| |
| |||||||
Log-Analyse und Auswertung: GMX-Fremdzugriff - FortsetzungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.03.2013, 22:37
| #1 |
 |  GMX-Fremdzugriff - Fortsetzung Hallo, schon in meinem letzten Thread hatte ich darüber berichtet, dass ich aufgrund Fremdzugriffen auf mein GMX-Konto Keylogger/Trojaner auf Laptop und PC vermutet. Dank der wirklich tollen Hilfe von cosinus wurde mein Laptop schon gecheckt und bereinigt/gefixt. Seitdem ich nur noch über den Laptop zugreife, sind auch die ungewollten Log-Ins bei GMX nicht mehr vorgekommen. Nun möchte ich zur Sicherheit noch meinen PC durchchecken und hoffe auf ebenso freundliche Unterstützung wie beim letzten Mal. Viele Grüße Stevie-1984 PS. Hier die Logs: Code:
ATTFilter OTL logfile created on: 17.03.2013 22:08:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,50 Gb Available Physical Memory | 75,09% Memory free 12,00 Gb Paging File | 10,47 Gb Available in Paging File | 87,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,33 Gb Total Space | 493,38 Gb Free Space | 84,73% Space Free | Partition Type: NTFS Drive D: | 596,17 Gb Total Space | 401,07 Gb Free Space | 67,28% Space Free | Partition Type: NTFS Drive E: | 13,84 Gb Total Space | 1,93 Gb Free Space | 13,95% Space Free | Partition Type: NTFS Drive F: | 236,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.17 22:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe PRC - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicShellService.exe PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009.06.30 20:24:46 | 000,762,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe ========== Modules (No Company Name) ========== MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll MOD - [2009.02.27 15:38:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.02 09:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:08:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.03.16 20:23:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.12 21:12:52 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.07 18:25:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Programme\Classic Shell\ClassicShellService.exe -- (ClassicShellService) SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.26 04:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012.07.26 04:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2012.07.26 04:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.07 00:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.07.01 16:31:52 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.07 05:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 12:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 08:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 02:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.29 00:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS) DRV:64bit: - [2013.01.10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 02:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.21 21:24:46 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.09.06 19:05:06 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:30:26 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mqac.sys -- (MQAC) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.19 11:02:12 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2011.12.19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.06.24 17:41:31 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.06.24 17:41:31 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.04.07 11:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2009.06.30 20:24:50 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VX3000.sys -- (VX3000) DRV:64bit: - [2006.12.12 01:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BrSerIf.sys -- (BrSerIf) DRV - [2013.01.16 19:13:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15) DRV - [2013.01.16 19:13:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG) DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.11.21 17:52:18 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130313.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.11.20 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.09 20:31:53 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 7F 8C 32 B9 1F CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{BDCB0600-0332-4771-9D94-148955443118}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013.03.16 19:57:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012.11.21 21:46:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.16 20:23:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 20:23:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.16 20:23:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.16 20:23:25 | 000,000,000 | ---D | M] [2013.03.16 17:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2013.03.16 17:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\aai2wk9e.default\extensions [2013.03.16 17:35:40 | 000,615,654 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\aai2wk9e.default\extensions\testpilot@labs.mozilla.com.xpi [2013.03.16 20:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.16 20:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.03.16 20:23:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 23:34:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 23:34:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 23:34:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 23:34:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 23:34:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 23:34:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Programme\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun File not found O4 - HKLM..