| Grisu113 | 05.02.2014 14:32 |
Win7, AVIRA meldet BOO/TDss.O auf D:
Hallo Trojaner Team.
Ich erhalte folgende Meldung von AVIRA:
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern.
Im Popup steht: Laufwerk D:
Habe eine Installation mit XP und Win7. Weis aber leider nicht genau, was auf welchem Laufwerk ist:heulen:
Hier die Berichte der Scanner: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:32 on 05/02/2014 (Grisu)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Grisu (administrator) on GRISU-PC on 05-02-2014 13:38:58
Running from C:\Users\Grisu\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
() C:\Windows\System32\WTMKM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CmPCIaudio] - RunDll32 CMICNFG3.cpl,CMICtrlWnd
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] - C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [319488 2012-03-23] (May Software)
HKLM\...\Run: [Ulead AutoDetector v2] - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2006-11-29] (Ulead Systems, Inc.)
HKLM\...\Run: [MacrokeyManager] - C:\Windows\system32\WTMKM.exe [7134952 2010-12-24] ()
HKLM\...\Run: [] - [X]
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-13] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-13] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-05] (Google Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [EPSONCCA66C (Epson Stylus Office BX305 Plus)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHRE.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1389033348-806256550-1857240747-1001\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-05] (Google Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [EPSONCCA66C (Epson Stylus Office BX305 Plus)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHRE.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\MountPoints2: {1bfa89dc-2508-11e2-b60c-0004619288f2} - H:\Start.exe
HKU\S-1-5-21-1389033348-806256550-1857240747-1003\...\MountPoints2: {d9ac8f47-07d5-11e1-bd69-806e6f6e6963} - E:\SETUP.EXE
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDB44AD95EA9BCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {14CDB427-5B23-4CAC-ABAF-4AE6E8D746A4} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=25a02d85-1e5b-4d02-ac80-056e6a890a4a&apn_sauid=B573F83D-AAB9-46D2-B312-5E4B92DB03DD
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.96.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.112
FireFox:
========
FF ProfilePath: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "http", "157.181.228.181"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "*.local, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\searchplugins\s-amazon-bymp-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\firefoxdav@icloud.com [2013-12-25]
FF Extension: Xmarks - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\foxmarks@kei.com [2013-05-22]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\toolbar@ask.com [2013-01-15]
FF Extension: FireShot - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-02-05]
FF Extension: Flagfox - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2014-01-23]
FF Extension: WOT - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: Stealthy - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\stealthyextension@gmail.com.xpi [2012-02-11]
FF Extension: All-in-One Sidebar - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-02-11]
FF Extension: Adblock Plus - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-30]
FF Extension: Screenshoter - C:\Users\Grisu\AppData\Roaming\Mozilla\Firefox\Profiles\ud9xfvmq.default\Extensions\{d9babd10-47de-11df-9879-0800200c9a66}.xpi [2012-06-10]
FF Extension: ELO Archiv-Transfer - C:\Program Files\Mozilla Firefox\extensions\EloFirefoxAddon.xpi [2013-12-25]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [138600 2011-08-13] (Nuance Communications, Inc.)
