| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.09.2012, 01:07
| #1 |
 |  Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? Hallo zusammen. Ein Malwarebytes-Suchlauf hat ergeben, dass sich auf meinem Computer die Schädlinge (?) Adware.Onlinegames und PUP.OfferBundler.ST finden. Was ist nun zu tun? Im Folgenden nun zunächst die Logs der Scans von OTL, Gmer sowie Malwarebytes: Code:
ATTFilter OTL logfile created on: 9/4/2012 7:54:36 PM - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Matthias\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.93 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.39% Memory free 4.10 Gb Paging File | 2.65 Gb Available in Paging File | 64.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 110.44 Gb Total Space | 28.94 Gb Free Space | 26.20% Space Free | Partition Type: NTFS Drive D: | 110.44 Gb Total Space | 47.61 Gb Free Space | 43.11% Space Free | Partition Type: NTFS Computer Name: ABICOMIII | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/04 19:53:13 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2012/08/10 18:29:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009/03/26 08:08:57 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/03/06 01:22:10 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Matthias\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008/11/28 20:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008/11/28 20:56:02 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe PRC - [2008/11/28 20:08:46 | 000,417,792 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008/10/18 00:54:38 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008/10/09 07:49:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008/10/09 07:49:12 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008/10/04 14:09:02 | 000,069,632 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008/10/03 05:18:36 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe PRC - [2008/09/10 10:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008/07/30 03:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008/07/02 20:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008/06/20 02:52:48 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007/10/10 10:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\System32\WebUpdateSvc4.exe PRC - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2007/04/10 23:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe ========== Modules (No Company Name) ========== MOD - [2012/06/15 12:25:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012/06/15 12:25:37 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012/06/15 12:23:04 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012/06/15 12:22:49 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012/05/10 03:52:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012/05/10 03:50:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012/05/10 03:48:49 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012/05/10 03:48:37 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2010/08/15 19:16:29 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll MOD - [2009/02/24 15:18:53 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3013.0__739b31b1908c49e5\Framework.UIComponent.dll MOD - [2009/02/24 15:18:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2009/02/24 15:18:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2009/02/24 15:18:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll MOD - [2008/10/09 07:49:24 | 000,835,584 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008/10/09 07:49:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008/07/30 03:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2003/06/07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/12/16 16:01:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008/11/28 20:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008/10/04 14:09:02 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008/09/27 07:43:06 | 000,363,024 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2008/09/27 05:23:58 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2008/09/10 10:33:40 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/03/18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007/10/10 10:33:54 | 000,237,784 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\System32\WebUpdateSvc4.exe -- (WebUpdate4) SRV - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/01/13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008/11/04 23:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/10/01 20:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008/09/27 06:01:12 | 000,212,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2008/09/27 06:01:12 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2008/09/27 06:00:40 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/08/26 23:51:36 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2008/06/11 03:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/05/31 04:17:54 | 000,093,968 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/04/10 23:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2007/01/04 04:28:01 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2007/01/04 04:28:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006/11/08 10:59:50 | 000,530,304 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311) DRV - [2006/11/03 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0209&m=aspire_4730z IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=TRL&o=101840&src=crm&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=vToC0_trTpJ5AE4GK_ypC0iGMvU?q={searchTerms} IE - HKCU\..