| |
| |||||||
Log-Analyse und Auswertung: Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.01.2013, 15:20
| #1 |
 |  Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsam Hallo, dies ist jetzt der zweite und letzte Rechner, der von Google-Problemen betroffen ist. Beim Suchen über Google kommt ständig die Aufforderung, dass noch eine Sicherheitsabfrage beantwortet werden muss, ab und zu sind Suchanfragen komplett geblockt. Mein Sohn nutzt den Rechner für soziale Netzwerke u.ä., wie ich vor kurzem feststellen musste, mit Administrator-Account. Der Rechner ist sehr langsam, er hat auch viel Mist runtergeladen. Ich würde gerne den Rechner komplett neu aufsetzen, wollte aber vorher mal fragen, ob ich bedenkenlos seine persönlichen Dateien, auf einer externen HDD zwischenspeichern und nach dem Neuaufsetzen wieder aufspielen kann ohne mögliche Infektionen zu verschleppen ? Zum Neuaufsetzen: handelt sich um einen asus eee pc ohne CD/DVD. Würde ich über die normale recovery Funktion des Rechners machen, reicht das aus? Bin nach Anleitung vorgegangen und habe als erstes defogger laufen lassen. Anbei die logs. Code:
ATTFilter OTL logfile created on: 19.01.2013 13:50:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dangel\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 43,19% Memory free 3,50 Gb Paging File | 2,06 Gb Available in Paging File | 58,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 18,53 Gb Free Space | 18,53% Space Free | Partition Type: NTFS Drive D: | 117,87 Gb Total Space | 14,76 Gb Free Space | 12,52% Space Free | Partition Type: NTFS Computer Name: WEBER-PC | User Name: Dangel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.19 13:34:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dangel\Downloads\OTL.exe PRC - [2012.12.28 15:29:20 | 001,113,336 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\INCAInternet\nProtect GameGuard Personal 3.0\nspmain.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.06 23:31:33 | 002,443,800 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.06 16:23:02 | 001,252,840 | ---- | M] (INCA Internet Co.,Ltd.) -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe PRC - [2012.11.06 16:22:56 | 000,581,280 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2012.08.08 20:11:20 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.08 17:44:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:44:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:44:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.08.27 21:54:09 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.08.24 03:06:34 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.08.24 03:06:32 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.08.09 23:04:58 | 001,244,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010.07.01 03:52:52 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2010.06.12 05:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe PRC - [2010.06.09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010.05.29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2009.09.11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009.08.19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2006.06.23 11:24:12 | 000,343,552 | ---- | M] (AVM Berlin GmbH) -- C:\Program Files\avmwlanstick\FRITZWLanMini.exe ========== Modules (No Company Name) ========== MOD - [2013.01.12 20:38:14 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll MOD - [2013.01.12 11:50:11 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013.01.12 11:50:09 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.01.12 11:50:04 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.01.12 11:48:39 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.12 11:48:13 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.12 11:46:47 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.12 11:46:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.12 11:46:04 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.12 11:45:22 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll MOD - [2012.12.14 20:41:27 | 000,070,144 | ---- | M] () -- C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll MOD - [2012.12.06 23:31:33 | 002,443,800 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2012.12.06 23:30:35 | 002,158,104 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012.08.10 15:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.08.27 22:01:59 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\2.2.0.26258__0d0f4b69e50e559b\SqliteShared.dll MOD - [2010.08.27 22:01:56 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010.06.15 08:24:18 | 000,124,240 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\AsusWSShellExt.dll MOD - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2013.01.10 18:04:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.06 23:31:33 | 002,443,800 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012.11.06 17:13:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 16:23:02 | 001,252,840 | ---- | M] (INCA Internet Co.,Ltd.) [Auto | Running] -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe -- (NSPUpdateService) SRV - [2012.11.06 16:22:56 | 000,581,280 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Windows\System32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe -- (NSPService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 17:44:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 