R2 WTService; C:\Windows\system32\atwtusb.exe [870120 2011-01-26] ()
==================== Drivers (Whitelisted) ====================
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872000 2009-03-18] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-02] (DT Soft Ltd)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [17920 2010-04-16] (Silicon Laboratories, Inc.)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63488 2010-04-16] (Silicon Laboratories)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 13:38 - 2014-02-05 13:39 - 00019729 _____ () C:\Users\Grisu\Desktop\FRST.txt
2014-02-05 13:35 - 2014-02-05 13:38 - 00000000 ____D () C:\FRST
2014-02-05 13:31 - 2014-02-05 13:31 - 01137152 _____ (Farbar) C:\Users\Grisu\Desktop\FRST.exe
2014-02-05 13:28 - 2014-02-05 13:28 - 00000166 _____ () C:\Users\Grisu\defogger_reenable
2014-02-05 13:27 - 2014-02-05 13:31 - 00000000 ____D () C:\Users\Grisu\Desktop\TROJANER
==================== One Month Modified Files and Folders =======
2014-02-05 13:39 - 2014-02-05 13:38 - 00019729 _____ () C:\Users\Grisu\Desktop\FRST.txt
2014-02-05 13:38 - 2014-02-05 13:35 - 00000000 ____D () C:\FRST
2014-02-05 13:32 - 2011-11-05 20:35 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 13:31 - 2014-02-05 13:31 - 01137152 _____ (Farbar) C:\Users\Grisu\Desktop\FRST.exe
2014-02-05 13:31 - 2014-02-05 13:27 - 00000000 ____D () C:\Users\Grisu\Desktop\TROJANER
2014-02-05 13:28 - 2014-02-05 13:28 - 00000166 _____ () C:\Users\Grisu\defogger_reenable
2014-02-05 13:28 - 2011-11-05 18:52 - 00000000 ____D () C:\Users\Grisu
2014-02-05 13:09 - 2012-02-22 21:33 - 00000000 ____D () C:\Users\Grisu\AppData\Local\64D48ACD-B492-4A9F-9D85-C9C79F07DDFC.aplzod
2014-02-05 12:57 - 2009-07-14 05:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 12:57 - 2009-07-14 05:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 12:56 - 2011-11-05 18:52 - 01134890 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 12:54 - 2012-04-09 11:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 12:54 - 2012-04-09 11:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 12:54 - 2011-11-05 19:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 12:51 - 2011-11-05 19:01 - 01621084 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 12:48 - 2013-04-23 12:25 - 00000000 ____D () C:\Users\Grisu\AppData\Local\FreePDF_XP
2014-02-05 12:48 - 2011-11-05 20:35 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 12:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 12:47 - 2009-07-14 05:39 - 00071726 _____ () C:\Windows\setupact.log
2014-02-05 12:47 - 2009-07-14 03:04 - 00000513 _____ () C:\Windows\win.ini
2014-01-23 21:54 - 2013-04-23 12:09 - 00000000 ____D () C:\Program Files\FreePDF_XP
2014-01-13 01:08 - 2012-02-22 14:49 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\UseNeXT
2014-01-13 00:32 - 2012-02-22 15:13 - 00000000 ____D () C:\Users\Grisu\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Grisu\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-21 22:21
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by Grisu at 2014-02-05 13:39:59
Running from C:\Users\Grisu\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
3Skeng Engineering© for Trimble SketchUp (Version: - )
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (Version: 1.15.13.0 - Ask.com) <==== ATTENTION
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.33021 - Ask.com)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
C-Media PCI Audio Device (Version: - )
Corel Graphics - Windows Shell Extension (Version: 15.1.0.588 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.1.588 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (Version: 15.1.0.588 - Corel Corporation)
Crystal Reports XI (Version: 11.0.0.128227 - Business Objects)
CrystalDiskInfo 4.2.0a (Version: 4.2.0a - Crystal Dew World)
DAEMON Tools Pro (Version: 5.1.0.0333 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Draeger MSI EM200 (Driver Removal) (Version: - Draeger Safety MSI GmbH)
Draeger MSI P7 (Driver Removal) (Version: - Draeger Safety MSI GmbH)
eDocPrintPro v3.17.6 (Version: 3.17.6 - MAY-Computer)
ELO Pdf Drucker (Version: 6.0 - ELO Digital Office GmbH)
ELOoffice (Version: 9.0 - ELO Digital Office GmbH)
EPSON BX305 Plus Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
FMS32-PRO Version 3.1.5 (Version: - )
FreePDF (Remove only) (Version: - )
Google Earth (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPL Ghostscript (Version: 9.04 - Artifex Software Inc.)
