| |
| |||||||
Log-Analyse und Auswertung: Post-Trojaner -> PaketzustellungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.12.2012, 14:33
| #1 |
| |  Post-Trojaner -> Paketzustellung Hallo zusammen, sind leider wohl auf den Posttrojaner reingefallen. Ich weiß, dass man solche Emails und erst recht die Anhänge zu solchen nicht öffnet, ist aber leider passiert und ich fürchte, ich bekomme das selbst nicht in den Griff. Deswegen gleich vorab: Vielen Dank für jede Hilfe! Erstmal zur EMail: Betreff war: Deutsche Post # Holen Sie ihre Postsendung ab. Im Anhang war eine .zip Datei. Allerdings kam nach Doppelklick auf die .zip-Datei eine Fehlermeldung, dass die Datei nicht geöffnet werden konnte. Weiß nun nicht, ob trotzdem etwas auf dem Computer installiert worden sein kann. Da nach erstem lesen hier der versendete Trojaner aber von der übleren Sorte sein soll, würde ich dann doch gerne sicher gehen... Habe erst einmal der Anleitung folgend die Scans durchgeführt. Hier die Ergebnisse: OTL.TXT: OTL logfile created on: 28.12.2012 12:59:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\johanna\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 55,22% Memory free 6,08 Gb Paging File | 4,72 Gb Available in Paging File | 77,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,09 Gb Total Space | 29,27 Gb Free Space | 20,60% Space Free | Partition Type: NTFS Drive D: | 143,00 Gb Total Space | 127,39 Gb Free Space | 89,08% Space Free | Partition Type: NTFS Computer Name: JOHANNA-PC | User Name: johanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.28 12:39:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\johanna\Downloads\OTL.exe PRC - [2012.12.28 12:36:38 | 000,050,477 | ---- | M] () -- C:\Users\johanna\Downloads\Defogger.exe PRC - [2012.12.13 18:23:36 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.12.06 21:04:20 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.08.08 20:41:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.13 16:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.13 16:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2012.05.15 20:38:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.15 20:38:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.15 20:38:58 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.03 15:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.01.05 20:26:26 | 012,074,672 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2010.04.20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2009.07.17 13:32:12 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2009.06.30 07:12:06 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.06.24 08:47:58 | 000,700,416 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.03.18 18:08:04 | 000,189,696 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.11 16:46:06 | 001,853,992 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2008.09.11 16:46:06 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.28 12:36:38 | 000,050,477 | ---- | M] () -- C:\Users\johanna\Downloads\Defogger.exe MOD - [2012.12.13 18:23:35 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.12.06 21:04:19 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.01.05 20:26:14 | 000,161,968 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2011.01.05 20:26:14 | 000,021,680 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2010.04.20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe MOD - [2010.04.16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.12.13 18:23:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.06 21:04:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.13 16:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.15 20:38:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.15 20:38:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2009.03.18 18:08:04 | 000,189,696 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SdReadSpool) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CryptOSD.sys -- (CryptOSD) DRV - [2012.05.15 20:38:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.15 20:38:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.03 10:21:00 | 000,168,448 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.04.22 10:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.09.21 21:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3700DF1C-D62A-4672-917A-A8C1A32DE873&apn_sauid=9B041A5F-01D6-4B29-AD37-6982A3DE4064 IE - HKCU\..\SearchScopes\{443540DA-3280-455F-B6DB-505CA9A1C13C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=971163_yserp&p={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SMSN_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=971163_yserp" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: pdfforge%40mybrowserbar.com:5.9 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 21:04:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 19:38:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.11 22:02:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.12.21 19:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johanna\AppData\Roaming\mozilla\Extensions [2009.12.21 19:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johanna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.03 10:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johanna\AppData\Roaming\mozilla\Firefox\Profiles\bcq7ttgq.default\extensions [2012.01.03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\johanna\AppData\Roaming\mozilla\firefox\profiles\bcq7ttgq.default\searchplugins\askcom.xml [2012.10.27 19:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.10.27 19:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.27 19:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.06 10:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\extensions [2012.12.06 10:09:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.12.06 10:09:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 10:09:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.06.20 12:22:17 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2012.12.06 21:04:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.09 09:39:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.15 21:13:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.09 