| Blechtoast | 28.06.2012 13:36 |
Trojaner-Dauerschleife: TR/ATRAPS.Gen2 ; TR/Sirefef.AG.35 ; TR/Small.FI
Hallo liebes Trojaner-Team,
erstmal vielen Dank, dass ihr diese Seite anbietet! Mich hat auch das oben genannte wohl Rootkit erwischt, zu dem es einige Threads gibt. Ich habe alle Tests durchlaufen lassen und versuche euch so viele Infos zu geben wie möglich.
Ausstattung: Acer-Laptop (Dualcore, 32 bit, Vista Home Premium SP 2, Avira)
Letzte Nutzung vor Befall: Surfen, Facebook, diverse Browsergames ausgetestet. Updates: Avira, Java und Adobe Flash Player
Entdeckung: Gestern 16:06 Uhr
Ablauf: Avira meldet TR/Crypt.XPACK.Gen8 -> Quarantäne. Zwei Stunden passiert nichts. Danach weitere Meldungen im Sekundentakt. Entdeckung eines Trojaners im Win32-Verzeichnis und anschließende Quarantänefunktion führen zu Instabilität des Laptops -> Ausschalten nur per gedrücktem Powerknopf möglich -> Neustart meldet Fehler beim Starten von WIndows. -> Repairtool lässt Windows wieder starten. Seit dem meldet Avira stetig Trojaner solange die Internetverbindung besteht (Quarantänelog von Avira folgt).
Neues: Nach Durchlauf der gewünschten Programme machte ich einen Neustart. Seit dem sind die Desctopicons durcheinander und die Endungen werden nicht mehr angezeigt. Avira meldet zum ersten mal folgenden Trojaner: TR/Sirefef.P.894
Allgemein (weil da in anderen Threads nach gefragt wurde): Windows lässt sich normal verwenden, keine Auffälligkeiten im Startmenü
Nun die Logs (ich hoffe ich mache da alles richtig)
Defrogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:03 on 28/06/2012 (Frosch)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL: Code:
OTL logfile created on: 28.06.2012 13:06:36 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Frosch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,95% Memory free
6,20 Gb Paging File | 4,98 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 66,80 Gb Free Space | 46,33% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 25,86 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Computer Name: FROSCH-PC | User Name: Frosch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.28 12:57:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Frosch\Desktop\OTL.exe
PRC - [2012.06.21 08:45:32 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.06.16 10:46:21 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.08 18:52:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:52:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 18:52:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:52:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.08.19 11:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 11:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.09.09 10:41:21 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Frosch\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.08 02:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.08 01:51:46 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.01.03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.01.03 01:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.07 21:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.04.14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.21 08:45:31 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.16 10:46:21 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.03.26 21:47:33 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010.10.09 09:25:03 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\62dfd8797881fd7a0d0de3f448a18c01\System.Web.ni.dll
MOD - [2010.10.09 09:24:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\9b8e883fd5fa51f026577156a0ee9d57\System.Runtime.Remoting.ni.dll
MOD - [2010.08.13 12:29:43 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\88593f5f0fc6de5d5f4a85aa2b1466f3\System.Xml.ni.dll
MOD - [2010.08.13 12:29:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d9ab6e29eba6cb0d8459fcbb2c40c1a7\System.Windows.Forms.ni.dll
MOD - [2010.08.13 12:29:21 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\887fa2d6b76e7302b0c664effad4f91f\System.Drawing.ni.dll
MOD - [2010.08.13 12:28:08 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ed6ae2749d12c4729ee43ff339de4bb8\System.ni.dll
MOD - [2010.08.13 12:27:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\98bbdd8c400493ad228b8283665cc9da\mscorlib.ni.dll
MOD - [2010.02.12 11:37:50 | 000,633,696 | ---- | M] () -- D:\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll
MOD - [2009.08.18 16:54:22 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.23 13:55:01 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3050.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.07.23 13:55:01 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3050.37453__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008.07.23 13:55:01 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3050.37221__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.07.23 13:55:01 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3050.37274__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.07.23 13:55:01 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3050.37446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.07.23 13:55:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3050.37411__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.07.23 13:55:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3050.