gs_x86 (Version: 9.05 - MAY-Computer)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1 - Microsoft Corporation)
HP LaserJet 4000 Drucksystem (Version: - )
HP PrecisionScan Pro 3.0 (Version: 3.0.2.0000 - Hewlett-Packard)
iCloud (Version: 3.0.2.163 - Apple Inc.)
iExplorer 2.2.1.0 (Version: - Macroplant, LLC)
IsoBuster 2.8.5 (Version: 2.8.5 - Smart Projects)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Labelwin Crystal 10 Treiber vom 06.10.2005 (Version: 2.0 - Label Software Gerald Bax GmbH Bielefeld)
Labelwin Crystal 11 (XI) Treiber vom 24.10.2005 (Version: 2.0 - Label Software Gerald Bax GmbH Bielefeld)
Labelwin DLL Grundroutinen (Version: 1.1.501 - Label Software Gerald Bax GmbH)
Labelwin DLL Grundroutinen Zusatz (Version: 1.1.600 - Label Software Gerald Bax GmbH)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mp3tag v2.54 (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Backup Drivers (Version: 1.0.11100.8.0 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nuance PaperPort 14 (Version: 14.0.0000 - Nuance Communications, Inc.)
NVIDIA Display Control Panel (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 307.83 (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
P7 USB Driver 5.4.24 (Version: - Dräger Safety MSI GmbH)
PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop (Version: 1.1.4241.14593 - OfficeDrop)
PaperPort Image Printer (Version: 14.00.0000 - Nuance Communications, Inc.)
PC200P 1.3,005 (Version: - Dräger MSI GmbH)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek AC'97 Audio (Version: - )
RedMon - Redirection Port Monitor (Version: - )
SketchUp Pro 8 (Version: 3.0.16944 - Trimble Navigation Limited)
SketchUp Viewer (Version: 8.0.15158 - Trimble Navigation Limited)
SpeedCommander 14 (Version: 14.00.6600 - SWE Sven Ritter)
Tablet Driver With Macrokey Manager (Version: - )
TeamViewer 8 (Version: 8.0.16447 - TeamViewer)
Ulead PhotoImpact 12 (Version: 12.0 - Ulead System)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (Version: - Microsoft)
UseNeXT by Tangysoft (Version: - Tangysoft Ltd.)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core - German (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
Win7codecs (Version: 3.5.0 - Shark007)
WinRar3.70 (Version: 3.70.0000 - Projekt-PolytroX)
==================== Restore Points =========================
31-12-2013 18:32:40 Geplanter Prüfpunkt
21-01-2014 21:27:11 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:04 - 2013-02-08 22:11 - 00000910 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {12AA3E1D-EDF6-4BAE-BD31-5B34B8E3F6E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6B5834B2-AB46-465D-9C6F-698E75D280CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: {732D4B6E-8703-476D-9A76-049D3DB3C0CA} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {911FA21C-32D6-4C90-BAD5-6E07824A567E} - System32\Tasks\AdobeAAMUpdater-1.0-Grisu-PC-Grisu => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {DB37DF28-DA16-45A5-9742-178141ADC2BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-05] (Google Inc.)
