1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mozilla Firefox redirect virus

Discussion in 'Virus & Other Malware Removal' started by elbribon, Apr 10, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    Hi folks, I've got that google "adwordsredirect" virus, which redirects my google searches. I've had all type of malware(malwarebytes, superantispyware, Hitman pro, etc..) programs running but I can't get red of it. I browsed through different posts on the inernet but none of them worked for me.
    Please let me know what log fies you need fom me. I'll post them.

    OS: windows xp sp2
     
  2. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,847
    Hi click on the Report button and ask the Moderators to move your post to the Malware and Hijack this forum.
    They are always busy and it will take some time.
    You should also close your post at the Spybot forum - two experts helping you, will only confuse you and it is not fair on those spending their time in helping you. ;)
     
  3. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    THX

    Didn't know those are similar forums
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully

    Download ComboFix from Here to your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  5. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    PART 1


    ComboFix 10-04-09.06 - tam 10.04.2010 19:18:48.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.601 [GMT 2:00]
    ausgeführt von:: f:\dokumente und einstellungen\tam\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    * Neuer Wiederherstellungspunkt wurde erstellt
    .

    ((((((((((((((((((((((( Dateien erstellt von 2010-03-10 bis 2010-04-10 ))))))))))))))))))))))))))))))
    .

    2010-04-10 16:55 . 2008-07-30 01:33 -------- d-----w- F:\327882R2FWJFW
    2010-04-10 13:44 . 2010-04-10 13:44 -------- d-----w- f:\programme\Trend Micro
    2010-04-10 08:13 . 2010-04-10 08:13 52224 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-10 08:13 . 2010-04-10 08:13 117760 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-10 08:12 . 2010-04-10 08:12 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
    2010-04-10 08:11 . 2010-04-10 08:15 -------- d-----w- f:\programme\SUPERAntiSpyware
    2010-04-10 08:11 . 2010-04-10 08:11 -------- d-----w- f:\dokumente und einstellungen\tam\Anwendungsdaten\SUPERAntiSpyware.com
    2010-04-09 17:18 . 2010-03-22 13:53 32576 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Mozilla\Firefox\Profiles\01np1otq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    2010-04-09 17:18 . 2010-03-22 13:53 29984 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Mozilla\Firefox\Profiles\01np1otq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
    2010-04-09 08:24 . 2010-04-09 08:24 -------- d-----w- f:\dokumente und einstellungen\tam\Lokale Einstellungen\Anwendungsdaten\Mozilla
    2010-04-09 05:04 . 2009-09-29 13:14 3101560 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Simply Super Software\Trojan Remover\ypk20.exe
    2010-04-08 17:44 . 2010-04-08 17:44 -------- d-----w- f:\dokumente und einstellungen\tam\Lokale Einstellungen\Anwendungsdaten\Threat Expert
    2010-04-08 15:00 . 2010-04-08 15:00 5918776 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-08 15:00 . 2010-04-08 15:00 -------- d-----w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Malwarebytes
    2010-04-08 15:00 . 2010-03-29 22:46 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-08 15:00 . 2010-03-29 22:45 20824 ----a-w- f:\windows\system32\drivers\mbam.sys
    2010-04-08 15:00 . 2010-04-08 15:02 -------- d-----w- f:\programme\Malwarebytes' Anti-Malware
    2010-04-07 05:34 . 2010-04-07 05:34 56766 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-04-07 05:34 . 2010-04-07 05:29 754984 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\Resource.dll
    2010-04-07 05:34 . 2010-03-22 09:36 986904 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
    2010-04-07 05:34 . 2010-02-07 17:55 530625 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
    2010-04-07 05:34 . 2010-02-07 17:55 530625 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe
    2010-04-07 05:34 . 2010-04-07 05:34 56978 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\WebPlayer\Uninstaller.exe
    2010-04-07 05:34 . 2010-04-07 05:34 57409 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\ControlPanel\Uninstaller.exe
    2010-04-07 05:34 . 2010-04-07 05:34 53600 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Update\Uninstaller.exe
    2010-04-07 05:34 . 2010-04-07 05:34 52963 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-04-07 05:33 . 2010-04-07 05:33 54073 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Qt4.5\Uninstaller.exe
    2010-04-07 05:29 . 2010-04-07 05:34 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX
    2010-04-05 13:01 . 2009-12-16 16:07 166912 ----a-w- f:\windows\system32\libmcrypt.dll
    2010-04-05 11:52 . 2010-04-05 11:52 -------- d-----w- f:\programme\MySQL
    2010-03-30 11:44 . 2003-10-03 11:21 174592 ----a-w- f:\windows\system32\framedyn.dll
    2010-03-30 11:40 . 2010-03-30 11:40 503808 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-612f2b1f-n\msvcp71.dll
    2010-03-30 11:40 . 2010-03-30 11:40 348160 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-612f2b1f-n\msvcr71.dll
    2010-03-30 11:40 . 2010-03-30 11:40 61440 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19021ddb-n\decora-sse.dll
    2010-03-30 11:40 . 2010-03-30 11:40 499712 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-612f2b1f-n\jmc.dll
    2010-03-30 11:40 . 2010-03-30 11:40 12800 ----a-w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19021ddb-n\decora-d3d.dll
    2010-03-30 11:40 . 2010-03-30 11:40 -------- d-----w- f:\programme\Gemeinsame Dateien\Java
    2010-03-30 11:38 . 2010-03-30 11:38 -------- d-----w- f:\programme\Java
    2010-03-30 10:53 . 2010-04-09 08:17 15944 ----a-w- f:\windows\system32\drivers\hitmanpro35.sys
    2010-03-30 10:53 . 2010-03-30 11:13 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Hitman Pro
    2010-03-30 09:01 . 2010-01-21 23:21 767952 ----a-w- f:\windows\BDTSupport.dll
    2010-03-30 09:01 . 2010-01-21 23:21 149456 ----a-w- f:\windows\SGDetectionTool.dll
    2010-03-30 09:01 . 2010-01-21 23:21 165840 ----a-w- f:\windows\PCTBDRes.dll
    2010-03-30 09:01 . 2010-01-21 23:21 1652688 ----a-w- f:\windows\PCTBDCore.dll
    2010-03-30 09:01 . 2009-10-30 09:11 233136 ----a-w- f:\windows\system32\drivers\pctgntdi.sys
    2010-03-30 09:01 . 2009-11-09 09:20 207792 ----a-w- f:\windows\system32\drivers\PCTCore.sys
    2010-03-30 09:01 . 2009-10-06 14:31 87784 ----a-w- f:\windows\system32\drivers\PCTAppEvent.sys
    2010-03-30 09:01 . 2009-09-03 07:45 70408 ----a-w- f:\windows\system32\drivers\pctplsg.sys
    2010-03-30 09:01 . 2010-04-10 16:34 -------- d-----w- f:\programme\Spyware Doctor
    2010-03-30 09:01 . 2010-03-30 09:01 -------- d-----w- f:\dokumente und einstellungen\tam\Anwendungsdaten\PC Tools
    2010-03-30 09:01 . 2010-03-30 09:01 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
    2010-03-30 08:16 . 2010-03-30 08:16 -------- d-----w- f:\programme\TrendMicro
    2010-03-29 19:08 . 2010-04-06 12:50 -------- d-----w- f:\programme\GnuWin32
    2010-03-21 21:55 . 2010-03-21 21:55 -------- d--h--w- f:\windows\PIF
    2010-03-20 10:49 . 2010-03-20 10:49 -------- d-----w- f:\dokumente und einstellungen\HelpAssistant.MONIR-A1519CD50\.assistant
    2010-03-19 15:02 . 2010-03-19 15:02 -------- d-----w- f:\dokumente und einstellungen\tam\.assistant
    2010-03-19 14:19 . 2010-03-29 17:53 -------- d-----w- f:\programme\ElsterFormular