17:44:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.07.22 22:19:39 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.01.19 06:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010.08.24 03:06:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.08.19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc) DRV - [2012.12.26 09:11:50 | 000,181,248 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKFsAv.sys -- (TKFsAvM) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.06 16:20:08 | 000,033,632 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKPcFtCb.sys -- (TKPcFt) DRV - [2012.11.06 16:20:08 | 000,020,576 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKFsFt.sys -- (TKFsFtM) DRV - [2012.10.23 22:28:22 | 000,159,048 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\tkfwvt.sys -- (TKFWVT) DRV - [2012.07.31 17:13:52 | 000,083,296 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\tkidsvt.sys -- (TkIdsVt) DRV - [2012.07.03 15:07:20 | 000,125,120 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\TKCtrl2k.sys -- (TKCtrl) DRV - [2012.05.08 17:44:35 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 17:44:35 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.27 00:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011.03.28 10:55:58 | 000,031,840 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\tkfwfv.sys -- (TKFWFV) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.24 03:10:00 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.08.24 03:09:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2010.08.24 03:06:28 | 006,095,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.24 03:06:04 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.05.10 10:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.03.31 02:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081 IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=HP_clro&mntrId=6c72283000000000000020cf305a602a IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=HP_clro&mntrId=6c72283000000000000020cf305a602a IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=5012_4&babsrc=SP_clro&mntrId=6c72283000000000000020cf305a602a IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{2F3A55BC-04AC-45FA-960B-5B9256ABC8D1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=FFE44915-53AC-4C67-A686-E1BFDF8D4C00&apn_sauid=57075325-132F-4CAB-A020-0A4B81D0BAF1 IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081 IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Funmoods" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081" FF - prefs.js..extensions.enabledAddons: clipconverter@clipconverter.cc:1.2.4 FF - prefs.js..extensions.enabledAddons: sam@samfind.com:2.2.6 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6 FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1 FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.986.67 FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=KW_clro&mntrId=6c72283000000000000020cf305a602a&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dangel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dangel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dangel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 17:13:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.11 21:59:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 17:13:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.17 06:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\Extensions [2012.12.18 15:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions [2012.03.29 17:48:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.12.02 16:16:55 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\ffxtlbr@funmoods.com [2012.07.27 09:39:27 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\sam@samfind.com [2012.11.12 18:37:52 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Dangel\AppData\Roaming\mozilla\Firefox\Profiles\l39fus9c.default\extensions\toolbar@ask.com [2012.07.30 09:12:28 | 000,009,439 | ---- | M] () (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\extensions\clipconverter@clipconverter.cc.xpi [2012.07.27 09:39:27 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.11.12 18:37:52 | 000,002,308 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\askcom.xml [2012.12.11 21:58:41 | 000,006,522 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\BrowserProtect.xml [2012.12.02 16:17:45 | 000,002,349 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\Funmoods.xml [2012.12.18 15:59:34 | 000,005,492 | ---- | M] () -- C:\Users\Dangel\AppData\Roaming\mozilla\firefox\profiles\l39fus9c.default\searchplugins\startpage-https---deutsch.xml [2012.11.06 17:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.11 21:59:46 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.5.986.67\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION [2012.11.06 17:13:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.31 21:36:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.11 21:58:41 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.31 21:36:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.31 21:36:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.31 21:36:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.31 21:36:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.31 21:36:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.claro-search.com/?affID=114506&tt=5012_4&babsrc=HP_clro&mntrId=6c72283000000000000020cf305a602a CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081 CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.33308_0\ CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\ CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\ CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.1_0\ CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.32.76\ASUSWSDashBoard.exe (eCareme) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [nProtect GameGuard Personal 3.0] C:\Program Files\INCAInternet\nProtect GameGuard Personal 3.0\nspmain.exe (INCA Internet Co., Ltd.) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004..\Run: [Facebook Update] C:\Users\Dangel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Dangel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Dangel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dangel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F283F57-47C9-4D84-9228-B91DB2580817}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62C3B49-879A-44C0-9BFE-1B3C9E313FFA}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.19 12:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.19 12:45:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013.01.19 12:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.19 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\Dangel\AppData\Local\Programs [2013.01.11 07:14:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.27 23:17:45 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions [2012.12.27 23:17:44 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins [2012.12.23 13:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games ========== Files - Modified Within 30 Days ========== [2013.01.19 13:49:40 | 000,012,919 | ---- | M] () -- C:\Users\Dangel\Desktop\Unbenannt 1.odt [2013.01.19 13:46:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.01.19 13:35:04 | 000,000,000 | ---- | M] () -- C:\Users\Dangel\defogger_reenable [2013.01.19 13:34:36 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.19 13:34:36 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.19 13:31:33 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004UA.job [2013.01.19 13:27:42 | 000,001,851 | ---- | M] () -- C:\Users\Dangel\Desktop\MySyncFolder.lnk [2013.01.19 13:21:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.19 13:21:31 | 1408,589,824 | -HS- | M] () -- C:\hiberfil.sys [2013.01.19 12:45:27 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 08:25:02 | 000,001,142 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004UA.job [2013.01.19 08:25:02 | 000,001,120 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004Core.job [2013.01.17 07:05:03 | 000,000,274 | ---- | M] () -- C:\windows\tasks\PC Performer_UPDATES.job [2013.01.17 07:04:37 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3432669508-159066358-3338486630-1004Core.job [2013.01.15 07:05:26 | 000,014,676 | ---- | M] () -- C:\Users\Dangel\Documents\Praktikum MBS verachiedene Fragen.odt [2013.01.14 15:03:07 | 000,000,266 | ---- | M] () -- C:\windows\tasks\PC Performer_DEFAULT.job [2013.01.12 11:40:40 | 000,309,432 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013.01.08 20:02:26 | 000,012,012 | ---- | M] () -- C:\Users\Dangel\Documents\elotrixhdx klassen.odt [2013.01.03 00:07:56 | 000,001,573 | ---- | M] () -- C:\Users\Dangel\Documents\pivot volltreffer looooooool.piv [2012.12.28 23:04:44 | 000,287,648 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKToolu.dll [2012.12.28 23:04:44 | 000,033,824 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKTool2k.sys [2012.12.26 09:11:50 | 000,197,504 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKFsAvMU.dll [2012.12.26 09:11:50 | 000,181,248 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKFsAv.sys [2012.12.26 09:11:50 | 000,114,888 | ---- | M] (INCA Internet Co., Ltd.) -- C:\windows\System32\TKRgAc2k.sys [2012.12.23 13:50:21 | 000,002,084 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk ========== Files Created - No Company Name ========== [2013.01.19 13:49:35 | 000,012,919 | ---- | C] () -- C:\Users\Dangel\Desktop\Unbenannt 1.odt [2013.01.19 13:35:04 | 000,000,000 | ---- | C] () -- C:\Users\Dangel\defogger_reenable [2013.01.19 12:45:27 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 12:26:38 | 000,014,676 | ---- | C] () -- C:\Users\Dangel\Documents\Praktikum MBS verachiedene Fragen.odt [2013.01.08 16:20:48 | 000,012,012 | ---- | C] () -- C:\Users\Dangel\Documents\elotrixhdx klassen.odt [2013.01.03 00:07:56 | 000,001,573 | ---- | C] () -- C:\Users\Dangel\Documents\pivot volltreffer looooooool.piv [2012.12.23 13:50:21 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk [2012.12.02 16:16:58 | 000,290,500 | ---- | C] () -- C:\Users\Dangel\AppData\Local\funmoods-speeddial_sf.crx [2012.12.02 16:16:51 | 000,031,465 | ---- | C] () -- C:\Users\Dangel\AppData\Local\funmoods.crx [2012.11.13 18:11:30 | 001,511,424 | ---- | C] () -- C:\windows\System32\sn3win.dll [2012.03.22 16:51:14 | 008,585,602 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Ciao Ciao Bella.mp4 [2012.03.22 16:50:04 | 012,975,538 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Homo Dance.mp4 [2012.03.22 16:48:06 | 015,381,230 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Papaya.mp4 [2012.03.22 16:45:52 | 015,576,142 | ---- | C] () -- C:\Users\Dangel\Alexander Marcus - Hawaii Toast Song.mp4 [2011.08.24 17:39:06 | 000,000,911 | ---- | C] () -- C:\Users\Dangel\Eigene Dokumente - Verknüpfung.lnk [2011.08.24 17:39:06 | 000,000,900 | ---- | C] () -- C:\Users\Dangel\Eigene Bilder - Verknüpfung.lnk [2011.08.24 17:39:06 | 000,000,884 | ---- | C] () -- C:\Users\Dangel\Suchvorgänge - Verknüpfung.lnk [2011.08.24 17:39:06 | 000,000,879 | ---- | C] () -- C:\Users\Dangel\Downloads - Verknüpfung.lnk [2011.08.24 17:39:06 | 000,000,876 | ---- | C] () -- C:\Users\Dangel\Kontakte - Verknüpfung.lnk [2011.08.24 17:39:06 | 000,000,682 | ---- | C] () -- C:\Users\Dangel\Desktop - Verknüpfung.lnk [2011.03.31 21:04:44 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2011.03.31 19:50:20 | 000,097,312 | ---- | C] () -- C:\windows\System32\drivers\Fwusb1b.bin [2011.03.31 19:10:18 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.03.31 19:09:49 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2010.08.27 21:54:34 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ASUS WebStorage [2011.07.16 09:31:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bytemobile [2011.07.30 21:02:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client [2011.07.30 11:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP [2011.07.16 09:31:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone [2011.10.13 11:18:08 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\.minecraft [2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\ASUS WebStorage [2012.12.11 21:57:47 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Babylon [2011.07.17 06:06:21 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Bytemobile [2012.12.11 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Claro [2012.09.20 20:11:23 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\DVDVideoSoft [2012.04.21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.13 21:28:30 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\E-Cam [2012.09.24 16:05:03 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\ExpressDownloader [2012.03.27 21:04:24 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\gema [2012.09.20 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\OpenCandy [2011.09.04 20:08:57 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\OpenOffice.org [2012.12.11 21:57:00 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\PerformerSoft [2012.05.12 10:44:38 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\SoftGrid Client [2012.09.20 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\TuneUp Software [2011.11.12 13:22:20 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\uTorrent [2011.07.17 06:06:20 | 000,000,000 | ---D | M] -- C:\Users\Dangel\AppData\Roaming\Vodafone [2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage [2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage [2012.03.21 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\.minecraft [2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\ASUS WebStorage [2011.07.17 06:08:30 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\Bytemobile [2012.03.26 12:57:40 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\DVDVideoSoft [2012.03.27 12:05:42 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\Spotify [2011.07.17 06:08:30 | 000,000,000 | ---D | M] -- C:\Users\Fail Konto\AppData\Roaming\Vodafone [2012.03.17 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\.minecraft [2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\ASUS WebStorage [2011.07.16 15:49:37 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\Bytemobile [2012.03.27 21:04:18 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\gema [2011.07.16 15:49:35 | 000,000,000 | ---D | M] -- C:\Users\Usher\AppData\Roaming\Vodafone [2010.08.27 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\ASUS WebStorage [2012.01.07 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\Bytemobile [2011.03.31 19:10:31 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\E-Cam [2012.01.07 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Weber\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011.07.17 06:08:32 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ˁ [2011.07.17 06:08:32 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ˁ [2011.07.16 09:00:31 | 000,000,059 | ---- | M] ()(C:\windows\System32\?´) -- C:\windows\System32\ˊ [2011.07.16 09:00:31 | 000,000,059 | ---- | C] ()(C:\windows\System32\?´) -- C:\windows\System32\ˊ [2011.07.13 12:16:14 | 000,000,059 | ---- | M] ()(C:\windows\System32\?o) -- C:\windows\System32\ǒ [2011.07.13 12:16:14 | 000,000,059 | ---- | C] ()(C:\windows\System32\?o) -- C:\windows\System32\ǒ [2011.07.13 12:15:20 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ʻ [2011.07.13 12:15:20 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ʻ < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.01.2013 13:50:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dangel\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 43,19% Memory free
3,50 Gb Paging File | 2,06 Gb Available in Paging File | 58,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 18,53 Gb Free Space | 18,53% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 14,76 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