09:39:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.09 09:39:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.09 09:39:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.09 09:39:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe () O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DB18BFC-3C0C-4CAD-B99B-4D5E8BCCCFAB}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e691cc47-cd14-11e1-9106-9018b687d875}\Shell - "" = AutoRun O33 - MountPoints2\{e691cc47-cd14-11e1-9106-9018b687d875}\Shell\AutoRun\command - "" = E:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.30 08:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24 [2012.11.30 08:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.28 12:37:45 | 000,000,000 | ---- | M] () -- C:\Users\johanna\defogger_reenable [2012.12.28 12:34:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 12:34:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 12:34:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 12:33:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 12:33:22 | 3150,561,280 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 12:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.28 11:26:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.28 11:23:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.18 22:48:45 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.18 22:48:45 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.18 22:48:44 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.18 22:48:44 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.13 19:03:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.30 08:15:40 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.11.30 08:15:40 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.28 12:37:45 | 000,000,000 | ---- | C] () -- C:\Users\johanna\defogger_reenable [2012.11.30 08:15:40 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.11.30 08:15:40 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.05.14 11:15:03 | 000,000,746 | ---- | C] () -- C:\Windows\wiso.ini [2010.06.23 17:15:48 | 000,103,992 | ---- | C] () -- C:\Users\johanna\steuererklärung2009.elfo [2010.02.06 21:59:12 | 000,005,120 | ---- | C] () -- C:\Users\johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.24 15:21:44 | 000,000,680 | ---- | C] () -- C:\Users\johanna\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.12.21 19:48:43 | 000,000,000 | -HSD | M] -- C:\Users\johanna\AppData\Roaming\.# [2012.05.14 11:16:50 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\Buhl Data Service [2012.08.07 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\elsterformular [2010.06.06 15:47:12 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\myphotobook [2010.09.28 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\Softland [2011.10.17 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\SolidDocuments [2009.12.21 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > EXTRAS.TXT: OTL Extras logfile created on: 28.12.2012 12:59:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\johanna\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 55,22% Memory free 6,08 Gb Paging File | 4,72 Gb Available in Paging File | 77,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,09 Gb Total Space | 29,27 Gb Free Space | 20,60% Space Free | Partition Type: NTFS Drive D: | 143,00 Gb Total Space | 127,39 Gb Free Space | 89,08% Space Free | Partition Type: NTFS Computer Name: JOHANNA-PC | User Name: johanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A2197AA-8836-46B3-A72A-55A49864C516}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{25881CDD-1030-4E3C-AAA1-7C036676B37B}" = rport=139 | protocol=6 | dir=out | app=system | "{69AC5056-47F1-422B-BD27-40982A45084E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6B1FFEB0-D179-4E56-8D49-802AA8603DB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A2E49C06-C77C-4B4A-BF85-2E2EEA14CFEB}" = lport=139 | protocol=6 | dir=in | app=system | "{A878D896-A4E2-49D8-8D91-29A684CA7EFB}" = lport=138 | protocol=17 | dir=in | app=system | "{AB70B010-E6D4-4754-9C6A-5FBE3288F239}" = lport=2869 | protocol=6 | dir=in | app=system | "{B3E04263-69D5-4AF1-B7CC-7D3CE8D3FAF6}" = rport=137 | protocol=17 | dir=out | app=system | "{B5F4B0B9-0EAB-4E56-A11F-B24E90DF93DE}" = lport=445 | protocol=6 | dir=in | app=system | "{CA8FC4E8-EE3F-41B0-BE51-F04224A3968F}" = rport=138 | protocol=17 | dir=out | app=system | "{D4BFA059-CC8C-4504-888E-688F3B797BC4}" = lport=137 | protocol=17 | dir=in | app=system | "{E7C53162-F602-4409-A116-795FA82284B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F440AE83-C206-49E5-B2F5-69C69BE7464C}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{073B7F6B-1B6A-449C-A028-3E8DCC611139}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1EF3DCCB-6F9E-48F8-AB97-5BA6D2CA6359}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{25889625-3009-47C0-8F78-33F7961508B0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{4DA1DED1-2643-456A-BD84-10DC852647EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4FFEC943-197E-490D-BCD1-B8A9FC55CA82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5412AF79-85EE-4888-87E5-1F25EA57DE2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6512D834-F4AA-406A-A230-7A006C31F9E6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{785BB9A7-EAA2-4F9D-991C-57EE8E106DF1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{857C9631-433B-4484-B961-132DF5327A35}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8EA3474C-B442-49D0-AF79-D5778A07F9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B82A24FF-B29E-4892-9306-6355E6398585}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C0381BC0-7745-4654-905F-D6E89575D70A}" = dir=in | app=c:\program files\itunes\itunes.exe | "{CE2D4486-011A-45F8-B717-BC874523236F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CFA4337B-A86A-4529-B432-6FCE1F96CBD3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.5200 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9 "{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.1.0 "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi Software "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}" = SolidPDFCreator "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "doPDF 