    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-10 16:58 . 2001-08-18 12:00 511476 ----a-w- f:\windows\system32\perfh007.dat
    2010-04-10 16:58 . 2001-08-18 12:00 123214 ----a-w- f:\windows\system32\perfc007.dat
    2010-04-10 16:53 . 2009-12-24 21:47 -------- d---a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
    2010-04-10 08:11 . 2009-12-29 17:30 -------- d-----w- f:\programme\Gemeinsame Dateien\Wise Installation Wizard
    2010-04-09 17:22 . 2010-03-07 14:10 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
    2010-04-09 05:03 . 2009-12-24 23:03 -------- d-----w- f:\programme\Trojan Remover
    2010-04-07 05:34 . 2009-12-24 22:17 -------- d-----w- f:\programme\DivX
    2010-04-07 05:33 . 2009-12-24 22:17 -------- d-----w- f:\programme\Gemeinsame Dateien\DivX Shared
    2010-04-05 11:00 . 2009-11-16 22:58 50192 ----a-w- f:\dokumente und einstellungen\tam\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
    2010-04-05 08:06 . 2010-01-13 15:19 -------- d-----w- f:\programme\phase5
    2010-03-30 11:38 . 2009-11-20 13:24 411368 ----a-w- f:\windows\system32\deploytk.dll
    2010-03-30 09:01 . 2009-12-25 09:16 -------- d-----w- f:\programme\Gemeinsame Dateien\PC Tools
    2010-03-22 08:18 . 2009-12-24 10:29 -------- d-----w- f:\programme\BitComet
    2010-03-21 13:52 . 2009-12-09 10:03 -------- d-----w- f:\dokumente und einstellungen\tam\Anwendungsdaten\U3
    2010-03-19 11:19 . 2009-11-26 20:45 -------- d-----w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Skype
    2010-03-18 09:20 . 2010-01-05 17:02 -------- d-----w- f:\dokumente und einstellungen\tam\Anwendungsdaten\skypePM
    2010-03-18 09:15 . 2009-12-09 09:52 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\SUIIMAGE
    2010-03-12 23:03 . 2010-01-30 13:23 -------- d-----w- f:\programme\PHP Editor
    2010-03-11 11:41 . 2010-03-11 11:41 -------- d-----w- f:\dokumente und einstellungen\tam\Anwendungsdaten\Artisteer
    2010-03-11 11:39 . 2010-03-11 11:37 -------- d-----w- f:\programme\Artisteer 2
    2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- f:\windows\system32\dpl100.dll
    2010-03-07 14:10 . 2010-03-07 14:10 -------- d-----w- f:\programme\NOS
    2010-02-12 18:13 . 2010-02-12 18:13 -------- d-----w- f:\programme\Easy Hi-Q Recorder
    2010-02-01 07:43 . 2009-05-21 15:48 2352 ----a-w- f:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
    2010-02-01 07:41 . 2010-02-01 07:25 53319 ----a-w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    2010-02-01 07:25 . 2010-02-01 07:26 29480 ----a-w- f:\windows\system32\msxml3a.dll
    2009-05-19 18:06 . 2009-05-19 18:05 327 ----a-w- f:\programme\boot.ini
    .

    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    f:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
    Monitor Apache Servers.lnk - f:\programme\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-3-4 41051]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 12:21 548352 ----a-w- f:\programme\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\startupfolder\F:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SmartUI.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    f:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2004-12-14 00:12 483328 ----a-w- f:\programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 15:10 35696 ----a-w- f:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    2009-03-02 11:08 209153 ----a-w- f:\programme\Avira\AntiVir Desktop\avgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-03-05 15:32 1135912 ----a-w- f:\programme\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
    2007-01-09 11:33 49152 ----a-w- f:\windows\Domino.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
    2009-05-21 15:04 202752 ----a-w- f:\programme\Medionkeyboard\1.3\MMKEYBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMMEDIONMOUSE]
    2009-05-21 15:03 356352 ----a-w- f:\programme\Browser mouse\1.3\mouse32a.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2002-08-08 09:09 36864 ----a-w- f:\programme\Scansoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2010-03-29 22:46 437584 ----a-w- f:\programme\Malwarebytes' Anti-Malware\mbamgui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-06 16:51 3885408 ----a-w- f:\progra~1\WI1F86~1\MESSEN~1\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2002-08-08 08:38 45108 ----a-w- f:\programme\Scansoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    2003-12-04 10:34 406016 ----a-w- f:\windows\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PP8 SE Reminder]
    2002-10-03 07:25 57344 ----a-w- f:\programme\Scansoft\PaperPort\WebEreg\NAVBrowser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
    2003-03-28 16:32 45056 ------w- f:\programme\Brother\Brmflp03\BrStDvPt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 09:43 248040 ----a-w- f:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-04-10 08:15 2001648 ----a-w- f:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
    2007-01-09 11:34 49152 ----a-w- f:\windows\VMSnap3.EXE

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "f:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
    "f:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "f:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
    "f:\\Programme\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "f:\\Programme\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "f:\\Programme\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "f:\\Programme\\Messenger\\Msmsgs.exe"=
    "f:\\Programme\\BitComet\\BitComet.exe"=
    "f:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
    "f:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
    "f:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
    "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
    "f:\\WINDOWS\\system32\\dpvsetup.exe"=
    "f:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Programme\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2479:TCP"= 2479:TCP:Services
    "5799:TCP"= 5799:TCP:Services
    "60482:TCP"= 60482:TCP:BitComet 60482 TCP
    "60482:UDP"= 60482:UDP:BitComet 60482 UDP
    "7149:TCP"= 7149:TCP:Services
    "7148:TCP"= 7148:TCP:Services
    "7600:TCP"= 7600:TCP:Services
    "7601:TCP"= 7601:TCP:Services
    "3476:TCP"= 3476:TCP:Services
    "5452:TCP"= 5452:TCP:Services