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : Ãœber Digital Trends Club - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Programme\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AB488BB-3F76-438A-AE0B-A234FD9B60CB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.14 18:59:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 22:03:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2013.03.17 17:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.03.16 21:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.16 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.16 21:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.16 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.16 20:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing-Desktop [2013.03.16 20:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.03.16 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla [2013.03.16 17:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.12 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup [2013.03.12 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\SUPERAntiSpyware.com [2013.03.12 20:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.03.12 20:50:22 | 023,008,800 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Stefan\Documents\SUPER14AntiSpyware.exe [2013.03.11 20:23:20 | 046,023,440 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\Stefan\Documents\MFC-5490CN-inst-win8-A1.EXE [2013.03.10 12:50:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\NPE [2013.03.02 10:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.02 10:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.16 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\iPod Photo Cache [1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.17 22:03:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2013.03.17 22:03:00 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2013.03.17 22:02:22 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe [2013.03.17 21:41:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.03.17 17:45:35 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.16 20:04:12 | 002,217,713 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013.03.16 20:03:11 | 002,040,954 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.03.16 20:03:11 | 000,867,886 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.03.16 20:03:11 | 000,806,384 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.03.16 20:03:11 | 000,198,384 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.03.16 20:03:11 | 000,166,582 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.03.16 19:55:48 | 001,054,248 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.03.16 19:55:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.03.16 19:55:44 | 536,256,511 | -HS- | M] () -- C:\hiberfil.sys [2013.03.16 17:35:21 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.16 17:26:42 | 000,001,936 | ---- | M] () -- C:\{DC16E5E3-51B3-4E14-A412-E625DA0AFEE5} [2013.03.13 21:14:28 | 000,002,640 | ---- | M] () -- C:\{767D88AC-1AFE-49F1-BC1A-B9E39CA080BB} [2013.03.12 20:51:10 | 023,008,800 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Stefan\Documents\SUPER14AntiSpyware.exe [2013.03.12 20:18:12 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2013.03.12 20:18:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI [2013.03.11 20:33:32 | 046,023,440 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\Stefan\Documents\MFC-5490CN-inst-win8-A1.EXE [2013.03.09 11:27:21 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2013.03.09 11:25:52 | 000,014,818 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\N360x64\1403000.024\VT20130115.021 [2013.03.02 10:13:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.24 11:34:02 | 000,108,449 | ---- | M] () -- C:\Users\Stefan\ESt2012_Zimmermann_Stefan.elfo [2013.02.23 17:59:24 | 000,000,129 | ---- | M] () -- C:\WINDOWS\SysWow64\~.inf [2013.02.23 17:46:40 | 000,928,097 | ---- | M] () -- C:\Users\Stefan\Documents\Anna Gemüsebilder.pdf [1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.17 22:03:00 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2013.03.17 22:02:21 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe [2013.03.16 19:55:48 | 001,054,248 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.03.16 17:35:21 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.16 17:35:21 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.16 17:26:41 | 000,001,936 | ---- | C] () -- C:\{DC16E5E3-51B3-4E14-A412-E625DA0AFEE5} [2013.03.13 21:14:28 | 000,002,640 | ---- | C] () -- C:\{767D88AC-1AFE-49F1-BC1A-B9E39CA080BB} [2013.03.02 10:13:09 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.23 20:00:11 | 000,108,449 | ---- | C] () -- C:\Users\Stefan\ESt2012_Zimmermann_Stefan.elfo [2013.02.23 17:46:39 | 000,928,097 | ---- | C] () -- C:\Users\Stefan\Documents\Anna Gemüsebilder.pdf [2013.02.22 16:20:18 | 000,001,466 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paint (2).lnk [2013.02.16 11:42:57 | 000,386,577 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2013.01.12 10:19:12 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.30 22:38:45 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2012.11.06 20:19:32 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.11.06 19:08:23 | 000,000,197 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\burnaware.ini [2012.10.28 22:55:52 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2012.10.27 22:26:40 | 001,968,878 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2012.10.27 22:23:49 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012.10.27 22:23:49 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2012.07.27 19:49:20 | 000,000,040 | ---- | C] () -- C:\ProgramData\aknhqwdnwnsgria [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2012.03.21 22:35:50 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe [2012.01.13 23:47:03 | 000,138,015 | ---- | C] () -- C:\Users\Stefan\ESt2011_Zimmermann_Stefan.elfo [2012.01.06 18:58:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY2.INI [2011.12.30 17:08:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI [2011.07.01 16:32:08 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.05.31 21:13:42 | 000,001,036 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011.05.31 21:13:42 | 000,000,161 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011.05.31 21:13:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\SysWow64\BrMuSNMP.dll [2011.05.31 21:12:59 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2011.05.31 21:12:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.31 15:36:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\AlawarEntertainment [2011.06.20 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer [2011.06.20 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Programme [2012.08.18 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Autodesk [2011.08.08 10:18:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\biu software [2011.06.03 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cerasus.media [2011.10.29 14:03:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Downloaded Installations [2012.09.28 20:30:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft [2012.08.18 20:17:06 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GeoVid [2011.11.23 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Keynote Systems [2012.08.18 20:19:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nokia [2012.05.29 17:28:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nokia Suite [2012.08.18 19:53:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Orbit [2012.05.27 12:27:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PC Suite [2011.06.17 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PC-FAX TX [2013.01.03 13:24:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PlayFirst [2012.08.15 12:39:52 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ProgSense [2011.12.28 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ProtectDisc [2011.09.21 19:34:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Scribus [2011.12.30 22:37:37 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sprengkönig [2011.12.28 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\The Games Company [2012.08.31 18:45:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\thriXXX [2012.03.30 10:00:19 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Thunderbird [2011.06.02 12:09:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Tific [2012.12.30 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Twintale Entertainment [2013.02.03 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\XnView ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1372 bytes -> C:\Users\Stefan\Documents\Kennziffer P-12_110 - Bewerbung um die Stelle als Sachbearbeiter in der Abteilung für Personal und Organisation.eml:OECustomProperty @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2C57161 < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.03.2013 22:08:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,50 Gb Available Physical Memory | 75,09% Memory free
12,00 Gb Paging File | 10,47 Gb Available in Paging File | 87,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,33 Gb Total Space | 493,38 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 401,07 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive E: | 13,84 Gb Total Space | 1,93 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive F: | 236,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06ABE5AC-5EC0-4A43-A113-27482B3DAA17}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0F4018C7-F518-4443-B808-6E5971D28E3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44316C54-BBA5-42C6-86A9-889C11C945C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FFDA51B-F2EC-40CF-8BBB-56A94732EBC7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5FFFC276-251D-45A9-B77C-6DB2BB417F36}" = lport=49318 | protocol=6 | dir=in | name=akamai netsession interface |
"{615219D7-8DE9-410A-896B-67D323EBF454}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6567B83B-EA91-4F5A-8FB8-B54081DEF4DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{733592F1-0A6F-4A46-AC4C-46A3217A6FC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{786A922C-DB40-47C4-8707-07ECE02AC286}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{79B7E2FB-564A-47BB-B9D8-028ADA5ADCC5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{7ABC9882-24BC-4B1E-A18D-224C5A024FE2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EDD7CB4-FB0D-4B60-8DEB-0222664ED636}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0BC5ED0-A164-4B22-8219-07F0FB8E6C05}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{AA0EC870-AD11-4206-86FA-E15CD88D5AF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA46AB6B-9AE2-4A7F-8C7A-8FCB71BBEA63}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AE2D5755-BB90-4DA7-852A-4FC0C1FD0C1D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C459CDE0-9717-4705-9613-A8687C789B2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5CA0D9C-C68A-4F55-95A4-F7366193F9D1}" = lport=49183 | protocol=6 | dir=in | name=akamai netsession interface |
"{C7A46DBE-737E-477B-8A12-0F4BAC686F82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0454E74B-B645-4C2F-AC88-0F65E906F69D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{0C611A1E-2FC0-4FD4-BDE4-93E1748845E6}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{0CE96268-13A3-4BB7-A2CA-B3E073D5B234}" = dir=in | app=c:\users\stefan\appdata\local\microsoft\skydrive\skydrive.exe |
"{19EF2980-2FCC-480B-BCDD-4BC092DCE2CE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1AD505CD-D8AD-4F20-9806-942834DD19BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FB337C0-0294-4C32-AE4D-876C0798F4FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23F4D3A4-2431-44B3-AA6F-9EA4D25CCBBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{286146F1-4AD8-446E-8D7F-6B05CD3ADC22}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{313332B1-84C4-435F-BAD6-675FA7CF1B5C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3605C9AD-29CA-4C6A-9C1B-E791A9FEE944}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\roaming\icqm\icq.exe |
"{392E1694-B839-402A-8F1E-2A028893C92D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4026DEA9-AE64-4EF9-BB16-BA1335F8F496}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{46F5C791-1476-4BB8-83A1-CE82E09E91C8}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{4E6BAF2C-20BB-410A-8AD8-BBC8F7001F5B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4F93D4E9-F564-45B3-8C1E-7A7EDA096AAB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{50D7086B-3318-4587-8686-21C153F21807}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{56EFEE22-1FF9-47BE-B38F-DCD7978077EF}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{578F1D6E-F99D-49AB-9983-6B56BE9CDC96}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe |
"{61CAC80D-A27B-4DA3-9A72-58938DDF5C1C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63BAF5F9-40F0-475D-A196-1E151779F4B4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{7417E2F8-380D-44D5-BE9F-D0AC6565BE0C}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{772DE3C3-1D40-4408-9147-4CCEC1310987}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe |
"{794090FF-0BF3-4EB3-9DF8-7DDAA423028A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8493DD97-F0BC-4B7C-B3AA-7134208E7343}" = dir=out | name=@{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{8F7FBFAD-4CD8-4B5E-961C-55839BBB8FE5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95A7E9B4-0D8C-4E13-8605-7EE9364896B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{969DD105-DADA-4C3C-8F31-CE4FCD6299D5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9FBD8499-1ECC-49E1-900A-C349BE99AFD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A69D142F-8EBB-4D95-AB96-C2078940C6C0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A7D83B6F-4B2E-4DDA-AB92-E73D6977868F}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\roaming\icqm\icq.exe |
"{B4D7B72D-6945-4C0D-A303-BD430450DB6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC38A022-E600-4825-B8EE-B42738380B84}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{BE217227-2453-443B-A73E-5B7F5382482B}" = protocol=6 | dir=out | app=system |
"{C31617EC-5BAD-4775-A57E-F770637F7473}" = dir=out | name=windows_ie_ac_001 |
"{C4F98F4A-5226-4550-A891-59CB3929F499}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{C519D382-579F-48CD-A1B1-403C367DF4B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA086723-065B-438A-B3F4-A1DDEF0F85D3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE89F4D5-E705-4D42-B613-05EB07553DB8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{D2E5A37D-52C0-404A-8739-5252E6CFBFC7}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{DF704350-A41A-4059-B35D-15D8BEBE5F11}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EAE385FD-A626-4917-A74F-85CF976953BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB0EF784-5686-406A-A345-8CB924B0D911}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCE1F482-DA59-401B-B998-937527E40319}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"TCP Query User{0A14DB61-D63C-4E4B-BB14-B5F445E6D3F9}C:\users\stefan\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe |
"UDP Query User{CB6FED15-674F-4054-8F86-BFFDB53F5AE9}C:\users\stefan\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5AF3560C-09BA-426F-BFA0-FEF0A94A9D8B}" = Microsoft Corporation
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EC9E7BB-2443-49B1-8476-490EBF932C2E}" = Microsoft LifeCam
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" =
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51B5CAB0-6F72-4086-BB0D-42D0BDC88F67}" = Hama WLAN PCI Card
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1CF7B76-682D-4547-AA96-11B659A2CEAC}" = Microsoft Corporation
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"PROR" = Microsoft Office Professional 2007
"Sam and Max - Season One" = Sam and Max - Season One 1.0
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2012 14:16:58 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.07.2012 16:24:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.08.2012 13:23:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.08.2012 12:57:08 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 07:50:01 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2012 05:08:03 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.08.2012 03:23:11 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.08.2012 11:39:00 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.08.2012 11:32:53 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.08.2012 13:11:26 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.08.2012 12:56:05 | Computer Name = Stefan-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 31.10.2011 08:59:37 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5191
seconds with 60 seconds of active time. This session ended with a crash.
Error - 08.05.2012 13:52:06 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.05.2012 13:08:32 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 195
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.11.2012 12:21:44 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11701
seconds with 6840 seconds of active time. This session ended with a crash.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-17 22:27:47
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\ugdyqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\mqsvc.exe[1912] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007feb4681b32 4 bytes [68, B4, FE, 07]
.text C:\WINDOWS\system32\mqsvc.exe[1912] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007feb4681b3a 4 bytes [68, B4, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5200] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5200] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5200] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007febda7177a 4 bytes [A7, BD, FE, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[5108] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007febda71782 4 bytes [A7, BD, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4160] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007feb8f51532 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007feb8f5153a 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007feb8f5165a 4 bytes [F5, B8, FE, 07]
.text C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007febda7177a 4 bytes [A7, BD, FE, 07]
.text C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007febda71782 4 bytes [A7, BD, FE, 07]
.text C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007feb4681b32 4 bytes [68, B4, FE, 07]
.text C:\WINDOWS\Explorer.EXE[7016] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007feb4681b3a 4 bytes [68, B4, FE, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [5828:1448] fffff960008285e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -692159595
---- EOF - GMER 2.1 ----
|
| Themen zu GMX-Fremdzugriff - Fortsetzung |
| akamai, bho, bonjour, down, error, firefox, flash player, format, helper, iexplore.exe, logfile, mozilla, msvcrt, object, office 2007, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, symantec, udp, windows, wlan |
Baum-Darstellung