Computer Name: WEBER-PC | User Name: Dangel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26D6E052-A400-473B-8D26-B751B7459116}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2AA168CE-1536-4131-988D-583D350FBE00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36A1E252-4C91-4056-BAB3-C465CE86F102}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E2A74F9-C1B0-4175-8111-205C18142932}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E150ECF-3FAF-40D4-B0F3-6756D7CF1C80}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF93AA93-1927-4208-B49B-ACFC1F64C5D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C88FD892-8A4E-4D7E-B49A-1A0CDA7244AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD0E68CC-8D46-4E66-A66F-B11E00D72380}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2DFB3EE-C8BA-4826-A4E2-D959BB3983E0}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06731A33-63FD-4B61-B974-15CACD298E4B}" = protocol=6 | dir=out | app=system |
"{08F69C89-CBC3-424C-9334-A370068F712E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A4FEBCF-2B86-42A8-8A20-FD31B043D769}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16AE505D-C675-42C6-B3BD-1D00EBC75FF0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{19C0A252-E5FC-4838-8CEC-B4F44FDB52A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23CAD055-BC5D-48A4-9EC1-136744AB6141}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27599128-1FFE-4429-BE44-42547DF2AD23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{538BD15A-5FE3-4E21-917E-017A5E13182A}" = protocol=17 | dir=in | app=c:\program files\expressdownloader\expressdl.exe |
"{55683A6C-2606-496D-8337-398F20DC68A3}" = protocol=6 | dir=in | app=c:\program files\expressdownloader\expressdownloader.exe |
"{58A01965-4DCF-442D-AC70-E70C1A5C1D13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{602A34C3-E3A3-4A29-A020-1AFD30619D31}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{67F92EEF-36FF-4AAB-A622-5F40A0B2A73F}" = protocol=17 | dir=in | app=c:\program files\expressdownloader\expressdownloader.exe |
"{89A9493B-0374-44A9-8CC4-4C96D5FDD344}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A330DF06-35E2-4E8B-9942-F5EC360D104B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7866882-BDEB-4B1E-A253-4A9172CF8191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADE35540-79EC-4E1E-B085-C3A081E452D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC37BBDC-DBC6-474E-B431-2C3290425F19}" = protocol=6 | dir=in | app=c:\program files\expressdownloader\expressdl.exe |
"{D656588E-2EB4-483C-8E2E-742625138C43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7A615E6-4198-4DCF-8343-4500CAEE3548}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E439378A-8CD0-4C42-8795-D354A31B0CA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB604483-CC7A-48AC-AD92-26D086AF552C}" = dir=in | app=c:\users\dangel\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{136754FB-CF4C-4723-8F78-BD39E8F79738}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{165613FF-A57E-48F0-AB23-4A62DD913A37}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{53B22959-E7BA-40BA-8A76-E3B2AF5B0CE8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{561F1D73-07F6-4C40-933F-D17E5C7BBFCB}E:\cossacks - the art of war\dmcr.exe" = protocol=6 | dir=in | app=e:\cossacks - the art of war\dmcr.exe |
"TCP Query User{E576FBDB-1BAA-45C8-8572-6EFEB24B4974}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{FE4985EC-AA0E-40F4-9FEC-B8DA3C04AA62}E:\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=e:\cossacks - back to war\dmcr.exe |
"UDP Query User{158D598E-AB53-4E0F-933B-1EECC8C9FE4E}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{33F5F9E5-7889-45CB-806B-5ED1CD0CC23A}E:\cossacks - the art of war\dmcr.exe" = protocol=17 | dir=in | app=e:\cossacks - the art of war\dmcr.exe |
"UDP Query User{E0771D78-9353-4D87-A341-138C9511AFDA}E:\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=e:\cossacks - back to war\dmcr.exe |
"UDP Query User{E913E49C-6530-4DAF-AE16-52B7272B4F4A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{EED74ED1-A2F4-420C-908D-D219D6D865DF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{EFC1EF16-E7B2-4434-B34D-E88A99FB0C11}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{08D0A290-E98B-62B5-A423-CAF77EF910F4}" = CCC Help Finnish
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10BDB7F2-3760-49CC-3F02-4E10DC9C9D84}" = Catalyst Control Center Graphics Previews Vista
"{15787831-3BEE-3F24-CF5D-86A297C2BE34}" = Catalyst Control Center InstallProxy
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{18D33A7B-5EB5-64A9-6759-2D7EC4D085D0}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25D1FAA5-89E4-55A8-FABA-671E9B7C1BAF}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CA34767-F6D1-B207-2B61-0BC0F71888BA}" = CCC Help Swedish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{321F3B6B-3736-C9BF-5273-BE3779059661}" = CCC Help Spanish
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4E9BB299-32C5-F701-F2F2-251903A6286A}" = CCC Help Danish
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{50D570C5-9227-8756-06CE-1A69740ECF82}" = CCC Help Turkish
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65F69FE7-D0A0-9B54-1166-61697BC89701}" = ccc-core-static
"{6A193E0C-113E-ACE1-57E9-2CB4B7315AEB}" = CCC Help Greek
"{6AD81B3D-7411-5A4D-4312-072A0D33CAE9}" = ccc-utility
"{6F9375BA-521F-253A-F24D-F9332F2C4E9A}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89B48354-7F0E-EA42-ACDE-8BFA1AEC2114}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF7BEBB-0474-ED16-2E60-CE38B7E16D3E}" = CCC Help French
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BAB0084-8F54-CCC3-1CEA-AC5A303885BE}" = WMV9/VC-1 Video Playback
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D197A87-44B6-47D0-8A0D-B421208C9A26}" = nProtect GameGuard Personal 3.0