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.07.23 13:55:01 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3050.37370__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.07.23 13:55:01 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3050.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.07.23 13:55:00 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3050.37475__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.07.23 13:54:49 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3050.37482__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:49 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3050.37425__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.07.23 13:54:49 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3050.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:46 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3050.37448__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:46 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3050.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:46 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3050.37405__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:46 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3050.37293__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.07.23 13:54:46 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3050.37281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3050.37404__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.07.23 13:54:45 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3050.37372__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:45 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3050.37365__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.07.23 13:54:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3050.37371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.07.23 13:54:45 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.07.23 13:54:45 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.07.23 13:54:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3050.37377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.07.23 13:54:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.07.23 13:54:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.07.23 13:54:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.07.23 13:54:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.07.23 13:54:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.07.23 13:54:45 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.07.23 13:54:44 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.07.23 13:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.07.23 13:54:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.07.23 13:54:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.07.23 13:54:40 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3050.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.07.23 13:54:40 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3050.37248__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.07.23 13:54:40 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3050.37467__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.07.23 13:54:40 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.07.23 13:54:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3050.37466__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.07.23 13:54:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.07.23 13:54:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.07.23 13:54:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3050.37493__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.07.23 13:54:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.07.23 13:54:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.07.23 13:54:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.07.23 13:54:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.07.23 13:54:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.07.23 13:54:40 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.07.23 13:54:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3050.37215__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.07.23 13:54:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3050.37213__90ba9c70f846762e\APM.Server.dll
MOD - [2008.07.23 13:54:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3050.37213__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.07.23 13:54:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.07.23 13:54:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3050.37467__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.07.23 13:54:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.07.23 13:54:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.05.09 08:14:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.02.04 13:29:02 | 000,688,128 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2008.01.03 02:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2012.06.16 10:46:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 18:52:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 18:52:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.24 23:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- D:\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006.04.14 11:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\sysaseop.sys -- (sysaseop)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 