    R0 PCTCore;PCTools KDS;f:\windows\system32\drivers\PCTCore.sys [30.03.2010 11:01 207792]
    R0 PQV2i;PQV2i;f:\windows\system32\drivers\PQV2i.sys [12.09.2003 14:19 132899]
    R1 LStone;Pinnacle Systems Studio AV/DV Overlay;f:\windows\system32\drivers\LStone2k.sys [17.05.2009 18:44 247936]
    R1 MemAlloc;MemAlloc;f:\windows\system32\drivers\MemAlloc.sys [17.05.2009 18:44 5543]
    R1 PQIMount;PQIMount;f:\windows\system32\drivers\PQIMount.sys [12.09.2003 14:48 46810]
    R1 SASDIFSV;SASDIFSV;f:\programme\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 08:43 9968]
    R1 SASKUTIL;SASKUTIL;f:\programme\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 08:43 74480]
    R1 SSHDRV64;SSHDRV64;f:\windows\system32\drivers\SSHDRV64.sys [17.05.2009 19:06 113152]
    R2 AntiVirSchedulerService;Avira AntiVir Planer;f:\programme\Avira\AntiVir Desktop\sched.exe [16.05.2009 23:47 108289]
    R2 Apache2.2;Apache2.2;f:\programme\Apache Software Foundation\Apache2.2\bin\httpd.exe [04.03.2010 12:27 24645]
    R2 IGDCTRL;AVM IGD CTRL Service;f:\programme\FRITZ!DSL\IGDCTRL.EXE [28.07.2009 17:07 73528]
    R2 MBAMService;MBAMService;f:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [08.04.2010 17:00 303952]
    R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [08.04.2010 17:00 20824]
    R3 MTXPARH;MTXPARH;f:\windows\system32\drivers\MTXPARHM.sys [17.05.2009 00:24 452736]
    R3 vmfilter303;vmfilter303;f:\windows\system32\drivers\vmfilter303.sys [17.05.2009 17:50 428160]
    S2 Browser Defender Update Service;Browser Defender Update Service;f:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [30.03.2010 11:01 112592]
    S3 brfilt;Brother MFC-Filtertreiber;f:\windows\system32\drivers\BrFilt.sys [08.10.2009 11:21 2944]
    S3 BrSerWDM;Brother WDM-Treiber (seriell);f:\windows\system32\drivers\BrSerWdm.sys [08.10.2009 11:18 61952]
    S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB);f:\windows\system32\drivers\BrUsbMdm.sys [08.10.2009 11:21 11008]
    S3 BrUsbScn;Brother MFC-Scannertreiber (USB);f:\windows\system32\drivers\BrUsbScn.sys [08.10.2009 11:21 10368]
    S3 MBAMSwissArmy;MBAMSwissArmy;f:\windows\system32\drivers\mbamswissarmy.sys [08.04.2010 17:00 38224]
    S3 SASENUM;SASENUM;f:\programme\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 08:43 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;f:\programme\Spyware Doctor\pctsAuxs.exe [30.03.2010 11:01 359624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Inhalt des "geplante Tasks" Ordners

    2010-04-10 f:\windows\Tasks\User_Feed_Synchronization-{F25D2E42-E898-4A01-AEE5-871BD1634172}.job
    - f:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

    2010-04-10 f:\windows\Tasks\WGASetup.job
    - f:\windows\system32\KB905474\wgasetup.exe [2009-11-07 21:18]
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    IE: Convert link target to Adobe PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - f:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Nach Microsoft &Excel exportieren - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    FF - ProfilePath - f:\dokumente und einstellungen\tam\Anwendungsdaten\Mozilla\Firefox\Profiles\01np1otq.default\
    FF - plugin: f:\dokumente und einstellungen\tam\Anwendungsdaten\Mozilla\Firefox\Profiles\01np1otq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

    ---- FIREFOX Richtlinien ----
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    f:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    f:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    f:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    f:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    f:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    f:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    f:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    f:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    f:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -

    HKLM-Run-BigDog303 - f:\windows\VM303_STI.EXE
    MSConfigStartUp-HitmanPro35 - f:\programme\Hitman Pro 3.5\HitmanPro35.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-10 19:23
    Windows 5.1.2600 Service Pack 3 NTFS

    Scanne versteckte Prozesse...

    Scanne versteckte Autostarteinträge...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog303 = f:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)[email protected]??????????????

    Scanne versteckte Dateien...

    Scan erfolgreich abgeschlossen
    versteckte Dateien: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AE3450]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf769cf28
    \Driver\ACPI -> ACPI.sys @ 0xf75cecb8
    \Driver\atapi -> atapi.sys @ 0xf7560852
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
    ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
    ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
    NDIS: 3Com 3C920B-EMB Integrated Fast Ethernet Controller -> SendCompleteHandler -> 0x85e4d330
    PacketIndicateHandler -> NDIS.sys @ 0xf742fa0d
    SendHandler -> NDIS.sys @ 0xf7443b40
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySQL]
    "ImagePath"="\"f:\programme\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"f:\programme\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\.bmp\OpenWithList\PhotoSnapViewer.exe]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.cut\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.dds\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.dib\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.gif\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.ico\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.iff\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.ifo\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.jfif\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.jif\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.jng\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.jpe\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.koa\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.lbm\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.ljp\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.mng\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.pbm\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.pcd\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.pcx\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.ppm\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.psd\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.tga\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.tif\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.tiff\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.vob\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.wbm\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.wbmp\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.wmf\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\.wpg\OpenWithList]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\ATLPlugin.ATL3DPage_d2.1\CLSID]
    @DACL=(02 0000)
    @="{cc10ddda-2452-4598-a6c4-f9f2f0b6a758\0d\0a}"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7587D-871C-4944-9CEE-FDF6F70AAB60}\InprocServer32]
    @DACL=(02 0000)
    "Settings"=hex:2c,00,00,00,23,66,00,00,65,2c,71,98,b5,65,5b,b1,98,9f,2e,ef,3d,
    f3,e6,5f,83,ef,e6,b1,eb,35,52,02,57,b4,d9,1f,1f,02,b4,d9,fb,3d,02,28,b4,b4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7587D-871C-4944-9CEE-FDF6F70AAB60}\ProgID]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\ppifile\DefaultIcon]
    @DACL=(02 0000)
    @=expand:"%SystemRoot%\\system32\\msppcnfg.exe,1"

    [HKEY_LOCAL_MACHINE\software\Classes\ppifile\shell]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\pxm\Default Icon]
    @DACL=(02 0000)
    @="\"f:\\Dokumente und Einstellungen\\MONIR\\Lokale Einstellungen\\Temp\\{D041EB9E-890A-4098-8F94-51DA194AC72A}\\PixieTool.exe\""

    [HKEY_LOCAL_MACHINE\software\Classes\pxm\shell]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0]
    @DACL=(02 0000)
    @="PIcon 1.0 Type Library"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.BrowseUI\RegBackup]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Automenu]
    @DACL=(02 0000)
    "classid"="clsid:6B28F900-8D64-4B80-9963-CC52DDD1FBB4"
    "visible"="false"
    "tabstop"="false"
    "width"="1"
    "height"="1"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\BalanceSlider]
    @DACL=(02 0000)
    "classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
    "toolTip"="res://wmploc.dll/RT_STRING/#1845"
    "min"="-100"
    "max"="100"
    "value"="wmpprop: player.settings.balance"
    "value_onchange"="player.settings.balance=value;"
    "accName"="res://wmploc.dll/RT_STRING/#2112"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\browser]
    @DACL=(02 0000)
    "classid"="clsid:8856F961-340A-11D0-A96B-00C04FD705A2"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Button]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup]
    @DACL=(02 0000)
    "classid"="clsid:AE3B6831-25A9-11d3-BD41-00C04F6EA5AE"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CloseButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1812"
    "onclick"="view.close();"
    "accName"="res://wmploc.dll/RT_STRING/#2134"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2135"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CurrentPositionText]
    @DACL=(02 0000)
    "classid"="clsid: DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
    "tabStop"="true"
    "justification"="right"
    "value"="wmpprop: player.controls.currentPositionString"
    "accName"="res://wmploc.dll/RT_STRING/#2103"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\CustomSlider]
    @DACL=(02 0000)
    "classid"="clsid:95F45AA3-ED0A-11D2-BA67-0000F80855E6"
    "cursor"="hand"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist]
    @DACL=(02 0000)
    "classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
    "playlistItemsVisible"="false"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DurationText]
    @DACL=(02 0000)
    "classid"="clsid: DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
    "tabStop"="true"
    "justification"="right"
    "value"="wmpprop: player.currentMedia.DurationString"
    "accName"="res://wmploc.dll/RT_STRING/#2104"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EditBox]
    @DACL=(02 0000)
    "classid"="clsid:6342FCED-25EA-4033-BDDB-D049A14382D3"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\EqualizerSettings]
    @DACL=(02 0000)
    "classid"="clsid:93EB32F5-87B1-45ad-ACC6-0F2483DB83BB"
    "tabStop"="false"
     