"{A3B4BDAA-7B03-43B1-804C-54B451EF9668}" = nProtect Security Platform
"{A5257FB6-14AA-1759-C61C-3A30EFE0DA6B}" = CCC Help Korean
"{A8C1B99F-7F88-1B7C-8338-DB4F5A567A07}" = CCC Help Norwegian
"{A9D6240D-5429-5988-EF3A-42528F4E9BFA}" = CCC Help Chinese Standard
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BEC93D7E-F18F-55D0-B4C4-C1928D39C05A}" = CCC Help Hungarian
"{C006FC2F-87C6-475D-68FF-5F815642A0F9}" = CCC Help Czech
"{C186E4BD-8232-30D6-E4B5-E1473CA52BA3}" = CCC Help Russian
"{C365387E-8522-A75E-3285-13F45EC71AA0}" = CCC Help Thai
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C54467C6-7D42-5350-BDEB-7FE6761889D5}" = CCC Help Italian
"{CC084EC0-5F74-4A17-8635-3ED61D501643}_is1" = Flyff
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7F2111-1D57-E2CF-9F29-E276FB96ACE0}" = CCC Help German
"{F06BA163-14BB-4977-080B-A7FC89192532}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F49E63FC-4E83-E354-7199-B1DB08CC15A5}" = CCC Help English
"{F539B841-DF49-954D-ADE8-D9FB4EAD6E98}" = CCC Help Chinese Traditional
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FF401EA7-0185-E31F-96B3-2A00E14BDF94}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"claro" = Claro LTD toolbar
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.8.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.19.412
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"funmoods" = Funmoods
"GIMP-2_is1" = GIMP 2.8.2
"HyperCam 2" = HyperCam 2
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"lmms" = LMMS 0.4.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"PC Performer_is1" = PC Performer
"ScreenSaverPatch_is1" = ScreenSaverPatch
"SonicShack Design Studio_is1" = SonicShack Designer Adobe AIR version
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3432669508-159066358-3338486630-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"ExpressDownloader" = ExpressDownloader
"Google Chrome" = Google Chrome
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2013 03:28:37 | Computer Name = Weber-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.01.2013 03:28:37 | Computer Name = Weber-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1638
Error - 19.01.2013 03:28:37 | Computer Name = Weber-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1638
Error - 19.01.2013 07:54:49 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
Error - 19.01.2013 08:08:05 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
Error - 19.01.2013 08:08:52 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
Error - 19.01.2013 08:09:09 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
Error - 19.01.2013 08:11:24 | Computer Name = Weber-PC | Source = RasClient | ID = 20227
Description =
Error - 19.01.2013 08:27:08 | Computer Name = Weber-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 19.01.2013 08:27:44 | Computer Name = Weber-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 19.01.2013 08:34:53 | Computer Name = Weber-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
[ System Events ]
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 19.01.2013 08:27:55 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 19.01.2013 08:27:56 | Computer Name = Weber-PC | Source = WMPNetworkSvc | ID = 866317
Description =
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-19 14:47:52
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD25 rev.01.0 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Dangel\AppData\Local\Temp\kgloqpow.sys
---- System - GMER 2.0 ----
SSDT 8A05E30E ZwCreateSection
SSDT 8A05E318 ZwRequestWaitReplyPort
SSDT 8A05E313 ZwSetContextThread
SSDT 8A05E31D ZwSetSecurityObject
SSDT 8A05E322 ZwSystemDebugControl
SSDT 8A05E2AF ZwTerminateProcess
Code \??\C:\windows\system32\TKPcFtCb.sys ObOpenObjectByPointer
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E53A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8D4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E9462C 4 Bytes [0E, E3, 05, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E94988 2 Bytes [18, E3] {SBB BL, AH}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1556 82E9498B 1 Byte [8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E949CC 4 Bytes [13, E3, 05, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82E94A48 4 Bytes [1D, E3, 05, 8A]
.text ...
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E825000, 0x331648, 0xE8000020]
.text user32.dll!DialogBoxParamW 77593B9B 5 Bytes [E9, D0, 0B, 33, FE] {JMP 0xfe330bd5}
---- User code sections - GMER 2.0 ----
.text C:\windows\system32\SearchIndexer.exe[100] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[212] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Windows\System32\AsusService.exe[272] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[392] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text ...