18:52:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:52:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.25 15:48:11 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.25 15:48:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.11.17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.09 11:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.11.30 15:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.10.31 20:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.05.02 13:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2003.04.19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {1ED47E0D-FBF6-4CE5-A161-0460650F6D5B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1ED47E0D-FBF6-4CE5-A161-0460650F6D5B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{913A7E13-32B5-440E-9785-DAB7CEBA2A45}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{9AE98D71-587D-4E74-A6A6-1B155ACC9D9B}: "URL" = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={1FA6205D-0425-439f-AB81-9555DE3047D0}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - user.js..browser.search.openintab: false
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Frosch\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Frosch\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Frosch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.11 21:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 10:46:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.21 09:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.11 21:28:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 10:46:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.21 09:59:55 | 000,000,000 | ---D | M]
[2009.11.06 12:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frosch\AppData\Roaming\mozilla\Extensions
[2012.05.02 12:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frosch\AppData\Roaming\mozilla\Firefox\Profiles\uqsg6hl6.default\extensions
[2010.07.17 21:49:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Frosch\AppData\Roaming\mozilla\Firefox\Profiles\uqsg6hl6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.23 10:05:03 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-1.xml
[2011.03.05 16:32:23 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-10.xml
[2010.07.23 07:48:56 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-2.xml
[2010.07.24 07:24:44 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-3.xml
[2010.09.08 14:14:31 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-4.xml
[2010.09.17 15:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-5.xml
[2010.10.21 14:54:41 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-6.xml
[2010.10.28 15:39:39 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-7.xml
[2010.12.11 09:05:35 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-8.xml
[2011.03.03 11:28:04 | 000,000,950 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin-9.xml
[2010.07.11 09:08:10 | 000,001,069 | ---- | M] () -- C:\Users\Frosch\AppData\Roaming\Mozilla\Firefox\Profiles\uqsg6hl6.default\searchplugins\icqplugin.xml
[2012.03.18 15:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.11 14:34:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.16 10:46:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.02 10:08:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 10:23:51 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 10:23:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.03 10:23:51 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 10:23:51 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 10:23:51 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 10:23:51 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.12.15 10:44:03 | 000,439,180 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15106 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKCU..\Run: [] File not found
O4 - Startup: C:\Users\Frosch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} https://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01D0330D-8590-4EA5-9B03-4123A492BAB6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63811A0A-5DF7-4C67-91AC-490736159D5C}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Frosch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Frosch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{81bd984a-d2b8-11dd-a914-000000000000}\Shell\AutoRun\command - "" = F:\umenu.exe
O33 - MountPoints2\{8951249a-2097-11de-87e5-000000000000}\Shell\AutoRun\command - "" = F:\Launch.exe
O33 - MountPoints2\{f77f8ece-50f1-11df-8d96-000000000000}\Shell\AutoRun\command - "" = F:\wubi.exe --cdmenu
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.06.28 12:57:25 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Frosch\Desktop\OTL.exe
[2012.06.28 12:37:18 | 000,000,000 | ---D | C] -- C:\Users\Frosch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.06.21 08:46:01 | 000,000,000 | ---D | C] -- C:\Users\Frosch\AppData\Local\Macromedia
[2012.06.14 09:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR
[2012.06.14 09:52:49 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\System32\ImageEnXLibrary.ocx
[2012.06.14 09:52:49 | 001,883,136 | ---- | C] (Debenu Pty Ltd) -- C:\Windows\System32\QuickPDFAX0717.dll
[2012.06.14 09:52:49 | 000,000,000 | ---D | C] -- C:\Windows\tessdata
[2012.06.14 09:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\FreeOCR
[2012.06.14 09:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.06.09 20:42:27 | 000,000,000 | ---D | C] -- C:\Users\Frosch\AppData\Roaming\LolClient2