  6. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    PART 2


    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\FFWDButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "enabled"="wmpenabled: player.controls.fastforward"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1804"
    "onclick"="player.controls.FastForward()"
    "accName"="res://wmploc.dll/RT_STRING/#2120"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ImageButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "cursor"="hand"
    "accName"="res://wmploc.dll/RT_STRING/#2140"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist]
    @DACL=(02 0000)
    "classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"
    "backgroundcolor"="black"
    "foregroundcolor"="white"
    "columnsVisible"="false"
    "columns"="name=Name;Duration=Time"
    "dropDownVisible"="false"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\LibraryTree]
    @DACL=(02 0000)
    "classid"="clsid: D9DE732A-AEE9-4503-9D11-5605589977A8"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox]
    @DACL=(02 0000)
    "classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\menu]
    @DACL=(02 0000)
    "classid"="clsid:BAB3768B-8883-4AEC-9F9B-E14C947913EF"
    "visible"="false"
    "tabstop"="false"
    "width"="1"
    "height"="1"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MinimizeButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1811"
    "onclick"="view.minimize();"
    "accName"="res://wmploc.dll/RT_STRING/#2132"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2133"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\MuteButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1807"
    "downToolTip"="res://wmploc.dll/RT_STRING/#1808"
    "sticky"="true"
    "down"="wmpprop: player.settings.mute"
    "onClick"="player.settings.mute=down;"
    "accName"="res://wmploc.dll/RT_STRING/#2130"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2131"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\NextButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "enabled"="wmpenabled: player.controls.next"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1806"
    "onclick"="player.controls.Next()"
    "accName"="res://wmploc.dll/RT_STRING/#2124"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PauseButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "enabled"="wmpenabled: player.controls.pause"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1801"
    "onclick"="player.controls.pause()"
    "accName"="res://wmploc.dll/RT_STRING/#2116"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PlayButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "enabled"="wmpenabled: player.controls.play"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1800"
    "onclick"="player.controls.play()"
    "accName"="res://wmploc.dll/RT_STRING/#2115"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist]
    @DACL=(02 0000)
    "classid"="clsid:5F9CFD93-8CAD-11d3-9A7E-00C04F8EFB70"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\plugin]
    @DACL=(02 0000)
    "classid"="clsid:AA1AC37B-49A8-4B41-AF69-B0176C5FFC33"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp]
    @DACL=(02 0000)
    "classid"="clsid:FC1880CF-83B9-43A7-A066-C44CE8C82583"
    "popup"="true"
    "visible"="false"
    "backgroundColor"="menu"
    "foregroundColor"="menutext"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PrevButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "enabled"="wmpenabled: player.controls.previous"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1805"
    "onclick"="player.controls.Previous()"
    "accName"="res://wmploc.dll/RT_STRING/#2126"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ProgressBar]
    @DACL=(02 0000)
    "classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\RepeatButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1816"
    "downToolTip"="res://wmploc.dll/RT_STRING/#1817"
    "sticky"="true"
    "down"="jscript: player.settings.GetMode(\"loop\");"
    "onClick"="player.settings.setMode(\"loop\", down);"
    "accName"="res://wmploc.dll/RT_STRING/#2138"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2139"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ReturnButton]
    @DACL=(02 0000)
    "upToolTip"="res://wmploc.dll/RT_STRING/#1813"
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "onclick"="view.returnToMediaCenter();"
    "accName"="res://wmploc.dll/RT_STRING/#2128"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2129"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\REWButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "enabled"="wmpenabled: player.controls.fastreverse"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1803"
    "onclick"="player.controls.FastReverse()"
    "accName"="res://wmploc.dll/RT_STRING/#2122"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\SeekSlider]
    @DACL=(02 0000)
    "classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
    "toolTip"="res://wmploc.dll/RT_STRING/#1809"
    "min"="0"
    "max"="wmpprop: player.currentmedia.duration"
    "value"="wmpprop: player.controls.currentposition"
    "ondragend"="player.controls.currentposition=value;"
    "foregroundProgress"="wmpprop: player.network.downloadProgress"
    "useForegroundProgress"="true"
    "accName"="res://wmploc.dll/RT_STRING/#2109"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ShuffleButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1814"
    "downToolTip"="res://wmploc.dll/RT_STRING/#1815"
    "sticky"="true"
    "down"="jscript: player.settings.GetMode(\"shuffle\");"
    "onClick"="player.settings.setMode(\"shuffle\", down);"
    "accName"="res://wmploc.dll/RT_STRING/#2136"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2137"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Slider]
    @DACL=(02 0000)
    "classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2108"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StatusText]
    @DACL=(02 0000)
    "classid"="clsid: DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
    "tabStop"="true"
    "value"="wmpprop: player.status"
    "accName"="res://wmploc.dll/RT_STRING/#2102"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\StopButton]
    @DACL=(02 0000)
    "classid"="clsid:87291B51-0C8E-11D3-BB2A-00A0C93CA73A"
    "enabled"="wmpenabled: player.controls.stop"
    "upToolTip"="res://wmploc.dll/RT_STRING/#1802"
    "onclick"="player.controls.stop()"
    "accName"="res://wmploc.dll/RT_STRING/#2118"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\taskcenter]
    @DACL=(02 0000)
    "classid"="clsid:395BF287-6477-495f-8427-2C09A23C3248"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Text]
    @DACL=(02 0000)
    "classid"="clsid: DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
    "tabStop"="false"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\TrackNameText]
    @DACL=(02 0000)
    "classid"="clsid: DDDA102E-0E17-11D3-A2E2-00C04F79F88E"
    "tabStop"="true"
    "value"="wmpprop: player.currentmedia.name"
    "accName"="res://wmploc.dll/RT_STRING/#2105"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Video]
    @DACL=(02 0000)
    "classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VideoSettings]
    @DACL=(02 0000)
    "classid"="clsid:AE7BFAFE-DCC8-4a73-92C8-CC300CA88859"
    "tabStop"="false"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\VolumeSlider]
    @DACL=(02 0000)
    "classid"="clsid:F2BF2C90-405F-11D3-BB39-00A0C93CA73A"
    "min"="0"
    "max"="100"
    "value"="wmpprop: player.settings.volume"
    "value_onchange"="if (value!=player.settings.volume){player.settings.volume=value;player.settings.mute=false;}"
    "toolTip"="res://wmploc.dll/RT_STRING/#1810"
    "accName"="res://wmploc.dll/RT_STRING/#2110"
    "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2111"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPEffects]
    @DACL=(02 0000)
    "classid"="clsid:47DEA830-D619-4154-B8D8-6B74845D6A2D"
    "tabStop"="false"
    "width"="250"
    "height"="200"
    "horizontalAlignment"="stretch"
    "verticalAlignment"="stretch"
    "currentEffectType"="wmpprop:mediacenter.effectType"
    "currentPreset"="wmpprop:mediacenter.effectPreset"
    "currentEffectType_onchange"="mediacenter.effectType = currentEffectType;"
    "currentPreset_onchange"="mediacenter.effectPreset = currentPreset;"
    "onclick"="next();"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\WMPVideo]
    @DACL=(02 0000)
    "classid"="clsid:61CECF11-FC3A-11D2-A1CD-005004602752"
    "horizontalAlignment"="stretch"
    "verticalAlignment"="stretch"
    "zoom"="wmpprop:mediacenter.videoZoom"
    "stretchToFit"="wmpprop:mediacenter.videoStretchToFit"
    "backgroundColor"="black"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services]
    @DACL=(02 0000)
    "NoServices"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0890F930-4F80-4646-BAB1-4B6E5571FB89}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1491"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{1F32514F-1561-4922-A604-8A1F478B5A42}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1495"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{52903d79-f993-4de6-8317-20c9c176d823}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1496"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{59E7BF52-E5C9-4382-A39A-522DEE9AFDFD}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1497"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5DF031B7-6A37-42D9-8802-E27F4F224332}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000003
    "FriendlyName"="Viz Plug-in"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5F4BB5C9-4652-489B-8601-EEC0C3C32E2E}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1494"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{7F2B1D6B-1357-402C-A1C8-67E59583B41D}]
    @DACL=(02 0000)
    "Description"="Captions plugin description"
    "Capabilities"=dword:000000f0
    "FriendlyName"="Captions plugin name"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{93075F62-16B3-43EC-A53B-FFAD0E01D5E7}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000003
    "FriendlyName"="res://wmploc.dll/RT_STRING/#209"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9695AEF9-9D03-4671-8F2F-FF49D1BB01C4}]
    @DACL=(02 0000)
    "Description"="Media Information description"
    "Capabilities"=dword:00000005
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1407"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{976ABECA-93F7-4d81-9187-2A6137829675}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1490"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{99DB05E3-F81E-4C8A-A252-F396306AB6FE}]
    @DACL=(02 0000)
    "Description"="Banner plugin description"
    "Capabilities"=dword:000000f0
    "FriendlyName"="Banner plugin name"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9F9562EB-15B6-46C6-A7CB-0A66FC65130E}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1493"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9FA014E3-076F-4865-A73C-117131B8E292}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000004
    "FriendlyName"="res://wmploc.dll/RT_STRING/#1492"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{D5E49195-ED19-40fb-9EE0-E6625A808B77}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000003
    "FriendlyName"="Video Plug-in"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{E641D09E-E500-4c09-8260-F1CD7B902E9C}]
    @DACL=(02 0000)
    "FriendlyName"="WM View plugin name"
    "Description"="WM View plugin description"
    "Capabilities"=dword:000000f0