7 printer_is1" = doPDF 7.1 printer "ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Intelli-studio" = SAMSUNG Intelli-studio "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11) "MozillaMaintenanceService" = Mozilla Maintenance Service "myphotobook" = myphotobook 3.67 "OpenAL" = OpenAL "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials "Write-N-Cite" = Write-N-Cite ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.10.2012 12:14:09 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1030 Error - 23.10.2012 12:14:10 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.10.2012 12:14:10 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2200 Error - 23.10.2012 12:14:10 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2200 Error - 24.10.2012 11:20:59 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 24.10.2012 11:20:59 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6381 Error - 24.10.2012 11:20:59 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6381 Error - 24.10.2012 11:21:06 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 24.10.2012 11:21:06 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13697 Error - 24.10.2012 11:21:06 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13697 [ OSession Events ] Error - 12.02.2010 12:29:54 | Computer Name = johanna-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1200 seconds with 900 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.12.2012 11:43:17 | Computer Name = johanna-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 27.12.2012 11:50:42 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7043 Description = Error - 27.12.2012 12:42:47 | Computer Name = johanna-PC | Source = HTTP | ID = 15016 Description = Error - 27.12.2012 12:44:00 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.12.2012 12:44:00 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.12.2012 12:47:03 | Computer Name = johanna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.12.2012 07:34:09 | Computer Name = johanna-PC | Source = HTTP | ID = 15016 Description = Error - 28.12.2012 07:34:50 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.12.2012 07:34:50 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7026 Description = Error - 28.12.2012 07:37:14 | Computer Name = johanna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > GMER: GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-12-28 14:26:43 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB4O Running: vwjwnklx.exe; Driver: C:\Users\johanna\AppData\Local\Temp\axlirfow.sys ---- System - GMER 1.0.15 ---- SSDT 8C714D66 ZwCreateSection SSDT 8C714D70 ZwRequestWaitReplyPort SSDT 8C714D6B ZwSetContextThread SSDT 8C714D75 ZwSetSecurityObject SSDT 8C714D7A ZwSystemDebugControl SSDT 8C714D07 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 405 824BE9CC 4 Bytes [66, 4D, 71, 8C] {DEC BP; JNO 0xffffffffffffff90} .text ntoskrnl.exe!KeInsertQueue + 729 824BECF0 4 Bytes [70, 4D, 71, 8C] {JO 0x4f; JNO 0xffffffffffffff90} .text ntoskrnl.exe!KeInsertQueue + 75D 824BED24 4 Bytes [6B, 4D, 71, 8C] {IMUL ECX, [EBP+0x71], 0x8c} .text ntoskrnl.exe!KeInsertQueue + 7C1 824BED88 4 Bytes [75, 4D, 71, 8C] {JNZ 0x4f; JNO 0xffffffffffffff90} .text ntoskrnl.exe!KeInsertQueue + 809 824BEDD0 4 Bytes [7A, 4D, 71, 8C] {JP 0x4f; JNO 0xffffffffffffff90} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!LdrLoadDll 772679B3 5 Bytes JMP 668F4470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!MoveFileExW 761E1128 6 Bytes JMP 6F2112B1 C:\Program Files\Common Files\Spigot\Search Settings\wth.dll (WTH Dynamic Link Library/Spigot, Inc.) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!HeapSetInformation + 26 761E7008 7 Bytes JMP 668FF972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!LockResource + C 7620813B 7 Bytes JMP 66B40459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!VirtualAllocEx + 54 7620BA7A 7 Bytes JMP 66B4047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] GDI32.dll!StretchDIBits + 179 75F175BB 7 Bytes JMP 66B403DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5156] USER32.dll!GetWindowInfo 76130560 5 Bytes JMP 66A5A8A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5156] USER32.dll!CheckMenuRadioItem + 12E 76141412 7 Bytes JMP 66A5AED5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateFile + 6 77297C7E 4 Bytes [28, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateFile + B 77297C83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateKey + 6 77297CBE 4 Bytes [68, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateKey + B 77297CC3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateMutant + 6 77297CEE 4 Bytes [28, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateMutant + B 77297CF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateSection + 6 77297D6E 4 Bytes [68, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateSection + B 77297D73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtMapViewOfSection + 6 772983CE 4 Bytes [A8, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtMapViewOfSection + B 772983D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenFile + 6 7729845E 4 Bytes [68, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenFile + B 77298463 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenKey + 6 7729848E 4 Bytes [A8, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenKey + B 77298493 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenMutant + 6 772984AE 4 Bytes CALL 76299AB4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenMutant + B 772984B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcess + 6 772984DE 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcess + 6 772984DE 4 Bytes [28, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcess + B 772984E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessToken + 6 772984EE 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessToken + 6 772984EE 4 Bytes [68, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessToken + B 772984F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessTokenEx + 6 772984FE 4 Bytes [28, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessTokenEx + B 77298503 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenSection + 6 7729850E 