========== Files - Modified Within 30 Days ==========
File not found -- C:\Windows\System32\
[2012.06.28 13:03:18 | 000,000,000 | ---- | M] () -- C:\Users\Frosch\defogger_reenable
[2012.06.28 12:59:58 | 000,302,592 | ---- | M] () -- C:\Users\Frosch\Desktop\syqbhdr4.exe
[2012.06.28 12:57:26 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Frosch\Desktop\OTL.exe
[2012.06.28 12:56:17 | 000,050,477 | ---- | M] () -- C:\Users\Frosch\Desktop\Defogger.exe
[2012.06.28 12:37:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 12:36:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 12:36:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 12:36:42 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 10:23:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.27 19:32:22 | 000,738,384 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.27 19:32:22 | 000,687,112 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.27 19:32:22 | 000,172,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.27 19:32:22 | 000,139,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.27 18:31:24 | 000,082,944 | ---- | M] () -- C:\Users\Frosch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.27 18:22:09 | 162,780,255 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.27 17:19:16 | 000,014,284 | ---- | M] () -- C:\Users\Frosch\Desktop\taufsprüche.odt
[2012.06.24 22:46:45 | 000,547,250 | ---- | M] () -- C:\Users\Frosch\Desktop\IMG_0004.jpg
[2012.06.18 22:35:21 | 000,073,077 | ---- | M] () -- C:\Users\Frosch\Desktop\Loeckchenzauber.jpg
[2012.06.16 09:02:28 | 000,101,233 | ---- | M] () -- C:\Users\Frosch\Desktop\Foto-QL6QPBI8.jpg
[2012.06.16 09:01:42 | 000,101,264 | ---- | M] () -- C:\Users\Frosch\Desktop\Foto-A4ZUTM88.jpg
[2012.06.14 09:52:50 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\FreeOCR.lnk
[2012.06.09 15:48:56 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
========== Files Created - No Company Name ==========
File not found -- C:\Windows\System32\
[2012.06.28 13:03:18 | 000,000,000 | ---- | C] () -- C:\Users\Frosch\defogger_reenable
[2012.06.28 12:59:57 | 000,302,592 | ---- | C] () -- C:\Users\Frosch\Desktop\syqbhdr4.exe
[2012.06.28 12:56:16 | 000,050,477 | ---- | C] () -- C:\Users\Frosch\Desktop\Defogger.exe
[2012.06.28 12:42:32 | 000,018,944 | ---- | C] () -- C:\Users\Frosch\AppData\Local\{6d10c399-f8be-478e-eb44-8d08b50b4c67}\U\800000cb.@
[2012.06.28 12:42:32 | 000,012,288 | ---- | C] () -- C:\Users\Frosch\AppData\Local\{6d10c399-f8be-478e-eb44-8d08b50b4c67}\U\80000000.@
[2012.06.27 21:28:57 | 000,001,648 | ---- | C] () -- C:\Users\Frosch\AppData\Local\{6d10c399-f8be-478e-eb44-8d08b50b4c67}\U\00000001.@
[2012.06.27 17:19:14 | 000,014,284 | ---- | C] () -- C:\Users\Frosch\Desktop\taufsprüche.odt
[2012.06.24 22:46:43 | 000,547,250 | ---- | C] () -- C:\Users\Frosch\Desktop\IMG_0004.jpg
[2012.06.18 22:35:19 | 000,073,077 | ---- | C] () -- C:\Users\Frosch\Desktop\Loeckchenzauber.jpg
[2012.06.16 09:02:27 | 000,101,233 | ---- | C] () -- C:\Users\Frosch\Desktop\Foto-QL6QPBI8.jpg
[2012.06.16 09:01:40 | 000,101,264 | ---- | C] () -- C:\Users\Frosch\Desktop\Foto-A4ZUTM88.jpg
[2012.06.14 09:52:50 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\FreeOCR.lnk
[2012.06.14 09:52:49 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012.06.09 15:48:56 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.05.13 22:07:16 | 000,000,159 | ---- | C] () -- C:\Users\Frosch\BackupResult.DAT
[2012.01.17 19:11:11 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.01.17 19:11:11 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.10.28 09:13:29 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.02.09 22:20:49 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{6d10c399-f8be-478e-eb44-8d08b50b4c67}\@
[2011.02.09 22:20:49 | 000,002,048 | -HS- | C] () -- C:\Users\Frosch\AppData\Local\{6d10c399-f8be-478e-eb44-8d08b50b4c67}\@
[2011.01.05 07:50:16 | 000,000,094 | ---- | C] () -- C:\Users\Frosch\AppData\Local\fusioncache.dat
[2008.10.27 22:47:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.09 12:27:09 | 000,082,944 | ---- | C] () -- C:\Users\Frosch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011.03.12 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Amazon
[2011.03.16 14:42:49 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Auslogics
[2010.04.18 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Facebook
[2010.01.06 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\GitarreroMDemo
[2010.01.06 15:56:49 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\GitarreroSoftware
[2011.05.26 21:06:50 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\ICQ
[2012.06.09 20:42:27 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\LolClient2
[2010.06.30 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Nokia
[2010.06.30 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Nokia Ovi Suite
[2009.12.15 00:38:22 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\OpenOffice.org
[2010.06.30 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\PC Suite
[2012.05.14 08:18:56 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Petroglyph
[2010.02.04 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\ProtectDisc
[2008.09.11 23:51:07 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Silver Style Entertainment
[2009.01.05 01:13:42 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Spore