\SearchScopes\{BD85AF5C-892F-40F1-ABA5-9D45699E77D5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 198.3.128.10:80 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.6 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matthias\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) [2009/05/06 05:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions [2009/05/06 05:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM ========== Chrome ========== CHR - homepage: hxxp://google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: ProxyPy Web Proxy = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\illahkmhnkgdnhdfkankcocbmmjmbipd\1.2.5_0\ CHR - Extension: Gmail = C:\Users\Matthias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe () O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB795AB4-21C5-4EFC-BCBE-7F19D475214A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\Shell - "" = AutoRun O33 - MountPoints2\{18517f45-9d3f-11de-883d-00235a4df5de}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{499b3145-39c7-11de-977a-00235a4df5de}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{86102433-7e69-11de-93eb-00235a4df5de}\Shell\AutoRun\command - "" = G:\wdsync.exe O33 - MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\Shell - "" = AutoRun O33 - MountPoints2\{c592e948-6750-11df-b30e-00059a3c7800}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{c890fdfd-43f4-11de-a320-00235a4df5de}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NuOIV.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/09/04 19:53:11 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2012/09/04 12:37:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/04 12:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2012/09/04 19:53:13 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2012/09/04 19:51:56 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable [2012/09/04 19:48:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000UA.job [2012/09/04 19:16:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/04 18:48:26 | 000,050,477 | ---- | M] () -- C:\Users\Matthias\Desktop\Defogger.exe [2012/09/04 18:34:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/04 18:34:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/04 12:52:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-649290938-3021887346-2181847563-1000Core.job [2012/09/04 12:45:44 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/04 12:37:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/04 12:33:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/01 22:37:41 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/01 22:37:41 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/01 22:31:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012/09/01 22:31:04 | 2074,099,712 | -HS- | M] () -- C:\hiberfil.sys [2012/08/22 13:07:16 | 000,002,023 | ---- | M] () -- C:\Users\Matthias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/08/18 18:16:05 | 000,002,637 | ---- | M] () -- C:\Users\Matthias\Desktop\Microsoft Office Word 2003.lnk [2012/08/16 08:36:33 | 000,340,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/09/04 19:51:56 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable [2012/09/04 18:48:26 | 000,050,477 | ---- | C] () -- C:\Users\Matthias\Desktop\Defogger.exe [2012/09/04 12:37:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/12/06 21:12:34 | 000,002,705 | ---- | C] () -- C:\Users\Matthias\.recently-used.xbel [2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/01/31 16:08:20 | 000,087,959 | ---- | C] () -- C:\Users\Matthias\Wiebke.jpg [2010/07/12 21:07:01 | 005,018,921 | ---- | C] () -- C:\Users\Matthias\Peter Maffay-Du.mp3 [2010/03/01 21:01:43 | 004,517,877 | ---- | C] () -- C:\Users\Matthias\Scala-Hungriges Herz.mp3 [2009/07/25 09:04:00 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2009/03/06 03:29:24 | 000,095,232 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/06 01:29:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2010/09/24 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\acccore [2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer [2009/02/24 15:39:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Acer GameZone Console [2012/05/16 15:47:46 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft [2009/12/22 12:18:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ashampoo [2012/09/04 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\EndNote [2010/09/11 17:50:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\fotobuch.de AG [2010/10/20 11:02:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Geifif [2011/09/22 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0 [2012/01/15 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2009/03/06 01:22:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Leadertech [2010/02/05 17:54:16 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Miranda [2009/03/08 18:41:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org [2010/10/11 22:36:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PhotoFiltre [2009/08/12 00:12:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PowerCinema [2010/10/20 12:49:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ruil [2009/08/30 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SCHLECKERFotobuch [2009/08/12 00:12:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\SoftDMA [2009/06/10 02:50:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ThomsonWest [2009/05/06 05:33:04 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TomTom [2012/09/01 20:10:41 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 9/4/2012 7:54:36 PM - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Matthias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.93 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.39% Memory free