Task: {F0BAEFB5-3DD9-455C-84A8-79ADC720A207} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-12-20] ()
Task: {F7FBF0D3-0B4E-427E-904F-F0484BA12766} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-30 18:01 - 2004-07-26 16:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-24 19:46 - 2012-10-24 19:46 - 00006144 _____ () C:\Users\Grisu\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.2.gadget\CoreTempReader.dll
2012-10-24 19:46 - 2012-10-24 19:46 - 00008704 _____ () C:\Users\Grisu\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.2.gadget\GetCoreTempInfoNET.dll
2012-10-24 19:46 - 2012-10-24 19:46 - 00007680 _____ () C:\Users\Grisu\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.2.gadget\SystemInfo.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2012-11-02 19:10 - 2012-05-16 20:24 - 00002048 _____ () C:\Program Files\DAEMON Tools Pro\MSIMG32.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 00:15 - 2010-12-21 00:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2011-09-01 20:10 - 2011-09-01 20:10 - 00122720 _____ () C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL
2013-12-25 12:18 - 2013-12-25 12:19 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/23/2014 09:04:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: repakt10.exe, Version: 4.34.0.6, Zeitstempel: 0x500e5ab6
Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15, Zeitstempel: 0x4a5bda6c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000b3fa
ID des fehlerhaften Prozesses: 0x11cc
Startzeit der fehlerhaften Anwendung: 0xrepakt10.exe0
Pfad der fehlerhaften Anwendung: repakt10.exe1
Pfad des fehlerhaften Moduls: repakt10.exe2
Berichtskennung: repakt10.exe3
Error: (01/13/2014 00:40:40 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/05/2014 01:56:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79791
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c380b
ID des fehlerhaften Prozesses: 0x9f4
Startzeit der fehlerhaften Anwendung: 0xsidebar.exe0
Pfad der fehlerhaften Anwendung: sidebar.exe1
Pfad des fehlerhaften Moduls: sidebar.exe2
Berichtskennung: sidebar.exe3
Error: (01/02/2014 06:15:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x1394
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (12/31/2013 11:48:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x149c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (12/01/2013 05:27:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00118f87
ID des fehlerhaften Prozesses: 0x1288
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (11/20/2013 08:16:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xe64
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (11/17/2013 07:00:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.0.5046, Zeitstempel: 0x526b1e27
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.0.5046, Zeitstempel: 0x526b1d27
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001157e7
ID des fehlerhaften Prozesses: 0xbdc
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (11/16/2013 05:08:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: jre-7u45-windows-i586-iftw(3).exe, Version: 7.0.450.18, Zeitstempel: 0x52542683
Name des fehlerhaften Moduls: jre-7u45-windows-i586-iftw(3).exe, Version: 7.0.450.18, Zeitstempel: 0x52542683
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0001308d
ID des fehlerhaften Prozesses: 0x1410
Startzeit der fehlerhaften Anwendung: 0xjre-7u45-windows-i586-iftw(3).exe0
Pfad der fehlerhaften Anwendung: jre-7u45-windows-i586-iftw(3).exe1
Pfad des fehlerhaften Moduls: jre-7u45-windows-i586-iftw(3).exe2
Berichtskennung: jre-7u45-windows-i586-iftw(3).exe3
Error: (11/13/2013 11:06:49 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f74
Startzeit: 01cee09ebe9d188c
Endzeit: 402
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 30405f96-4caf-11e3-8e7a-0004619288f2
System errors:
=============
Error: (02/05/2014 00:48:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/28/2014 11:54:12 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/28/2014 11:53:55 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/25/2014 09:39:36 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/23/2014 04:03:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/22/2014 07:10:13 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/21/2014 06:58:24 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/19/2014 11:37:39 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/12/2014 11:07:44 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/11/2014 08:38:38 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Microsoft Office Sessions:
=========================
Error: (01/23/2014 09:04:10 PM) (Source: Application Error)(User: )
Description: repakt10.exe4.34.0.6500e5ab6MSVBVM60.DLL6.0.98.154a5bda6cc00000050000b3fa11cc01cf1876348c3ee8D:\labelwin\repakt10.exeC:\Windows\system32\MSVBVM60.DLL859b5363-8469-11e3-8e03-0004619288f2
Error: (01/13/2014 00:40:40 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"K:\---Multisession---\---Audio Apps---\iTunes\iTunes64Setup.exe
Error: (01/05/2014 01:56:33 AM) (Source: Application Error)(User: )
Description: sidebar.exe6.1.7601.175144ce79791ntdll.dll6.1.7601.177254ec49b60c0000374000c380b9f401cf095e30cc983aC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\SYSTEM32\ntdll.dll37c2a3a1-75a4-11e3-8277-0004619288f2
Error: (01/02/2014 06:15:55 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8139401cf07d8fed38af1C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll89de605b-73d1-11e3-bd40-0004619288f2
Error: (12/31/2013 11:48:25 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8149c01cf06609aa3be83C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dlla819d17b-726d-11e3-aec5-0004619288f2
Error: (12/01/2013 05:27:32 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87128801ceeeb1f51245f1C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll79e4ce8e-5aa5-11e3-b8f3-0004619288f2
Error: (11/20/2013 08:16:58 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487e6401cee6250b1e0a0bC:\Program Files\Avira\AntiVir Desktop\avnotify.exeC:\Program Files\Avira\AntiVir Desktop\avnotify.exe52970c08-5218-11e3-b8d4-0004619288f2
Error: (11/17/2013 07:00:18 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.0.5046526b1e27xul.dll25.0.0.5046526b1d27c0000005001157e7bdc01cee38ac8d2e76eC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll1da0c119-4fb2-11e3-a801-0004619288f2
Error: (11/16/2013 05:08:39 PM) (Source: Application Error)(User: )
Description: jre-7u45-windows-i586-iftw(3).exe7.0.450.1852542683jre-7u45-windows-i586-iftw(3).exe7.0.450.1852542683c00004090001308d141001cee2e603a4e3d6C:\Users\Grisu\Downloads\jre-7u45-windows-i586-iftw(3).exeC:\Users\Grisu\Downloads\jre-7u45-windows-i586-iftw(3).exe5a3e8f7f-4ed9-11e3-ad54-0004619288f2
Error: (11/13/2013 11:06:49 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567f7401cee09ebe9d188c402C:\Windows\Explorer.EXE30405f96-4caf-11e3-8e7a-0004619288f2
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3327.55 MB
Available physical RAM: 1986.53 MB
Total Pagefile: 6653.39 MB
Available Pagefile: 4983.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:14.39 GB) NTFS
Drive d: (System) (Fixed) (Total:114.49 GB) (Free:6.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 114 GB) (Disk ID: EC77EC77)
Partition 1: (Active) - (Size=114 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 2
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 31071805)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-05 14:04:45
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4 OCZ-VERTEX3 rev.2.11 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Grisu\AppData\Local\Temp\pgloqpoc.sys
---- System - GMER 2.1 ----
SSDT 94405466 ZwCreateSection
SSDT 94405470 ZwRequestWaitReplyPort
SSDT 9440546B ZwSetContextThread
SSDT 94405475 ZwSetSecurityObject
SSDT 9440547A ZwSystemDebugControl
SSDT 94405407 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A5C3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A95D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82A9CEAC 4 Bytes [66, 54, 40, 94] {PUSH SP; INC EAX; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82A9D208 4 Bytes [70, 54, 40, 94] {JO 0x56; INC EAX; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82A9D24C 4 Bytes [6B, 54, 40, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82A9D2C8 4 Bytes [75, 54, 40, 94] {JNZ 0x56; INC EAX; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82A9D31C 4 Bytes [7A, 54, 40, 94] {JP 0x56; INC EAX; XCHG ESP, EAX}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] ntdll.dll!LdrGetProcedureAddress + 26 77682239 7 Bytes JMP 01DFB780 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 769393D6 7 Bytes JMP 02636EDA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!QueryPerformanceCounter + 13 7693C435 7 Bytes JMP 02636EFD C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!LoadAppInitDlls + 355 7693F4F6 7 Bytes JMP 01E00836 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] GDI32.dll!GetViewportOrgEx + 26C 7603884B 7 Bytes JMP 02636E5B C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVolUp.sys
---- EOF - GMER 2.1 ----
Ich hoffe ich habe alles was Ihr benötigt.
Hoffentlich könnt ihr mir helfen |