[2011.12.20 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\The Games Company
[2011.10.28 09:13:53 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Tobit
[2011.06.24 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\TS3Client
[2010.02.18 23:59:08 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Ubisoft
[2012.05.05 19:23:26 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\UFOAI
[2012.02.16 15:25:02 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\Unity
[2012.02.10 11:28:09 | 000,000,000 | ---D | M] -- C:\Users\Frosch\AppData\Roaming\XnView
[2012.06.28 10:23:04 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
< End of report >
OTL2: Code:
OTL Extras logfile created on: 28.06.2012 13:06:36 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Frosch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,95% Memory free
6,20 Gb Paging File | 4,98 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 66,80 Gb Free Space | 46,33% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 25,86 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Computer Name: FROSCH-PC | User Name: Frosch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish
"{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing
"{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French
"{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian
"{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek
"{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian
"{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish
"{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian
"{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German
"{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese
"{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai
"{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish
"{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean
"{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard
"{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation
"{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins
"{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish
"{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish
"{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DVD Flick_is1" = DVD Flick 1.3.0.7
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenAL" = OpenAL
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickTime" = QuickTime
"ShapeCollage" = Shape Collage
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Fall - Last Days of Gaia" = The Fall - Last Days of Gaia
"Tobit Radio.fx Server" = Radio.fx
"UFO:Alien Invasion" = UFO:AI 2.4
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.96
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c467f97a5a092d3f" = ROM-Runecalc
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.06.2012 12:24:36 | Computer Name = Frosch-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 27.06.2012 15:27:44 | Computer Name = Frosch-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2012 15:30:07 | Computer Name = Frosch-PC | Source = EventSystem | ID = 4621
Description =
Error - 27.06.2012 15:32:12 | Computer Name = Frosch-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2012 16:20:19 | Computer Name = Frosch-PC | Source = EventSystem | ID = 4621
Description =
Error - 28.06.2012 01:15:00 | Computer Name = Frosch-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.06.2012 01:41:37 | Computer Name = Frosch-PC | Source = EventSystem | ID = 4621
Description =
Error - 28.06.2012 02:44:34 | Computer Name = Frosch-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.06.2012 04:22:59 | Computer Name = Frosch-PC | Source = EventSystem | ID = 4621
Description =
Error - 28.06.2012 06:37:04 | Computer Name = Frosch-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 10.01.2009 17:39:45 | Computer Name = Frosch-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10.01.2009 18:30:53 | Computer Name = Frosch-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.101 für die Netzwerkkarte mit der Netzwerkadresse
001F3C5A0E49 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 10.01.2009 20:17:32 | Computer Name = Frosch-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 11.01.2009 um 01:15:50 unerwartet heruntergefahren.
Error - 10.01.2009 20:17:34 | Computer Name = Frosch-PC | Source = HTTP | ID = 15016
Description =
Error - 10.01.2009 20:17:45 | Computer Name = Frosch-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.01.2009 06:28:15 | Computer Name = Frosch-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.101 für die Netzwerkkarte mit der Netzwerkadresse
001F3C5A0E49 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 11.01.2009 06:28:13 | Computer Name = Frosch-PC | Source = HTTP | ID = 15016
Description =
Error - 11.01.2009 06:28:22 | Computer Name = Frosch-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.01.2009 09:38:11 | Computer Name = Frosch-PC | Source = HTTP | ID = 15016
Description =
Error - 11.01.2009 09:38:18 | Computer Name = Frosch-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Gmer: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-28 13:50:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: syqbhdr4.exe; Driver: C:\Users\Frosch\AppData\Local\Temp\pfriipoc.sys
---- System - GMER 1.0.15 ----
SSDT 8C4936B6 ZwCreateSection
SSDT 8C4936C0 ZwRequestWaitReplyPort
SSDT 8C4936BB ZwSetContextThread
SSDT 8C4936C5 ZwSetSecurityObject
SSDT 8C4936CA ZwSystemDebugControl