4.10 Gb Paging File | 2.65 Gb Available in Paging File | 64.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.44 Gb Total Space | 28.94 Gb Free Space | 26.20% Space Free | Partition Type: NTFS
Drive D: | 110.44 Gb Total Space | 47.61 Gb Free Space | 43.11% Space Free | Partition Type: NTFS
Computer Name: ABICOMIII | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
"C:\Program Files\ExamSoft\SofTest\softest.exe" = C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE819F9-35D5-48A7-A1EB-DCD1A5D68522}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24A32C43-F5F8-4CED-9438-5ADBC4BF6777}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DE39809-39D4-4AB4-A76D-E4910F30A3F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3E935955-6459-48DB-9F8F-77A51B7C3D3B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4576C5E8-98DB-4635-92CF-C87C2895CD68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{495009A7-541B-4B8D-B4C8-22A33BF5CDA7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{78908B67-1822-463E-8CD7-21E3C8189426}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79D8A0DA-3A69-40C6-A8E3-A509DCBCCD7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89DF5A86-3E06-411D-BDB9-92BA90B7F2C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8C1C76A-8018-4508-8913-ACD6DECFA0BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D5118F74-0E96-4EF9-BCAF-BCA7CAD4C897}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DD0A3961-A3A2-45DD-9546-9EB7CC7FC04C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E92F2AF6-4D24-4FFA-9BF9-A5E0B367AF61}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057AC86C-71B5-4475-8230-8B2A9926AB3F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{0ACCD787-5C76-4705-B98F-D67B65AB70CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20295A13-89EE-4008-80B7-15761048AFD0}" = protocol=6 | dir=in | app=c:\program files\electronic bluebook\electronic bluebook.exe |
"{39816C38-43BF-4660-8270-7A25D252536E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3BFC4906-6A99-44CF-B281-0530E376B428}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{4F228433-7D2E-40D2-BD7D-60CF0CC6692E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{527461CA-0C6A-4FCA-B341-AED562E9960C}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5C80A7FC-AE51-4C8B-9E7F-673A94E58025}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5D5CB8CD-FE78-4262-AE89-393E126288C6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{5EFA6982-9C44-4C39-B6A3-4C04AFE2C31E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{60E4893D-960B-451D-9E5F-37CBC9DD168D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{66268AAC-7165-480C-9B3A-5414AC22FE54}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{6FF0E96A-0F80-4B6E-9910-B4F1BDA9231A}" = protocol=6 | dir=out | app=system |
"{7083958B-596C-4883-9B18-0D6D7F225B34}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{873B4EDA-E168-4DBF-B72D-EC1EFD8709DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E9F353D-B579-4840-AADF-ED9A46EC4588}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{9307A22C-A640-4CBA-A298-48D22D584E13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9840385C-510E-4682-BA91-7DEC0AB8ED94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98589A36-6189-42B4-BAFA-59361AA99C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{989333DD-0399-4098-B906-5A74507D94E3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{9D1625E6-3DD0-444D-8F1D-C6542591CB0A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9D9DAD21-D4BF-4546-B3EC-12767CFB7945}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{A061B613-2FA3-4E3C-B748-DD74A6BE3C60}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{A466D99B-DAC7-46F2-8B79-A019AFE17B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD5EF356-CF55-4747-A657-F333137A3383}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6FEF2F9-FE3A-4145-8C51-FAFC73C4277A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BE9336D5-22A1-4EEC-B342-8781A230505F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C047F759-8227-4022-B52E-99778D6624FE}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{C4014706-AF20-4891-AEDC-4B9ADE6794A8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{C8945A8D-3BD4-48D8-AD01-CBA35EF7BD39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9D3C30A-9CE5-4A55-86C6-2D6092904123}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0885C58-FA06-4715-AA63-4ADBB5F5FEAC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D96B472D-A6BA-453A-B5AC-CE4F66E0BD3F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DA342670-C7C5-4930-AEE0-730825BC7F8C}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{DD162371-9D8A-4019-8989-89CB68F4F5BC}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{E8106F07-DB2A-45BE-BA44-71C9E4A49ED6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E9D60AC0-AD23-4279-8B6C-EEF401B9EBEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F27FA3CD-F6B7-41EB-AEDA-F906035B9BF0}" = protocol=17 | dir=in | app=c:\program files\electronic bluebook\electronic bluebook.exe |
