 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x06 0x22 0xCB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0x2A 0x53 0xB2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
4. Malewarebytes Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.19.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Admin :: GUIDO-PC [Administrator] 19.12.2013 12:43:09 mbam-log-2013-12-19 (12-43-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 313700 Laufzeit: 12 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\Admin\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\97BC2FA91E9046EEACF44C263AACDADE (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E36ACFF993CE41E895088E601386BA8D (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E9707EFC9E7646D2A42F1EE53917746A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\EAB0D2D68EEE453691B9ED905D1F5BB4 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Löschen bei Neustart. C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\97BC2FA91E9046EEACF44C263AACDADE\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E36ACFF993CE41E895088E601386BA8D\PCSU_SL_3.1.2.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\E9707EFC9E7646D2A42F1EE53917746A\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\EAB0D2D68EEE453691B9ED905D1F5BB4\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\5472.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Admin\AppData\Roaming\OpenCandy\F2E0EC9E667F49358F74F8E04454C7BB\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 5. Avira 19:50 Uhr Echtzeit-Scanner In der Datei 'C:\Program Files\Conduit\Community Alerts\Alert.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 23:50 Uhr Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 669014 Anzahl Verzeichnisse: 36372 Anzahl Malware: 0 Anzahl Warnungen: 0 Geändert von MaraMara (20.12.2013 um 00:31 Uhr) |
| Themen zu Spybot meldet: Win32.Downloader.gen - Maleware C |
| 0x8007042, 4d36e972-e325-11ce-bfc1-08002be10318, avira, branding, chromium, classpnp.sys, continue, converter, desktop, device driver, flash player, google, hal.dll, homepage, icreinstall, maleware, mipony, ntdll.dll, plug-in, programm, pup.optional.conduit, pup.optional.conduit.a, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.opencandy, pup.optional.pcspeedup.a, pup.optional.spigot.a, required, safer networking, security, software, speedchecker, starten, svchost.exe, system, tr/trash.gen, windows, windows xp |
Baum-Darstellung