SSDT 8C493657 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820AF998 4 Bytes [B6, 36, 49, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 820AFCBC 4 Bytes [C0, 36, 49, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 820AFCF0 4 Bytes [BB, 36, 49, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820AFD54 4 Bytes [C5, 36, 49, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 820AFD9C 4 Bytes [CA, 36, 49, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E60B000, 0x1FB95A, 0xE8000020]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0x9D6FF300, 0x25D4C, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9D726300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9D788300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1988] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7680B37C 4 Bytes [F0, 1F, 00, 10]
.text D:\Tobit Radio.fx\Server\rfx-server.exe[2668] kernel32.dll!SetUnhandledExceptionFilter 7651A84F 5 Bytes JMP 00642C40 D:\Tobit Radio.fx\Server\rfx-server.exe
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3088] USER32.dll!GetWindowInfo 7602428E 5 Bytes JMP 64A9AEF3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3088] USER32.dll!TrackPopupMenu 760314F3 5 Bytes JMP 64A9B50D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3248] ntdll.dll!LdrLoadDll 779993A8 5 Bytes JMP 6491FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!MapViewOfFile 765368F0 5 Bytes JMP 64BC079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3248] kernel32.dll!VirtualAlloc 7653AD55 5 Bytes JMP 64BC07C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3248] GDI32.dll!CreateDIBSection 77AB7461 5 Bytes JMP 64BC0728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateFile + 6 779D422A 4 Bytes [28, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateFile + B 779D422F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateKey + 6 779D426A 4 Bytes [68, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateKey + B 779D426F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateMutant + 6 779D429A 4 Bytes [28, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateMutant + B 779D429F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateSection + 6 779D431A 4 Bytes [68, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtCreateSection + B 779D431F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtMapViewOfSection + 6 779D497A 4 Bytes [A8, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtMapViewOfSection + B 779D497F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenFile + 6 779D4A0A 4 Bytes [68, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenFile + B 779D4A0F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenKey + 6 779D4A3A 4 Bytes [A8, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenKey + B 779D4A3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenMutant + B 779D4A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcess + 6 779D4A8A 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcess + 6 779D4A8A 4 Bytes [28, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcess + B 779D4A8F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcessToken + 6 779D4A9A 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcessToken + 6 779D4A9A 4 Bytes [68, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcessToken + B 779D4A9F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcessTokenEx + 6 779D4AAA 4 Bytes [28, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenProcessTokenEx + B 779D4AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenSection + 6 779D4ABA 4 Bytes [A8, 02, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenSection + B 779D4ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenThread + B 779D4AFF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenThreadToken + 6 779D4B0A 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenThreadToken + B 779D4B0F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenThreadTokenEx + 6 779D4B1A 4 Bytes [68, 04, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtOpenThreadTokenEx + B 779D4B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtQueryAttributesFile + 6 779D4BAA 4 Bytes [A8, 00, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtQueryAttributesFile + B 779D4BAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtQueryFullAttributesFile + B 779D4C5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtSetInformationFile + 6 779D513A 4 Bytes [28, 01, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtSetInformationFile + B 779D513F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtSetInformationThread + 6 779D518A 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtSetInformationThread + 6 779D518A 4 Bytes [A8, 03, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtSetInformationThread + B 779D518F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ntdll.dll!NtUnmapViewOfSection + B 779D542F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] kernel32.dll!CreateProcessW 764F1BF3 5 Bytes JMP 000100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 000100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] kernel32.dll!OpenEventW 7650BF97 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] kernel32.dll!CreateEventW 7653B65E 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!DeleteObject 77AB5A37 5 Bytes JMP 000801B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetDeviceCaps 77AB617F 5 Bytes JMP 