4 Bytes [A8, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenSection + B 77298513 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThread + 6 7729854E 4 Bytes CALL 76299B55 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThread + B 77298553 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadToken + 6 7729855E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadToken + 6 7729855E 4 Bytes CALL 76299B66 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadToken + B 77298563 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadTokenEx + 6 7729856E 4 Bytes [68, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadTokenEx + B 77298573 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryAttributesFile + 6 772985FE 4 Bytes [A8, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryAttributesFile + B 77298603 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryFullAttributesFile + 6 772986AE 4 Bytes CALL 76299CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryFullAttributesFile + B 772986B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationFile + 6 77298B8E 4 Bytes [28, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationFile + B 77298B93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationThread + 6 77298BDE 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationThread + 6 77298BDE 4 Bytes [A8, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationThread + B 77298BE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 77298E7E 4 Bytes CALL 7629A487 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtUnmapViewOfSection + B 77298E83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!CreateProcessW 761C1C01 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!CreateProcessA 761C1C36 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!OpenEventW 761DC8AD 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!CreateEventW 7620447A 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetDeviceCaps 75F15AF0 5 Bytes JMP 002803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!DeleteObject 75F15BED 5 Bytes JMP 002801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SelectObject 75F16100 5 Bytes JMP 002805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetTextColor 75F16549 5 Bytes JMP 00280A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetBkMode 75F165F4 5 Bytes JMP 002808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!DeleteDC 75F16A44 5 Bytes JMP 00280170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetStretchBltMode 75F16D78 5 Bytes JMP 002806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetCurrentObject 75F16F4B 5 Bytes JMP 00280370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StretchDIBits 75F17442 5 Bytes JMP 00280770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SaveDC 75F1772D 5 Bytes JMP 00280570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!RestoreDC 75F177C6 5 Bytes JMP 00280530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtSelectClipRgn 75F179DA 5 Bytes JMP 002802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SelectClipRgn 75F17AE5 5 Bytes JMP 002805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!Rectangle 75F17D49 5 Bytes JMP 002809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextAlign 75F18178 5 Bytes JMP 00280D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtTextOutW 75F182B1 5 Bytes JMP 00280970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetClipBox 75F18629 5 Bytes JMP 00280330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetTextAlign 75F186EA 5 Bytes JMP 002809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!MoveToEx 75F1878E 5 Bytes JMP 00280470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextMetricsW 75F19434 5 Bytes JMP 00280E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!IntersectClipRect 75F19698 5 Bytes JMP 002803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetICMMode 75F19DAB 5 Bytes JMP 00280DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextExtentPoint32W 75F1A926 5 Bytes JMP 00280670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateDCA 75F1AC01 5 Bytes JMP 002800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateDCW 75F1ADA5 5 Bytes JMP 002800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateICW 75F1ADFD 5 Bytes JMP 00280130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextFaceW 75F1C1CF 5 Bytes JMP 00280D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetFontData 75F1C835 5 Bytes JMP 00280C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetWorldTransform 75F1CAB8 5 Bytes JMP 002806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextMetricsA 75F1D65F 5 Bytes JMP 00280DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!LineTo 75F1EF82 5 Bytes JMP 00280430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtTextOutA 75F1FE29 5 Bytes JMP 00280930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextExtentPoint32A 75F20B59 5 Bytes JMP 00280630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtEscape 75F2208D 5 Bytes JMP 002802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!Escape 75F22A7B 5 Bytes JMP 00280270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ResetDCW 75F2321A 5 Bytes JMP 00280AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetPolyFillMode 75F249EE 5 Bytes JMP 00280B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetMiterLimit 75F26298 5 Bytes JMP 00280B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!EndPage 75F2F173 5 Bytes JMP 00280230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextFaceA 75F2F321 5 Bytes JMP 00280CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetGlyphOutlineW 75F3A04F 5 Bytes JMP 00280CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateScalableFontResourceW 75F3C4BB 5 Bytes JMP 00280BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!AddFontResourceW 75F3C8C3 5 Bytes JMP 00280BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!RemoveFontResourceW 75F3CD59 5 Bytes JMP 00280C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!AbortDoc 75F42A4E 5 Bytes JMP 00280030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!EndDoc 75F42E62 5 Bytes JMP 002801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StartPage 75F42F4D 5 Bytes JMP 