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{F24A1BC2-2331-4B91-8A13-5A549DA56E9D}]
    @DACL=(02 0000)
    "Capabilities"=dword:00000003
    "FriendlyName"="Border Plug-in"

    [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{FD981763-B6BB-4d51-9143-6D372A0ED56F}]
    @DACL=(02 0000)
    "FriendlyName"="res://wmploc.dll/RT_STRING/#5822"
    "Description"="res://wmploc.dll/RT_STRING/#5823"
    "Capabilities"=dword:00000003

    [HKEY_LOCAL_MACHINE\software\MicroVision\STCDX]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\Vimicro Corporation\VIMICRO USB PC Camera V]
    @DACL=(02 0000)
    .
    --------------------- Durch laufende Prozesse gestartete DLLs ---------------------

    - - - - - - - > 'winlogon.exe'(620)
    f:\programme\SUPERAntiSpyware\SASWINLO.dll
    f:\dokumente und einstellungen\tam\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    f:\dokumente und einstellungen\tam\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

    - - - - - - - > 'explorer.exe'(3372)
    f:\windows\system32\webcheck.dll
    f:\windows\system32\WPDShServiceObj.dll
    f:\windows\system32\PortableDeviceTypes.dll
    f:\windows\system32\PortableDeviceApi.dll
    .
    Zeit der Fertigstellung: 2010-04-10 19:25:20
    ComboFix-quarantined-files.txt 2010-04-10 17:25

    Vor Suchlauf: 10 Verzeichnis(se), 482.990.858.240 Bytes frei
    Nach Suchlauf: 11 Verzeichnis(se), 482.985.041.920 Bytes frei

    WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
    [operating systems]
    f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional2" /noexecute=optin /fastdetect

    - - End Of File - - 75712A6AF749CECE6A87B65DA797A83C
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    It will do a quick scan automatically, when that finishes if it says "rootkit activity detected" then Stop there & press copy & post back the log it makes.
    Do NOT allow it to perform a full scan at this time

    If there is No warning of rootkit activity then select the rootkit tab & press scan. When it finishes press copy & post back the log it makes
     
  8. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    It looks like that the redirect virus only shows up when using the google add-on in firefox. Obviously searching directly from the google website don't cause any problems. The gmer process is still running and nothing detected yet..As soon it's finished I'll post the log
     
  9. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-11 00:10:42
    Windows 5.1.2600 Service Pack 3
    Running: lrphm9fy.exe; Driver: F:\DOKUME~1\TAMER\LOKALE~1\Temp\kxaoqpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7539E52]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF751ACDE]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF751AED0]
    SSDT F7D3C144 ZwCreateThread
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF753A640]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF753A8F4]
    SSDT F7D3C162 ZwLoadKey
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7538B44]
    SSDT F7D3C130 ZwOpenProcess
    SSDT F7D3C135 ZwOpenThread
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF753AD60]
    SSDT F7D3C16C ZwReplaceKey
    SSDT F7D3C167 ZwRestoreKey
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF753A112]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF751A984]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ohci1394.sys F764838B 18 Bytes [56, 8B, 75, 08, 57, 33, FF, ...]
    .text ohci1394.sys F764839E 3 Bytes [C0, 00, 53] {ROL BYTE [EAX], 0x53}
    .text ohci1394.sys F76483A2 1 Byte [11]
    .text ohci1394.sys F76483A2 3 Bytes [11, 84, F6]
    .text ohci1394.sys F76483A6 1 Byte [16]
    .text ...
    init F:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7B0A392]
    init F:\WINDOWS\system32\DRIVERS\lstone2k.sys entry point in "init" section [0xF6BFF4A0]

    ---- User code sections - GMER 1.0.15 ----

    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01CD2862
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!send 71A14C27 5 Bytes JMP 01CD26EE
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01CD27E0
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01CD2726
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 01CD275E
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01092862
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!send 71A14C27 5 Bytes JMP 010926EE
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 010927E0
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01092726
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0109275E
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 02582862
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!send 71A14C27 5 Bytes JMP 025826EE
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 025827E0
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!recv 71A1676F 5 Bytes JMP 02582726
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0258275E
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 03B12862
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!send 71A14C27 5 Bytes JMP 03B126EE
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 03B127E0
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!recv 71A1676F 5 Bytes JMP 03B12726
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 03B1275E
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00EF2862
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!send 71A14C27 5 Bytes JMP 00EF26EE
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00EF27E0
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00EF2726
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00EF275E
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 04582862
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!send 71A14C27 5 Bytes JMP 045826EE
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 045827E0
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!recv 71A1676F 5 Bytes JMP 04582726
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0458275E
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01972862
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!send 71A14C27 5 Bytes JMP 019726EE
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 019727E0
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01972726
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0197275E
    .text F:\Programme\Mozilla Firefox\firefox.exe[1996] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 F:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00C32862
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!send 71A14C27 5 Bytes JMP 00C326EE
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00C327E0
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00C32726
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00C3275E
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01702862
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!send 71A14C27 5 Bytes JMP 017026EE
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 017027E0
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01702726
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0170275E