000803B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SelectObject 77AB62A0 5 Bytes JMP 000805F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetTextColor 77AB666B 5 Bytes JMP 000809F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetBkMode 77AB6716 5 Bytes JMP 000808B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!DeleteDC 77AB68CD 5 Bytes JMP 00080170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetCurrentObject 77AB6B58 5 Bytes JMP 00080370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetStretchBltMode 77AB7206 5 Bytes JMP 00080670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SaveDC 77AB75BA 5 Bytes JMP 00080570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!RestoreDC 77AB7675 5 Bytes JMP 00080530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!StretchDIBits 77AB78CF 5 Bytes JMP 00080730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!ExtSelectClipRgn 77AB79F8 5 Bytes JMP 000802F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SelectClipRgn 77AB7AF9 5 Bytes JMP 000805B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!MoveToEx 77AB7C33 5 Bytes JMP 00080470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!Rectangle 77AB7EA9 5 Bytes JMP 00080970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetTextAlign 77AB82E0 5 Bytes JMP 00080D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetTextAlign 77AB85CB 5 Bytes JMP 000809B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!ExtTextOutW 77AB872B 5 Bytes JMP 00080930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetTextMetricsW 77AB8A81 5 Bytes JMP 00080DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!IntersectClipRect 77AB8B64 5 Bytes JMP 000803F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetClipBox 77AB9071 5 Bytes JMP 00080330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetICMMode 77AB94E7 5 Bytes JMP 00080D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!CreateDCW 77ABA91D 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!CreateDCA 77ABAA49 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!CreateICW 77ABB2E9 5 Bytes JMP 00080130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetTextFaceW 77ABB637 5 Bytes JMP 00080CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetFontData 77ABBA6C 5 Bytes JMP 00080C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetTextExtentPoint32W 77ABC01A 5 Bytes JMP 00080630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetWorldTransform 77ABC46A 5 Bytes JMP 000806B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!LineTo 77ABC65E 5 Bytes JMP 00080430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetTextMetricsA 77ABCCEB 5 Bytes JMP 00080DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!ExtTextOutA 77AC00A5 5 Bytes JMP 000808F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!ExtEscape 77AC22A7 5 Bytes JMP 000802B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!Escape 77AC27F1 5 Bytes JMP 00080270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!ResetDCW 77AC3132 5 Bytes JMP 00080A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!EndPage 77AC375E 5 Bytes JMP 00080230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetPolyFillMode 77AC61D3 5 Bytes JMP 00080AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SetMiterLimit 77AC62E2 5 Bytes JMP 00080B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetTextFaceA 77ACF4C5 5 Bytes JMP 00080CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!GetGlyphOutlineW 77ADA41F 5 Bytes JMP 00080C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!CreateScalableFontResourceW 77ADC88B 5 Bytes JMP 00080B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!AddFontResourceW 77ADCC93 5 Bytes JMP 00080BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!RemoveFontResourceW 77ADD129 5 Bytes JMP 00080BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!AbortDoc 77AE2CC4 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!EndDoc 77AE30D8 5 Bytes JMP 000801F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!StartPage 77AE31C3 5 Bytes JMP 000806F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!StartDocW 77AE3CA7 5 Bytes JMP 000807B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!BeginPath 77AE4465 5 Bytes JMP 000807F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!SelectClipPath 77AE44BC 5 Bytes JMP 00080AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!CloseFigure 77AE4517 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!EndPath 77AE456E 5 Bytes JMP 00080A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!StrokePath 77AE47A0 5 Bytes JMP 00080770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!FillPath 77AE482C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!FillPath 77AE482C 5 Bytes JMP 00080830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!PolylineTo 77AE4C95 5 Bytes JMP 000804F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!PolyBezierTo 77AE4D25 5 Bytes JMP 000804B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] GDI32.dll!PolyDraw 77AE4DD6 5 Bytes JMP 00080870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!SetCursor 7601D37D 5 Bytes JMP 00090530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!RegisterClipboardFormatW 7601D6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!RegisterClipboardFormatW 7601D6AC 5 Bytes JMP 000902B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!ActivateKeyboardLayout 7602478C 5 Bytes JMP 