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 00, 10, 00] {SUB [EAX], AL; ADC [EAX], AL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 1 Byte [28]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 03, 10, 00] {SUB [EBX], AL; ADC [EAX], AL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 00, 10, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 01, 10, 00] {TEST AL, 0x1; ADC [EAX], AL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 02, 10, 00] {TEST AL, 0x2; ADC [EAX], AL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 01, 10, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 02, 10, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 00, 10, 00] {TEST AL, 0x0; ADC [EAX], AL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 01, 10, 00] {SUB [ECX], AL; ADC [EAX], AL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 02, 10, 00] {SUB [EDX], AL; ADC [EAX], AL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 1 Byte [68]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 03, 10, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4168] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4296] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\windows\system32\svchost.exe[4404] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 80, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 83, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 80, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 81, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 82, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 81, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 82, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 80, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 81, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 82, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 83, BA, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4500] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 24, 78, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 27, 78, 00] {SUB [EDI], AH; JS 0x4}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 24, 78, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 25, 78, 00] {TEST AL, 0x25; JS 0x4}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 26, 78, 00] {TEST AL, 0x26; JS 0x4}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 25, 78, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 26, 78, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 24, 78, 00] {TEST AL, 0x24; JS 0x4}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 25, 78, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 26, 78, 00] {SUB [ESI], AH; JS 0x4}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 27, 78, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4516] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 54, 42, 00] {SUB [EDX+EAX*2+0x0], DL}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 57, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 54, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 55, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 56, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 55, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 56, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 54, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 55, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 56, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 57, 42, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4532] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 78, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 7B, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 78, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 79, 24, 00] {TEST AL, 0x79; AND AL, 0x0}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 7A, 24, 00] {TEST AL, 0x7a; AND AL, 0x0}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 79, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 7A, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 78, 24, 00] {TEST AL, 0x78; AND AL, 0x0}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 79, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 7A, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 7B, 24, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4544] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 98, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 9B, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 98, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 99, D8, 00] {TEST AL, 0x99; FADD DWORD [EAX]}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 9A, D8, 00] {TEST AL, 0x9a; FADD DWORD [EAX]}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 99, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 9A, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 98, D8, 00] {TEST AL, 0x98; FADD DWORD [EAX]}
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 99, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 9A, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 9B, D8, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4552] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, B4, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, B7, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, B4, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, B5, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, B6, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, B5, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, B6, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, B4, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, B5, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, B6, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, B7, 92, 00]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4560] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + 6 779D55CE 4 Bytes [28, 0C, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtCreateFile + B 779D55D3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + 6 779D5C2E 4 Bytes [28, 0F, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtMapViewOfSection + B 779D5C33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + 6 779D5CDE 4 Bytes [68, 0C, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenFile + B 779D5CE3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + 6 779D5D8E 4 Bytes [A8, 0D, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcess + B 779D5D93 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessToken + B 779D5DA3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + 6 779D5DAE 4 Bytes [A8, 0E, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenProcessTokenEx + B 779D5DB3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + 6 779D5E0E 4 Bytes [68, 0D, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThread + B 779D5E13 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + 6 779D5E1E 4 Bytes [68, 0E, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadToken + B 779D5E23 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtOpenThreadTokenEx + B 779D5E33 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + 6 779D5F3E 4 Bytes [A8, 0C, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryAttributesFile + B 779D5F43 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtQueryFullAttributesFile + B 779D5FF3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + 6 779D663E 4 Bytes [28, 0D, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationFile + B 779D6643 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + 6 779D669E 4 Bytes [28, 0E, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtSetInformationThread + B 779D66A3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + 6 779D69BE 4 Bytes [68, 0F, 06, 01]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] ntdll.dll!NtUnmapViewOfSection + B 779D69C3 1 Byte [E2]
.text C:\Users\Dangel\AppData\Local\Google\Chrome\Application\chrome.exe[4568] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4676] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\windows\system32\svchost.exe[4928] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5160] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text C:\Users\Dangel\Downloads\gmer-2.0.18444.exe[5752] USER32.dll!DialogBoxParamW 77593B9B 5 Bytes JMP 758C4770 c:\progra~2\browse~1\25986~1.67\{c16c1~1\browse~1.dll
.text ...
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab4ae9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab4ae9 (not active ControlSet)
---- EOF - GMER 2.0 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.19.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Dangel :: WEBER-PC [Administrator] 19.01.2013 14:50:36 MBAM-log-2013-01-19 (15-07-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 298051 Laufzeit: 16 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 42 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.clarodskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.clarodskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.claroappCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\claro.claroappCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{9E131A93-EED7-4BEB-B015-A0ADB30B5646} (PUP.Funmoods) -> Daten: Claro LTD Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (PUP.FunMoods) -> Daten: hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081 -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bösartig: (hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtDyE0D0D0BzytBzztAtDtN0D0Tzu0CtAtAyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=62128081) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 4 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22 (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Dateien: 17 C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Claro LTD\claro\1.8.3.10\claroApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Dangel\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Dangel\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Dangel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. (Ende) |
|
19.01.2013, 15:54
| #2 |
| /// Malware-holic   | Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsam Hi
__________________Datensicherung is kein Prob. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ |
|
20.01.2013, 13:30
| #3 |
| | Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsam Super, schon mal vielen Dank für die Antwort.
__________________Mach ich mich in den nächsten Tagen mal ran, alles abzuändern. Hatte nur Angst, dass ein eventueller Rootkit sich auf die externe HD kopiert. Ist ein Fertig-PC: Asus EEE PC 1215T mit Windows 7 Home ohne CD/DVD laufwerk (habe auch kein externes) mit recovery partition. Reicht das aus, das von der recovery partition zu machen oder sollte ich einen bootfähigen USB stick herstellen, da bräuchte ich aber ein paar Hinweise. Nochmals vielen Dank! |
|
20.01.2013, 14:49
| #4 |
| /// Malware-holic | Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsam hi, reicht von der recovery partition.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Google meldet ungewöhnlichen Datenverkehr - Rechner bleibt öfters hängen und ist langsam |
| 32 bit, antivir, avira, bho, bonjour, cd/dvd., desktop, error, firefox, flash player, google, helper, hijack, home, hängen, install.exe, langsam, limited.com/facebook, logfile, microsoft office starter 2010, mozilla, mp3, neu aufsetzen, ntdll.dll, object, performer, plug-in, realtek, registry, scan, security, sehr langsam, software, soziale netzwerke, svchost.exe, windows |
Linear-Darstellung