"{F78F48E2-9497-4734-8323-899E214B4FAD}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{46F96A52-EFDA-42F7-AE00-C60B2CDF0DF9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{50220E9E-EBB2-42FE-B1C4-22E6452E2167}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{69DD5CDE-AADF-4CE5-BBED-984C2D5B0F04}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{79D5FA97-C375-4F14-847C-556BBC262043}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{7EA1D967-EEDD-4E68-B1EA-FA656242C950}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{901131C3-CEFA-4E77-8BC7-255391505628}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{950FE985-093B-4EE1-AAB9-05C6D03A74E7}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{99104EE9-3A2A-44B9-99EF-94AFEF9FD648}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{B4F5A051-9B1A-48BE-8924-EF46ABFC69D1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B5D991CB-5D99-48E7-A482-94A9DB6B0A06}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C22407A5-F415-484E-94B2-4B1E92E4FD35}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{D83A0329-8C0B-4B27-8B06-D6F8E8CBD2DE}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{EE9C0304-D7EA-4CBE-BF3D-E257E7B9CBD8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F1DC37A2-2C70-4B2F-81D0-ADEC6B99BD6C}C:\program files\hand-crafted software\freeproxy\freeproxy.exe" = protocol=6 | dir=in | app=c:\program files\hand-crafted software\freeproxy\freeproxy.exe |
"UDP Query User{257724E4-6A6F-4121-A7D0-2C2C9FDAC096}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{29BBB57D-A9D8-4166-A9AC-7275188530A6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{3AD2B190-3EAF-4C4C-8B37-5ACF24C50B53}C:\program files\hand-crafted software\freeproxy\freeproxy.exe" = protocol=17 | dir=in | app=c:\program files\hand-crafted software\freeproxy\freeproxy.exe |
"UDP Query User{565547A3-815A-41E0-A79F-99C9D1AC8EED}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{5FFBFDB1-90EB-480F-BFFF-9799FD13D473}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6123A944-D534-4F5C-9522-68249B584716}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{9941D2A9-AD00-4EE5-90A7-6EC6A9647B2C}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{BA1A38FA-2A12-437A-B8F5-F7469BB6769D}C:\users\matthias\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\matthias\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{CDDD82AB-A673-4746-86EF-014C1690E95A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{D80040F7-1F3C-4CCC-94E8-3F2AC47C4304}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{EA96A361-02AB-446A-AD48-52EDD0728791}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{F7FCA8EE-9526-4AEC-BB2C-4E21CC833C4E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{FD4B000B-F2F8-4BB8-A5C9-04C24C6C178D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{FE6DBA81-D20E-4F7C-A5D1-2496A60F901E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C1BAFF-6EAC-446F-A3D4-59BE2708EA41}" = Trust Webcam 14839
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}" = Putt Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114086870}" = Womens Murder Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9884276A-35B4-461B-827A-4F452C35B4A0}" = SofTest Bar Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC899917-C880-1017-8CB7-B932BD009007}" = DNE Update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F03C81CA-4445-4D53-B4B3-6B85CA0C5EB4}" = Electronic Bluebook
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_7" = AIM 7
"Any Audio Converter_is1" = Any Audio Converter 3.3.8
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Designer 2.0_is1" = Designer 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{46C1BAFF-6EAC-446F-A3D4-59BE2708EA41}" = Trust Webcam 14839
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"PhotoFiltre" = PhotoFiltre
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/2/2012 12:40:10 PM | Computer Name = AbiComIII | Source = Windows Search Service | ID = 3013
Description =
Error - 6/2/2012 12:40:10 PM | Computer Name = AbiComIII | Source = Windows Search Service | ID = 3013
Description =
Error - 6/3/2012 7:24:01 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description =
Error - 6/3/2012 12:27:27 PM | Computer Name = AbiComIII | Source = Application Hang | ID = 1002
Description = The program fifa09.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: f00 Start Time: 01cd41a55790a6e9 Termination Time: 1823
Error - 6/6/2012 6:30:30 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description =
Error - 6/6/2012 1:41:03 PM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description =
Error - 6/8/2012 7:57:00 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description =
Error - 6/13/2012 5:41:57 AM | Computer Name = AbiComIII | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: bf8 Start Time: 01cd456dc310f042 Termination Time: 154
Error - 6/15/2012 6:20:11 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description =
Error - 6/18/2012 10:32:29 AM | Computer Name = AbiComIII | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 8/27/2012 7:27:01 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description =
Error - 8/27/2012 8:49:45 AM | Computer Name = AbiComIII | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 8/27/2012 8:50:52 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description =
Error - 8/29/2012 8:43:24 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7011
Description =
Error - 8/31/2012 7:29:51 AM | Computer Name = AbiComIII | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 8/31/2012 7:30:10 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description =
Error - 9/1/2012 4:31:14 PM | Computer Name = AbiComIII | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 9/1/2012 4:31:32 PM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7000
Description =
Error - 9/1/2012 6:45:56 PM | Computer Name = AbiComIII | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.