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT ohci1394.sys[NTOSKRNL.EXE!KeClearEvent] 7C830C48
    IAT ohci1394.sys[NTOSKRNL.EXE!KeSetEvent] 750004B3
    IAT ohci1394.sys[NTOSKRNL.EXE!KeWaitForSingleObject] 01016812
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlCopyUnicodeString] 448B0000
    IAT ohci1394.sys[NTOSKRNL.EXE!ExAllocatePoolWithTag] 40E808B3
    IAT ohci1394.sys[NTOSKRNL.EXE!KeSetTimer] FF000000
    IAT ohci1394.sys[NTOSKRNL.EXE!KeSynchronizeExecution] EB08B354
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedIncrement] 058F64BC
    IAT ohci1394.sys[NTOSKRNL.EXE!READ_REGISTER_ULONG] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!KeCancelTimer] 5F10C483
    IAT ohci1394.sys[NTOSKRNL.EXE!KeDelayExecutionThread] 33C35B5E
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedPushEntrySList] 0D8B64C0
    IAT ohci1394.sys[NTOSKRNL.EXE!IofCompleteRequest] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!IoCreateUnprotectedSymbolicLink] 24047981
    IAT ohci1394.sys[NTOSKRNL.EXE!IoCreateDevice] 75F76523
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlAppendUnicodeStringToString] 0C518B10
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlIntegerToUnicodeString] 390C528B
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlAppendUnicodeToString] 05750851
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlInitUnicodeString] 000001B8
    IAT ohci1394.sys[NTOSKRNL.EXE!ExfInterlockedInsertTailList] 5153C300
    IAT ohci1394.sys[NTOSKRNL.EXE!IoFreeMdl] 652750BB
    IAT ohci1394.sys[NTOSKRNL.EXE!MmBuildMdlForNonPagedPool] 530AEBF7
    IAT ohci1394.sys[NTOSKRNL.EXE!IoAllocateMdl] 2750BB51
    IAT ohci1394.sys[NTOSKRNL.EXE!MmMapLockedPagesSpecifyCache] 4D8BF765
    IAT ohci1394.sys[NTOSKRNL.EXE!ExfInterlockedRemoveHeadList] 084B8908
    IAT ohci1394.sys[NTOSKRNL.EXE!IoStartNextPacket] 89044389
    IAT ohci1394.sys[NTOSKRNL.EXE!KefAcquireSpinLockAtDpcLevel] 51550C6B
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedPopEntrySList] 5D595850
    IAT ohci1394.sys[NTOSKRNL.EXE!IoStartPacket] 04C25B59
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedExchange] CCCCCC00
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwQueryValueKey] FF8BCCCC
    IAT ohci1394.sys[NTOSKRNL.EXE!KefReleaseSpinLockFromDpcLevel] 8BEC8B55
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwSetValueKey] 408A0845
    IAT ohci1394.sys[NTOSKRNL.EXE!IoOpenDeviceRegistryKey] F6032408
    IAT ohci1394.sys[NTOSKRNL.EXE!PoStartNextPowerIrp] 40C01BD8
    IAT ohci1394.sys[NTOSKRNL.EXE!PoRequestPowerIrp] CCCCC35D
    IAT ohci1394.sys[NTOSKRNL.EXE!PoCallDriver] CCCCCCCC
    IAT ohci1394.sys[NTOSKRNL.EXE!IoFreeIrp] 25CC25FF
    IAT ohci1394.sys[NTOSKRNL.EXE!IofCallDriver] FFFFF765
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeEvent] FBFEFFAE
    IAT ohci1394.sys[NTOSKRNL.EXE!IoAllocateIrp] FFFFEFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwOpenKey] FFDFF7FF
    IAT ohci1394.sys[NTOSKRNL.EXE!swprintf] FEFFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!IoGetDeviceProperty] FBAFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!ExDeleteNPagedLookasideList] EEB1FFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!MmUnmapIoSpace] 76FFD3DC
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDisconnectInterrupt] FF77FFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!IoCancelIrp] FFFFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!PoSetPowerState] DF7DFDFB
    IAT ohci1394.sys[NTOSKRNL.EXE!IoConnectInterrupt] FFEFFDEF
    IAT ohci1394.sys[NTOSKRNL.EXE!ExInitializeNPagedLookasideList] FFFFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeTimer] FFFD7FEE
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeDpc] F3FFEFFB
    IAT ohci1394.sys[NTOSKRNL.EXE!IoGetDmaAdapter] FBFFEFFB
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeSpinLock] FDFFFFDF
    IAT ohci1394.sys[NTOSKRNL.EXE!MmMapIoSpace] [F7662D1E] \WINDOWS\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDeleteDevice] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDetachDevice] [806F12D0] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDeleteSymbolicLink] [806F675E] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoSetDeviceInterfaceState] [806F1278] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlFreeUnicodeString] [806F12E8] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoRegisterDeviceInterface] [806F1720] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeDeviceQueue] [806F16E0] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoAttachDeviceToDeviceStack] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInsertQueueDpc] [804E3611] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeQueryInterruptTime] [804E3996] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!MmUnmapLockedPages] [804DC1A0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeTickCount] [804ECB68] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeBugCheckEx] [8054B6C4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!WRITE_REGISTER_ULONG] [804DC3EA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwClose] [804DA6D6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ExFreePool] [804E2EA8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ProbeForRead] [804D90A6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ExAllocatePoolWithQuotaTag] [804E4B2F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlUnwind] [804DBF09] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[HAL.DLL!KfLowerIrql] 3574FFFE
    IAT ohci1394.sys[HAL.DLL!KeStallExecutionProcessor] 28247C83
    IAT ohci1394.sys[HAL.DLL!KfRaiseIrql] 3B0674FF
    IAT ohci1394.sys[HAL.DLL!KeGetCurrentIrql] 76282474
    IAT ohci1394.sys[HAL.DLL!KfReleaseSpinLock] 76348D28
    IAT ohci1394.sys[HAL.DLL!KfAcquireSpinLock] 89B30C8B
    IAT ohci1394.sys[1394BUS.SYS!Bus1394RegisterPortDriver] 08588B24
    IAT ohci1394.sys[WMILIB.SYS!WmiSystemControl] [804E3BF6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[WMILIB.SYS!WmiCompleteRequest] [805AAFD4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\PCTCore \Device\PCTCoreDevice 86CE3430

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\.cut\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.dds\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.dib\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.gif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ico\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.iff\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ifo\OpenWithList\ShowTime.exe
    Reg HKLM\SOFTWARE\Classes\.jfif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.jif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.jng\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.jpe\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.koa\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.lbm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ljp\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.mng\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.pbm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.pcd\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.pcx\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ppm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.psd\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.tga\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.tif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.tiff\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.vob\OpenWithList\ShowTime.exe
    Reg HKLM\SOFTWARE\Classes\.wbm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.wbmp\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.wmf\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.wpg\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\ATLPlugin.ATL3DPage_d2.1\[email protected] {cc10ddda-2452-4598-a6c4-f9f2f0b6a758 }
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0x2E 0xE8 0xE1 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x6A 0x9C 0xD6 0x61 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x3E 0x1E 0x9E 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x01 0x3A 0x48 0xFC ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0x51 0xFA 0x6E 0x91 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0x3D 0xCE 0xEA 0x26 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xF8 0x31 0x0F 0xA9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0xFA 0xEA 0x66 0x7F ...
    Reg HKLM\SOFTWARE\Classes\ppifile\[email protected] %SystemRoot%\system32\msppcnfg.exe,1
    Reg HKLM\SOFTWARE\Classes\ppifile\shell\open
    Reg HKLM\SOFTWARE\Classes\ppifile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\ppifile\shell\open\[email protected] %SystemRoot%\System32\msppcnfg.exe /Config %1
    Reg HKLM\SOFTWARE\Classes\pxm\Default [email protected] "F:\Dokumente und Einstellungen\MONIR\Lokale Einstellungen\Temp\{D041EB9E-890A-4098-8F94-51DA194AC72A}\PixieTool.exe"
    Reg HKLM\SOFTWARE\Classes\pxm\shell\open
    Reg HKLM\SOFTWARE\Classes\pxm\shell\open\command
    Reg HKLM\SOFTWARE\Classes\pxm\shell\open\[email protected] "F:\Dokumente und Einstellungen\MONIR\Lokale Einstellungen\Temp\{D041EB9E-890A-4098-8F94-51DA194AC72A}\PixieTool.exe" %1
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\[email protected] PIcon 1.0 Type Library
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\FLAGS
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\[email protected] 0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\HELPDIR
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\[email protected] F:\Programme\Pinnacle\Shared Files\