00280730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StartDocW 75F43A31 5 Bytes JMP 002807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!BeginPath 75F441ED 5 Bytes JMP 00280830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SelectClipPath 75F44244 5 Bytes JMP 00280AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CloseFigure 75F4429F 5 Bytes JMP 00280070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!EndPath 75F442F6 5 Bytes JMP 00280A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StrokePath 75F44528 5 Bytes JMP 002807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!FillPath 75F445B4 5 Bytes JMP 00280870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!PolylineTo 75F44A1D 5 Bytes JMP 002804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!PolyBezierTo 75F44AAD 5 Bytes JMP 002804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!PolyDraw 75F44B5E 5 Bytes JMP 002808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetCursor 7612E563 5 Bytes JMP 00290530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!RegisterClipboardFormatW 7612E869 5 Bytes JMP 002902B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!MonitorFromWindow 761313F6 7 Bytes JMP 00290630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!ActivateKeyboardLayout 76135A50 5 Bytes JMP 002904F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClientRect 761389F9 4 Bytes JMP 002905B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClientRect + 5 761389FE 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetParent 7613918E 7 Bytes JMP 002906F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!RegisterClipboardFormatA 7613974D 5 Bytes JMP 002902F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardFormatNameA 76139AB5 5 Bytes JMP 00290270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!PostMessageW 7613A064 5 Bytes JMP 002905F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!MapWindowPoints 7613A14F 5 Bytes JMP 00290570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!ScreenToClient 76140C02 7 Bytes JMP 00290670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!IsWindowVisible 76140CDC 7 Bytes JMP 002906B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetOpenClipboardWindow 761426DC 5 Bytes JMP 002903F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetClipboardViewer 7614BE37 5 Bytes JMP 002904B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!IsClipboardFormatAvailable 7614C8D4 5 Bytes JMP 002900F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!CloseClipboard 7614C8E8 5 Bytes JMP 002900B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!OpenClipboard 7614C90E 5 Bytes JMP 00290070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetTopWindow 7614D329 7 Bytes JMP 00290730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardSequenceNumber 7614E355 5 Bytes JMP 00290330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!ChangeClipboardChain 7614E52F 5 Bytes JMP 00290430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardOwner 76150A5E 5 Bytes JMP 00290370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!CountClipboardFormats 76150E19 5 Bytes JMP 002901F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetClipboardData 761662F8 5 Bytes JMP 00290170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!EnumClipboardFormats 76166C7E 5 Bytes JMP 002901B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetCursorPos 76166F1A 5 Bytes JMP 00290770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardData 761670B2 5 Bytes JMP 00290030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardFormatNameW 7616A93C 5 Bytes JMP 00290230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!EmptyClipboard 7618390B 5 Bytes JMP 00290130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardViewer 7618396D 5 Bytes JMP 00290470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetPriorityClipboardFormat 76183A6F 5 Bytes JMP 002903B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!FreeContextBuffer 75942825 5 Bytes JMP 002B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!DeleteSecurityContext 75942ABF 5 Bytes JMP 002B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!FreeCredentialsHandle 759431F5 5 Bytes JMP 002B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!EncryptMessage 75944BDE 5 Bytes JMP 002B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!DecryptMessage 75944CAB 5 Bytes JMP 002B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!InitializeSecurityContextA 75948233 5 Bytes JMP 002B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!AcquireCredentialsHandleA 7594833B 5 Bytes JMP 002B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!QueryContextAttributesA 75948747 5 Bytes JMP 002B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!ApplyControlToken 7594DDB2 5 Bytes JMP 002B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!QueryCredentialsAttributesA 7594DFB5 5 Bytes JMP 002B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ole32.dll!OleGetClipboard 763E2AC1 5 Bytes JMP 002C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ole32.dll!OleSetClipboard 7640EC7D 5 Bytes JMP 002C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ole32.dll!OleIsCurrentClipboard 76418B31 5 Bytes JMP 002C0070 ---- Devices - GMER 1.0.15 ---- Device \Driver\BTHUSB \Device\0000009b bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\0000009d bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556e90e43 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556e93792 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265ea3c829 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556e90e43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556e93792 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00265ea3c829 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- So, dann hoffe ich, jemand kann mir helfen. Vielen Dank schon einmal. |
| Themen zu Post-Trojaner -> Paketzustellung |
| antivir, autorun, avira, bho, bonjour, computer, cursor, desktop, error, firefox, flash player, helper, home, homepage, install.exe, logfile, microsoft office 2003, mozilla, ntdll.dll, office 2007, pdfforge toolbar, plug-in, realtek, registry, rundll, security, software, svchost.exe, trojaner, vista |
Baum-Darstellung