Error - 9/3/2012 11:03:09 AM | Computer Name = AbiComIII | Source = Service Control Manager | ID = 7011
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-05 01:58:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: 64p1ov8s.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fwliipog.sys
---- System - GMER 1.0.15 ----
SSDT 88A3CB0E ZwCreateSection
SSDT 88A3CB18 ZwRequestWaitReplyPort
SSDT 88A3CB13 ZwSetContextThread
SSDT 88A3CB1D ZwSetSecurityObject
SSDT 88A3CB22 ZwSystemDebugControl
SSDT 88A3CAAF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822AD8D8 4 Bytes [0E, CB, A3, 88]
.text ntkrnlpa.exe!KeSetEvent + 539 822ADBFC 4 Bytes [18, CB, A3, 88]
.text ntkrnlpa.exe!KeSetEvent + 56D 822ADC30 4 Bytes [13, CB, A3, 88]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822ADC94 4 Bytes [1D, CB, A3, 88]
.text ntkrnlpa.exe!KeSetEvent + 619 822ADCDC 4 Bytes [22, CB, A3, 88]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + 6 774D424A 4 Bytes [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + B 774D424F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6 774D499A 1 Byte [28]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6 774D499A 4 Bytes [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + B 774D499F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + 6 774D4A2A 4 Bytes [68, 00, 23, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + B 774D4A2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + 6 774D4AAA 4 Bytes [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + B 774D4AAF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + B 774D4ABF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + 6 774D4ACA 4 Bytes [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + B 774D4ACF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + 6 774D4B1A 4 Bytes [68, 01, 23, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + B 774D4B1F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + 6 774D4B2A 4 Bytes [68, 02, 23, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + B 774D4B2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + B 774D4B3F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + 6 774D4BCA 4 Bytes [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + B 774D4BCF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + B 774D4C7F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + 6 774D515A 4 Bytes [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + B 774D515F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + 6 774D51AA 4 Bytes [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + B 774D51AF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 1 Byte [68]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 4 Bytes [68, 03, 23, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + B 774D544F 1 Byte [E2]
.text C:\Windows\Explorer.EXE[3016] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7698B37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[3016] SHELL32.dll!ShellExecuteExW + 18B7 769BDA14 4 Bytes [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtCreateFile + 6 774D424A 4 Bytes [28, 00, 29, 00] {SUB [EAX], AL; SUB [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtCreateFile + B 774D424F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtMapViewOfSection + 6 774D499A 1 Byte [28]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtMapViewOfSection + 6 774D499A 4 Bytes [28, 03, 29, 00] {SUB [EBX], AL; SUB [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtMapViewOfSection + B 774D499F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenFile + 6 774D4A2A 4 Bytes [68, 00, 29, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenFile + B 774D4A2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcess + 6 774D4AAA 4 Bytes [A8, 01, 29, 00] {TEST AL, 0x1; SUB [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcess + B 774D4AAF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcessToken + B 774D4ABF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcessTokenEx + 6 774D4ACA 4 Bytes [A8, 02, 29, 00] {TEST AL, 0x2; SUB [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenProcessTokenEx + B 774D4ACF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThread + 6 774D4B1A 4 Bytes [68, 01, 29, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThread + B 774D4B1F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThreadToken + 6 774D4B2A 4 Bytes [68, 02, 29, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThreadToken + B 774D4B2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtOpenThreadTokenEx + B 774D4B3F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtQueryAttributesFile + 6 774D4BCA 4 Bytes [A8, 00, 29, 00] {TEST AL, 0x0; SUB [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtQueryAttributesFile + B 774D4BCF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtQueryFullAttributesFile + B 774D4C7F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationFile + 6 774D515A 4 Bytes [28, 01, 29, 00] {SUB [ECX], AL; SUB [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationFile + B 774D515F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationThread + 6 774D51AA 4 Bytes [28, 02, 29, 00] {SUB [EDX], AL; SUB [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtSetInformationThread + B 774D51AF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 1 Byte [68]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 4 Bytes [68, 03, 29, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4404] ntdll.dll!NtUnmapViewOfSection + B 774D544F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + 6 774D424A 4 Bytes [28, 00, 21, 00] {SUB [EAX], AL; AND [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtCreateFile + B 774D424F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + 6 774D499A 1 Byte [28]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + 6 774D499A 4 Bytes [28, 03, 21, 00] {SUB [EBX], AL; AND [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtMapViewOfSection + B 774D499F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + 6 774D4A2A 4 Bytes [68, 00, 21, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenFile + B 774D4A2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + 6 774D4AAA 4 Bytes [A8, 01, 21, 00] {TEST AL, 0x1; AND [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcess + B 774D4AAF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessToken + B 774D4ABF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + 6 774D4ACA 4 Bytes [A8, 02, 21, 00] {TEST AL, 0x2; AND [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenProcessTokenEx + B 774D4ACF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + 6 774D4B1A 4 Bytes [68, 01, 21, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThread + B 774D4B1F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + 6 774D4B2A 4 Bytes [68, 02, 21, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadToken + B 774D4B2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtOpenThreadTokenEx + B 774D4B3F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + 6 774D4BCA 4 Bytes [A8, 00, 21, 00] {TEST AL, 0x0; AND [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryAttributesFile + B 774D4BCF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtQueryFullAttributesFile + B 774D4C7F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + 6 774D515A 4 Bytes [28, 01, 21, 00] {SUB [ECX], AL; AND [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationFile + B 774D515F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + 6 774D51AA 4 Bytes [28, 02, 21, 00] {SUB [EDX], AL; AND [EAX], EAX}
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtSetInformationThread + B 774D51AF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 1 Byte [68]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 4 Bytes [68, 03, 21, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[4580] ntdll.dll!NtUnmapViewOfSection + B 774D544F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + 6 774D424A 4 Bytes [28, 00, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + B 774D424F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 6 774D499A 1 Byte [28]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 6 774D499A 4 Bytes [28, 03, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + B 774D499F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + 6 774D4A2A 4 Bytes [68, 00, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + B 774D4A2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + 6 774D4AAA 4 Bytes [A8, 01, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + B 774D4AAF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + B 774D4ABF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + 6 774D4ACA 4 Bytes [A8, 02, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + B 774D4ACF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + 6 774D4B1A 4 Bytes [68, 01, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + B 774D4B1F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + 6 774D4B2A 4 Bytes [68, 02, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + B 774D4B2F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + B 774D4B3F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + 6 774D4BCA 4 Bytes [A8, 00, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + B 774D4BCF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + B 774D4C7F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + 6 774D515A 4 Bytes [28, 01, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + B 774D515F 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + 6 774D51AA 4 Bytes [28, 02, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + B 774D51AF 1 Byte [E2]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 1 Byte [68]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 6 774D544A 4 Bytes [68, 03, 3E, 00]
.text C:\Users\Matthias\AppData\Local\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + B 774D544F 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Files - GMER 1.0.15 ----
File C:\Users\Matthias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUVG47J2\104[2] 0 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.04.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Matthias :: ABICOMIII [administrator] 9/4/2012 4:50:15 PM mbam-log-2012-09-04 (19-51-09).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 461187 Time elapsed: 2 hour(s), 58 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Matthias\Documents\Downloads\ezCoverMaker3.exe (Adware.Onlinegames) -> No action taken. C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> No action taken. (end) |
| Themen zu Malwarebytes finder Adware.Onlinegames und PUP.OfferBundler.ST - Was tun? |
| 32 bit, adware.onlinegames, antivir, antivirus, audacity, autorun, avira, bho, browser, computer, error, excel, firefox, flash player, google, helper, home, hängen, install.exe, intranet, launch, logfile, ntdll.dll, plug-in, problem, pup.offerbundler.st, realtek, registry, rundll, software, super, svchost.exe, vista, wma |
Baum-Darstellung