    ---- EOF - GMER 1.0.15 ----
     
  10. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-11 00:10:42
    Windows 5.1.2600 Service Pack 3
    Running: lrphm9fy.exe; Driver: F:\DOKUME~1\TAMER\LOKALE~1\Temp\kxaoqpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7539E52]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF751ACDE]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF751AED0]
    SSDT F7D3C144 ZwCreateThread
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF753A640]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF753A8F4]
    SSDT F7D3C162 ZwLoadKey
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7538B44]
    SSDT F7D3C130 ZwOpenProcess
    SSDT F7D3C135 ZwOpenThread
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF753AD60]
    SSDT F7D3C16C ZwReplaceKey
    SSDT F7D3C167 ZwRestoreKey
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF753A112]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF751A984]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ohci1394.sys F764838B 18 Bytes [56, 8B, 75, 08, 57, 33, FF, ...]
    .text ohci1394.sys F764839E 3 Bytes [C0, 00, 53] {ROL BYTE [EAX], 0x53}
    .text ohci1394.sys F76483A2 1 Byte [11]
    .text ohci1394.sys F76483A2 3 Bytes [11, 84, F6]
    .text ohci1394.sys F76483A6 1 Byte [16]
    .text ...
    init F:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7B0A392]
    init F:\WINDOWS\system32\DRIVERS\lstone2k.sys entry point in "init" section [0xF6BFF4A0]

    ---- User code sections - GMER 1.0.15 ----

    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01CD2862
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!send 71A14C27 5 Bytes JMP 01CD26EE
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01CD27E0
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01CD2726
    .text F:\Programme\Avira\AntiVir Desktop\avguard.exe[260] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 01CD275E
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01092862
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!send 71A14C27 5 Bytes JMP 010926EE
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 010927E0
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01092726
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[308] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0109275E
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 02582862
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!send 71A14C27 5 Bytes JMP 025826EE
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 025827E0
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!recv 71A1676F 5 Bytes JMP 02582726
    .text F:\Programme\FRITZ!DSL\IGDCTRL.EXE[620] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0258275E
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 03B12862
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!send 71A14C27 5 Bytes JMP 03B126EE
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 03B127E0
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!recv 71A1676F 5 Bytes JMP 03B12726
    .text F:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe[644] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 03B1275E
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00EF2862
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!send 71A14C27 5 Bytes JMP 00EF26EE
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00EF27E0
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00EF2726
    .text F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe[784] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00EF275E
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 04582862
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!send 71A14C27 5 Bytes JMP 045826EE
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 045827E0
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!recv 71A1676F 5 Bytes JMP 04582726
    .text F:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe[1020] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0458275E
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01972862
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!send 71A14C27 5 Bytes JMP 019726EE
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 019727E0
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01972726
    .text F:\Programme\Avira\AntiVir Desktop\sched.exe[1900] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0197275E
    .text F:\Programme\Mozilla Firefox\firefox.exe[1996] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 F:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00C32862
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!send 71A14C27 5 Bytes JMP 00C326EE
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00C327E0
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00C32726
    .text F:\WINDOWS\System32\alg.exe[2796] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00C3275E
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01702862
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!send 71A14C27 5 Bytes JMP 017026EE
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 017027E0
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!recv 71A1676F 5 Bytes JMP 01702726
    .text F:\WINDOWS\Explorer.EXE[3500] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0170275E