000904F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!IsWindowVisible 7602878A 7 Bytes JMP 000906B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!MonitorFromWindow 760288D4 7 Bytes JMP 00090630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!ScreenToClient 76028C56 7 Bytes JMP 00090670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetClientRect 76028F0D 7 Bytes JMP 000905B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetParent 760290AA 7 Bytes JMP 000906F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!RegisterClipboardFormatA 7602A111 5 Bytes JMP 000902F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!PostMessageW 7602A175 5 Bytes JMP 000905F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!MapWindowPoints 7602A30D 5 Bytes JMP 00090570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetClipboardFormatNameA 7602A552 5 Bytes JMP 00090270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetOpenClipboardWindow 760326A6 5 Bytes JMP 000903F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!SetClipboardViewer 7603BA2D 5 Bytes JMP 000904B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!IsClipboardFormatAvailable 7603C2E3 5 Bytes JMP 000900F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!CloseClipboard 7603C2F7 5 Bytes JMP 000900B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!OpenClipboard 7603C31D 5 Bytes JMP 00090070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetTopWindow 7603CE0A 7 Bytes JMP 00090730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetClipboardSequenceNumber 7603D8B7 5 Bytes JMP 00090330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!ChangeClipboardChain 7603DF83 5 Bytes JMP 00090430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!CountClipboardFormats 76040048 5 Bytes JMP 000901F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetClipboardOwner 760426EF 5 Bytes JMP 00090370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!SetClipboardData 76056410 5 Bytes JMP 00090170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!EnumClipboardFormats 76056D16 5 Bytes JMP 000901B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!SetCursorPos 76056FB2 5 Bytes JMP 00090770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetClipboardData 7605715A 5 Bytes JMP 00090030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetClipboardFormatNameW 7605A99F 5 Bytes JMP 00090230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!EmptyClipboard 7607398B 5 Bytes JMP 00090130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetClipboardViewer 760739ED 5 Bytes JMP 00090470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] USER32.dll!GetPriorityClipboardFormat 76073AEF 5 Bytes JMP 000903B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ole32.dll!OleGetClipboard 777974C9 5 Bytes JMP 000A00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ole32.dll!OleSetClipboard 777C11E3 5 Bytes JMP 000A0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] ole32.dll!OleIsCurrentClipboard 777CA8F9 5 Bytes JMP 000A0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!FreeContextBuffer 75EA2D83 5 Bytes JMP 000C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!DeleteSecurityContext 75EA2F18 5 Bytes JMP 000C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!FreeCredentialsHandle 75EA3598 5 Bytes JMP 000C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!EncryptMessage 75EA3745 5 Bytes JMP 000C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!DecryptMessage 75EA3813 5 Bytes JMP 000C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!InitializeSecurityContextA 75EA87DF 5 Bytes JMP 000C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!AcquireCredentialsHandleA 75EA8A43 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!QueryContextAttributesA 75EA8E77 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!ApplyControlToken 75EADE4F 5 Bytes JMP 000C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe[4464] Secur32.dll!QueryCredentialsAttributesA 75EAE052 5 Bytes JMP 000C00B0
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [1988] 0x45670000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f49633
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application@Sources MSDMine?DfSdk
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2f49633 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application@Sources MSDMine?DfSdk
---- EOF - GMER 1.0.15 ----
Nur beim Scan mit Gmer erschien ein Fenster mit einer Malwarewarnung.
Ich weiß nicht, wie ich bei Avira einen Log bekomme, den ich kopieren kann. Daher der Reihenfolge nach mal alle benannt, die er erkannte:
TR/Crypt.XPACK.Gen8 Gestern 16.06
W32/Patched.UB Gestern 18:00
TR/Sirefef.AG.35 gestern 18:00
TR/ATRAPS.Gen2 Gestern 18:00
-> Dann anschließend alle paar Minuten wieder Sirefef und ATRAPS geleichzeitig oder im Wechsel. Um 21.22 dann ein Neuer:
TR/Small.FI
und heute nach den Testdurchläufen:
TR/Sirefef.P.894
Ob die beiden Letzten dann erst dazu kamen, oder ob Avira sie dann erst erkannt hat (ich habe nebenbei alle paar minuten Avira aktualisiert) weiß ich nicht.
So, ich hoffe das war so hilfreich für euch und ich hoffe mir kann jemand helfen. Ich denke ums Formatieren komme ich nicht drum rum, aber ich muss undbedingt die Daten retten vorher (Geburtsfotos der Tochter etc.) und muss mich nochmal schlau lesen vorher, wie ich Windows mit dieser komischen Recovery-Partition neu installieren kann (Beim Laptop war keine Win-Cd dabei leider).
Gruß Uwe |