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT ohci1394.sys[NTOSKRNL.EXE!KeClearEvent] 7C830C48
    IAT ohci1394.sys[NTOSKRNL.EXE!KeSetEvent] 750004B3
    IAT ohci1394.sys[NTOSKRNL.EXE!KeWaitForSingleObject] 01016812
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlCopyUnicodeString] 448B0000
    IAT ohci1394.sys[NTOSKRNL.EXE!ExAllocatePoolWithTag] 40E808B3
    IAT ohci1394.sys[NTOSKRNL.EXE!KeSetTimer] FF000000
    IAT ohci1394.sys[NTOSKRNL.EXE!KeSynchronizeExecution] EB08B354
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedIncrement] 058F64BC
    IAT ohci1394.sys[NTOSKRNL.EXE!READ_REGISTER_ULONG] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!KeCancelTimer] 5F10C483
    IAT ohci1394.sys[NTOSKRNL.EXE!KeDelayExecutionThread] 33C35B5E
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedPushEntrySList] 0D8B64C0
    IAT ohci1394.sys[NTOSKRNL.EXE!IofCompleteRequest] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!IoCreateUnprotectedSymbolicLink] 24047981
    IAT ohci1394.sys[NTOSKRNL.EXE!IoCreateDevice] 75F76523
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlAppendUnicodeStringToString] 0C518B10
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlIntegerToUnicodeString] 390C528B
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlAppendUnicodeToString] 05750851
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlInitUnicodeString] 000001B8
    IAT ohci1394.sys[NTOSKRNL.EXE!ExfInterlockedInsertTailList] 5153C300
    IAT ohci1394.sys[NTOSKRNL.EXE!IoFreeMdl] 652750BB
    IAT ohci1394.sys[NTOSKRNL.EXE!MmBuildMdlForNonPagedPool] 530AEBF7
    IAT ohci1394.sys[NTOSKRNL.EXE!IoAllocateMdl] 2750BB51
    IAT ohci1394.sys[NTOSKRNL.EXE!MmMapLockedPagesSpecifyCache] 4D8BF765
    IAT ohci1394.sys[NTOSKRNL.EXE!ExfInterlockedRemoveHeadList] 084B8908
    IAT ohci1394.sys[NTOSKRNL.EXE!IoStartNextPacket] 89044389
    IAT ohci1394.sys[NTOSKRNL.EXE!KefAcquireSpinLockAtDpcLevel] 51550C6B
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedPopEntrySList] 5D595850
    IAT ohci1394.sys[NTOSKRNL.EXE!IoStartPacket] 04C25B59
    IAT ohci1394.sys[NTOSKRNL.EXE!InterlockedExchange] CCCCCC00
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwQueryValueKey] FF8BCCCC
    IAT ohci1394.sys[NTOSKRNL.EXE!KefReleaseSpinLockFromDpcLevel] 8BEC8B55
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwSetValueKey] 408A0845
    IAT ohci1394.sys[NTOSKRNL.EXE!IoOpenDeviceRegistryKey] F6032408
    IAT ohci1394.sys[NTOSKRNL.EXE!PoStartNextPowerIrp] 40C01BD8
    IAT ohci1394.sys[NTOSKRNL.EXE!PoRequestPowerIrp] CCCCC35D
    IAT ohci1394.sys[NTOSKRNL.EXE!PoCallDriver] CCCCCCCC
    IAT ohci1394.sys[NTOSKRNL.EXE!IoFreeIrp] 25CC25FF
    IAT ohci1394.sys[NTOSKRNL.EXE!IofCallDriver] FFFFF765
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeEvent] FBFEFFAE
    IAT ohci1394.sys[NTOSKRNL.EXE!IoAllocateIrp] FFFFEFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwOpenKey] FFDFF7FF
    IAT ohci1394.sys[NTOSKRNL.EXE!swprintf] FEFFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!IoGetDeviceProperty] FBAFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!ExDeleteNPagedLookasideList] EEB1FFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!MmUnmapIoSpace] 76FFD3DC
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDisconnectInterrupt] FF77FFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!IoCancelIrp] FFFFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!PoSetPowerState] DF7DFDFB
    IAT ohci1394.sys[NTOSKRNL.EXE!IoConnectInterrupt] FFEFFDEF
    IAT ohci1394.sys[NTOSKRNL.EXE!ExInitializeNPagedLookasideList] FFFFFFFF
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeTimer] FFFD7FEE
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeDpc] F3FFEFFB
    IAT ohci1394.sys[NTOSKRNL.EXE!IoGetDmaAdapter] FBFFEFFB
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeSpinLock] FDFFFFDF
    IAT ohci1394.sys[NTOSKRNL.EXE!MmMapIoSpace] [F7662D1E] \WINDOWS\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDeleteDevice] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDetachDevice] [806F12D0] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoDeleteSymbolicLink] [806F675E] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoSetDeviceInterfaceState] [806F1278] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlFreeUnicodeString] [806F12E8] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoRegisterDeviceInterface] [806F1720] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInitializeDeviceQueue] [806F16E0] \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!IoAttachDeviceToDeviceStack] 00000000
    IAT ohci1394.sys[NTOSKRNL.EXE!KeInsertQueueDpc] [804E3611] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeQueryInterruptTime] [804E3996] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!MmUnmapLockedPages] [804DC1A0] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeTickCount] [804ECB68] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!KeBugCheckEx] [8054B6C4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!WRITE_REGISTER_ULONG] [804DC3EA] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ZwClose] [804DA6D6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ExFreePool] [804E2EA8] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ProbeForRead] [804D90A6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!ExAllocatePoolWithQuotaTag] [804E4B2F] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[NTOSKRNL.EXE!RtlUnwind] [804DBF09] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[HAL.DLL!KfLowerIrql] 3574FFFE
    IAT ohci1394.sys[HAL.DLL!KeStallExecutionProcessor] 28247C83
    IAT ohci1394.sys[HAL.DLL!KfRaiseIrql] 3B0674FF
    IAT ohci1394.sys[HAL.DLL!KeGetCurrentIrql] 76282474
    IAT ohci1394.sys[HAL.DLL!KfReleaseSpinLock] 76348D28
    IAT ohci1394.sys[HAL.DLL!KfAcquireSpinLock] 89B30C8B
    IAT ohci1394.sys[1394BUS.SYS!Bus1394RegisterPortDriver] 08588B24
    IAT ohci1394.sys[WMILIB.SYS!WmiSystemControl] [804E3BF6] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
    IAT ohci1394.sys[WMILIB.SYS!WmiCompleteRequest] [805AAFD4] \WINDOWS\system32\ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\PCTCore \Device\PCTCoreDevice 86CE3430

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\.cut\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.dds\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.dib\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.gif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ico\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.iff\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ifo\OpenWithList\ShowTime.exe
    Reg HKLM\SOFTWARE\Classes\.jfif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.jif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.jng\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.jpe\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.koa\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.lbm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ljp\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.mng\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.pbm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.pcd\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.pcx\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.ppm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.psd\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.tga\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.tif\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.tiff\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.vob\OpenWithList\ShowTime.exe
    Reg HKLM\SOFTWARE\Classes\.wbm\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.wbmp\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.wmf\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\.wpg\OpenWithList\PhotoSnapViewer.exe
    Reg HKLM\SOFTWARE\Classes\ATLPlugin.ATL3DPage_d2.1\[email protected] {cc10ddda-2452-4598-a6c4-f9f2f0b6a758 }
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0x2E 0xE8 0xE1 0x00 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x6A 0x9C 0xD6 0x61 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0xFF 0x7C 0x85 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x3E 0x1E 0x9E 0xE0 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xCD 0x44 0xCD 0xB9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0xFB 0xA7 0x78 0xE6 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x01 0x3A 0x48 0xFC ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0x51 0xFA 0x6E 0x91 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0x3D 0xCE 0xEA 0x26 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xF8 0x31 0x0F 0xA9 ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] F:\WINDOWS\system32\OLE32.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0xFA 0xEA 0x66 0x7F ...
    Reg HKLM\SOFTWARE\Classes\ppifile\[email protected] %SystemRoot%\system32\msppcnfg.exe,1
    Reg HKLM\SOFTWARE\Classes\ppifile\shell\open
    Reg HKLM\SOFTWARE\Classes\ppifile\shell\open\command
    Reg HKLM\SOFTWARE\Classes\ppifile\shell\open\[email protected] %SystemRoot%\System32\msppcnfg.exe /Config %1
    Reg HKLM\SOFTWARE\Classes\pxm\Default [email protected] "F:\Dokumente und Einstellungen\MONIR\Lokale Einstellungen\Temp\{D041EB9E-890A-4098-8F94-51DA194AC72A}\PixieTool.exe"
    Reg HKLM\SOFTWARE\Classes\pxm\shell\open
    Reg HKLM\SOFTWARE\Classes\pxm\shell\open\command
    Reg HKLM\SOFTWARE\Classes\pxm\shell\open\[email protected] "F:\Dokumente und Einstellungen\MONIR\Lokale Einstellungen\Temp\{D041EB9E-890A-4098-8F94-51DA194AC72A}\PixieTool.exe" %1
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\[email protected] PIcon 1.0 Type Library
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\FLAGS
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\[email protected] 0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\HELPDIR
    Reg HKLM\SOFTWARE\Classes\TypeLib\{ACDD7461-7D58-11D2-A663-00E018904220}\1.0\[email protected] F:\Programme\Pinnacle\Shared Files\

    ---- EOF - GMER 1.0.15 ----
     
  11. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    do you get the same problem using internet exploper when searching on google
    please go to C:\qoobox\quarantine & find ComboFix-quarantined-files.txt

    upload that here so we can see what CF did fix as no signs of what I thought would be the problem in teh log
     
  13. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    it's only firefox and it's the google addon ..all others work fine (like yahoo add-on,...)
    I already removed the addon but i would like to know why that 1 because a reinstallation of google add-on or firefox doesn't work either

    Actually I'm familiar with combofix, I mean it's not the first time I've used it so sometimes I know where to look at and what to look for but this 1 is so presistent that I can't find anything.
     
  14. elbribon

    elbribon Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    15
    the quarantine log file

    2010-04-11 08:27:28 . 2010-04-11 08:27:28 9,930 ----a-w- F:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2010-04-11 08:16:31 . 2010-04-11 08:16:31 51 ----a-w- F:\Qoobox\Quarantine\catchme.log
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    if you have removed the addon causing the trouble, then there isn't any more we can do
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915986

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice