| |
| |||||||
Log-Analyse und Auswertung: Eigene Mailadresse wird missbraucht um Spam-Mails zu versendenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.04.2013, 19:21
| #1 |
| |  Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden Erst mal einen schönen guten Abend in die Runde! Ich habe seit heute (zumindest fällt es mir seit heute auf) das Folgende Problem: Offensichtlich werden von meiner Mailadresse Spam-Mails an irgendwelche Empfänger versendet. Bemerkt hab ich das ganze, als ich Fehlernachrichten im Posteingang hatte (der gmail Server hat "meine" Mail abgelehnt, da ein "illegal attachmet" entdeckt wurde. Anbei eine exemplarische Fehlermeldung. Der einzige Unterschied zwischen den verschiedenen Fehlermeldungen ist die Empfänger-Mailadresse und der vorgegebene Name, unter welchem die Mails verschickt wird. Ich habe in nachstehendem Code meine eigene Mailadresse auf meinemail@domain.at umbenannt und die Adresse des Empfängers auf empfänger@gmail.com umbenannt. Die endlose Zeichenansammlung am Ende der Fehlermeldung habe ich in der Mitte etwas verkürzt. Ich hoffe, das stört nicht. Code:
ATTFilter Hi. This is the qmail-send program at server153-han.de-nserver.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<empfänger@gmail.com>:
173.194.69.27 failed after I sent the message.
Remote host said: 552-5.7.0 Our system detected an illegal attachment on your message. Please
552-5.7.0 visit hxxp://support.google.com/mail/bin/answer.py?answer=6590 to
552 5.7.0 review our attachment guidelines. io11si5532163bkc.133 - gsmtp
--- Below this line is a copy of the message.
Return-Path: <meinemail@domain.at>
Received: (qmail 11952 invoked from network); 4 Apr 2013 19:00:09 +0200
Received: from xdslfs230.osnanet.de (HELO sven) (89.166.204.230)
(smtp-auth username meinemail@domain.at, mechanism login)
by server153-han.de-nserver.de (qpsmtpd/0.82) with (DES-CBC3-SHA encrypted) ESMTPSA; Thu, 04 Apr 2013 19:00:09 +0200
From: "Rechnungsstelle Naschplatz.de" <meinemail@domain.at>
To: "=?utf-8?q?R=C3=BCdiger Kern?=" <empfänger@gmail.com>
Subject: =?utf-8?q?R=C3=BCdiger Kern Mahnkosten Ihrer offenen Rechnung =C3=BCber 757,00 Euro?=
Date: Thu, 4 Apr 2013 16:59:55 GMT
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-Priority: 3
Content-Type: multipart/mixed; boundary="=-XC2F5D2C4D"
X-User-Auth: Auth by meinemail@domain.at through 89.166.204.230
--=-XC2F5D2C4D
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<p><strong>Sehr geehrter Kunde R=C3=BCdiger Kern,<br />
<br />
</strong>wir müssten leider festgestellen, dass die Rechnung Nr.: 7093=
87940 nicht beglichen wurde. <br />
Wir belassen Ihnen trotzdem noch eine letzte Möglichkeit, Ihre Verpf=
lichtung zu erfüllen, indem Sie innerhalb von 3 Tagen die ausstehende =
Summe in Höhe von <strong>757,00 Euro</strong> an uns überweisen.=
<br />
<br />
<strong>Aktikel-Nummer: 709387940 R=C3=BCdiger Kern 757,00 Euro<br />
<br />
</strong>Im Fall einer nicht Zahlung müssen wir laut geltendem Recht=
die offenen Forderungen beim Rechtsanwalt fordern. <br />
<br />
<strong>Allgemeine Geschäftsbedingungen und Widerrufsrecht sind in der=
beigefügten Rechnung.<br />
<br />
</strong>Naschplatz.de GmbH <br />
Telefon: (+49) 853 3737519<br />
Umsatzsteuer-Nr.: DE483439204 Allendorf<br />
Geschäftsleiter: Karl Ziegler</p>
--=-XC2F5D2C4D
Content-Type: application/octet-stream; name="=?utf-8?q?Aktikel-Nummer: 709387940 R=C3=BCdiger Kern.zip?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="=?utf-8?q?Aktikel-Nummer: 709387940 R=C3=BCdiger Kern.zip?="
UEsDBBQAAgAIAOp4hEI8UU3AiYQBAHaEAQApAAAATWFobnVuZyBJaHJlciBSZWNobnVuZyB2
b20gMDQuMDQuMjAxMy56aXAAF0Dov1BLAwQUAAIACADJeIRC+rGXTcKDAQAAYgIAKQAAAE1h
aG51bmcgSWhyZXIgUmVjaG51bmcgdm9tIDA0LjA0LjIwMTMuY29t7L19eBTV9Tg+m90km2TD
rJJgeJOoQdEARhcwYQEXkw1BCW5Y2BAxASvgulKlMANYSdg4u5jJMEqrtNrKRynaamv7wVZe
(...)
GajIUX0O36u/nggIn5FGbOGhcI0YX+zLJBIjELm0RZUO8YyVDhktftb44qdi8ZV1lCqaPD0E
waRxEKTg578GQ8I4GEj0MBR7rw/F3869TiMYMcHfzL9+Ixj/M41gvG4jkKPPIv5dJXzPooEJ
HwDBPDb2/KfHf1U9/3lu3PlPCkT7945/2GnSV0sjROFvctBspqqeqdRo/5j9Fu2yazhjg2/3
Fwe03Gf8Xjx6K5QC0ahj2WDPNnKo5pniOhyCQZmAkIoGNmZpIhsNAfKrjYmQgZKtJ+fZaIZe
bCFnvPKvT58mQ2l1sjmuHbGRi0FVr0OfNJup/KFPQseOZckJOtX3ie7suvBxYD6ReOjdWVVY
xGdUEqnWRGnZWVg+zJYausICyk+dIfcVzrN6sUXWWX2OXGjjxZVE0HAmSqgFPQp3o8u03hZ1
EALZ+Hzp2xmq1PNv5Wip505i8bSL/GCbyAn5UhdGkN66c1Sp9BiZEpSHMaZCh9A6/4yOOH9J
4MMLihIJjQ6HnrwQOonlL84UC8x4zOgaKQZ+Wyjos/dzM6Ttd4bkf+4cK8/hBm43HyXV9hjt
i4lIxxwp+05iCvuWSETpvWz1ps4a3IFG1q4I1mRhGY9oWJw1rU7To0RpghSjJv56STixXImq
GJTanWuE0gH7WbrBAJkM+rW05zs9rj9M7OKmFWnJWl9nsJEZoU/4clz6EnZ6DjdBbB7qRHkG
/tMRocAslpqE0n75J2oocGa/WUJK8iyJINqtAKa8RGzukgSn2e6v1gmMGe2jXnwRNxVLIDlM
bbOl/CXhlpbWEa8x1Bjb0FKAJnzbgfoQUtHCignzUbhp7YRbRFp3ZjBTnyO2sD9pWhVVdzmW
rSaXJrbAtFPnHqEa40Tam6VpY1BonmpdMSEqls0V6abVE1IwMkMi391oFGmHmgKjatWoKbFc
Col6I0a9gURNCEeFaDo12o2xKIAo5UG1csVoZZFBmWLJU3Wy7UJNQ07J00E3bkVd1zDfPlaG
YdEa54B3hUE/SAG72adBMjaipRsS8KZCBxtbZ4/louqMellXZ7kqlvbDMl7XIpSaBWbA3kPz
XYQAmZs06TfQDa/AS3o8a2rUZWVCGxP5boifY
--- End of message stripped.
Wie in der Anleitung zum erstellen eines neuen Threads beschrieben hier noch die OTL.txt Code:
ATTFilter OTL logfile created on: 04.04.2013 19:05:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MP\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,92% Memory free 8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 251,37 Gb Total Space | 196,96 Gb Free Space | 78,36% Space Free | Partition Type: NTFS Drive D: | 97,74 Gb Total Space | 7,78 Gb Free Space | 7,96% Space Free | Partition Type: NTFS Drive E: | 573,62 Gb Total Space | 228,59 Gb Free Space | 39,85% Space Free | Partition Type: NTFS Drive G: | 8,79 Gb Total Space | 3,51 Gb Free Space | 39,97% Space Free | Partition Type: NTFS Computer Name: MP-PC | User Name: MP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.04 18:52:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.04.04 18:51:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MP\Desktop\OTL.exe PRC - [2013.04.01 15:05:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.01 15:05:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.01 15:05:34 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.18 16:08:44 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.13 20:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.02.13 20:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe PRC - [2012.08.31 16:22:04 | 001,133,176 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe PRC - [2010.10.25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2013.04.04 18:52:08 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.27 22:38:23 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll MOD - [2013.03.27 22:31:01 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll MOD - [2013.03.27 21:14:55 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll MOD - [2013.03.27 21:14:38 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll MOD - [2013.03.27 21:14:32 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll MOD - [2013.03.27 21:14:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll MOD - [2013.03.27 21:14:28 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll MOD - [2013.03.27 21:14:27 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll MOD - [2013.03.27 21:14:24 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll MOD - [2013.03.27 21:14:17 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll MOD - [2010.10.25 16:15:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.04 18:52:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 17:02:42 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\MP\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2013.04.01 15:05:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.01 15:05:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.18 15:29:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 14:13:34 | 000,320,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.01 15:05:58 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.01 15:05:58 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.01 15:05:58 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.31 10:19:52 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:64bit: - [2013.01.31 10:19:52 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.01.31 10:19:52 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.25 05:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.02.12 16:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rsdrvx64.sys -- (ElRawDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D6 2F 9A B3 18 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&k=0 IE - HKCU\..\SearchScopes\{2E3A2A0C-E98E-4D5B-B29F-D96EA0B4DD58}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{533F4CBD-81F6-45B7-81E0-6D67B71C0778}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{65AC1028-D127-4F0B-B55D-6E574676DAF6}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{96EF2CA0-E8D3-441B-BD9E-3B2F7904DDB7}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{BB25B4C9-0495-4AB3-9852-B6B4DB45EE9C}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D2D70930-2653-474E-B88B-12D473A8508D}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=5b226fcb-8914-4459-b2b2-8121c538d20e&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.03.14 14:12:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 18:52:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.14 14:12:08 | 000,000,000 | ---D | M] [2013.03.02 21:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MP\AppData\Roaming\mozilla\Extensions [2013.04.04 17:02:48 | 000,002,079 | ---- | M] () -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\xilo4dy8.default\searchplugins\{22882E5D-4AC0-4BDA-B282-7823AEC7C9CD}.xml [2013.04.04 17:02:48 | 000,002,190 | ---- | M] () -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\xilo4dy8.default\searchplugins\{7C6F2454-2276-4E44-90A4-FD696113D73F}.xml [2013.04.04 17:02:48 | 000,001,872 | ---- | M] () -- C:\Users\MP\AppData\Roaming\mozilla\firefox\profiles\xilo4dy8.default\searchplugins\{997F8368-2E41-4AAE-AFA2-6789CE4D1CA6}.xml [2013.03.08 15:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.04 18:52:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.04 17:02:48 | 000,001,686 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.04 17:02:48 | 000,001,937 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.04 17:02:48 | 000,001,273 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.04 17:02:48 | 000,007,053 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.04 17:02:48 | 000,001,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.04 17:02:48 | 000,001,172 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\MP\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ACSW15EN] C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{617EEA3B-F217-4B70-8FED-1E8F21A10807}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.02.25 00:30:27 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.04 18:51:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MP\Desktop\OTL.exe [2013.04.04 18:36:42 | 005,047,266 | ---- | C] (Swearware) -- C:\Users\MP\Desktop\ComboFix.exe [2013.04.04 17:17:58 | 000,000,000 | ---D | C] -- C:\Users\MP\Documents\PCSpeedUp [2013.04.04 17:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExposurePlot [2013.04.04 17:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExposurePlot [2013.04.04 17:07:23 | 000,000,000 | ---D | C] -- C:\Users\MP\Desktop\exposureplot_115a [2013.04.04 17:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up [2013.04.04 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up [2013.04.04 17:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.04.04 17:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.04.04 17:02:48 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Opera [2013.04.04 17:02:42 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\OCS [2013.04.04 15:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.04 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Simply Super Software [2013.04.04 14:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.04.04 14:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.04.04 14:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.04 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Malwarebytes [2013.04.04 14:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.04 14:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.04 14:26:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.04 14:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.01 15:06:24 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 15:06:24 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 15:06:24 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.31 16:36:07 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Diagnostics [2013.03.31 12:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vehicle Simulator [2013.03.31 12:45:04 | 033,069,678 | ---- | C] (Quality Simulations ) -- C:\Users\MP\Desktop\vsf_demo.exe [2013.03.29 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.03.28 10:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.27 21:23:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013.03.27 21:23:35 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Samsung [2013.03.27 21:23:33 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Samsung [2013.03.27 21:23:29 | 000,000,000 | ---D | C] -- C:\Users\MP\Documents\samsung [2013.03.27 21:20:44 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys [2013.03.27 21:20:44 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2013.03.27 21:20:43 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2013.03.27 21:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013.03.27 21:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2013.03.27 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.03.27 21:18:15 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2013.03.27 21:17:37 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2013.03.27 21:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.27 21:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.03.27 21:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.03.27 21:10:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.21 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\MP\Documents\ShipSim2008 UserData [2013.03.21 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schiff-Simulator 2008 [2013.03.21 18:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.03.21 18:49:57 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.03.21 18:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ship Simulator 2008 [2013.03.21 04:02:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.21 04:01:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.18 16:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.18 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.18 16:08:42 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Google [2013.03.14 14:55:16 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\NVIDIA [2013.03.14 14:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.03.14 14:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2013.03.14 14:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5 [2013.03.14 14:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.03.11 22:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunatic [2013.03.10 17:46:59 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Gerald_Ihninger [2013.03.10 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\MP\Desktop\Browser [2013.03.08 22:54:25 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\Real [2013.03.08 22:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2013.03.08 15:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.06 22:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.03.06 22:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.03.05 22:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2013.03.05 22:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems [2013.03.05 22:38:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.05 20:55:33 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Roaming\ACD Systems [2013.03.05 20:55:33 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\ACD Systems [2013.03.05 20:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems [2013.03.05 20:53:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems [2013.03.05 20:35:26 | 000,000,000 | ---D | C] -- C:\Users\MP\AppData\Local\Downloaded Installations [2011.04.02 01:47:24 | 687,994,304 | ---- | C] (Microsoft Corporation) -- C:\Users\MP\AppData\Roaming\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe ========== Files - Modified Within 30 Days ========== [2013.04.04 18:51:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MP\Desktop\OTL.exe [2013.04.04 18:50:35 | 000,000,000 | ---- | M] () -- C:\Users\MP\defogger_reenable [2013.04.04 18:50:13 | 000,050,477 | ---- | M] () -- C:\Users\MP\Desktop\Defogger.exe [2013.04.04 18:37:08 | 005,047,266 | ---- | M] (Swearware) -- C:\Users\MP\Desktop\ComboFix.exe [2013.04.04 18:19:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.04 18:13:44 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job [2013.04.04 18:13:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.04 17:07:34 | 000,001,059 | ---- | M] () -- C:\Users\MP\Desktop\ExposurePlot.lnk [2013.04.04 17:03:43 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\ExifViewer Installer.Zip [2013.04.04 17:02:39 | 000,000,000 | ---- | M] () -- C:\Program Files\ExifViewer Installer.Zip [2013.04.04 15:13:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.04 15:05:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.04 15:05:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.04 15:03:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.04 15:03:03 | 000,651,768 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.04 15:03:03 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.04 15:03:03 | 000,129,468 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.04 15:03:03 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.04 14:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.04 14:57:55 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.04.04 14:26:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.04 14:11:15 | 000,089,088 | ---- | M] () -- C:\Users\MP\mbr.exe [2013.04.01 15:05:58 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 15:05:58 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 15:05:58 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.31 14:42:36 | 000,000,673 | ---- | M] () -- C:\Users\MP\Desktop\Vehicle Simulator.lnk [2013.03.31 12:46:31 | 033,069,678 | ---- | M] (Quality Simulations ) -- C:\Users\MP\Desktop\vsf_demo.exe [2013.03.31 11:23:46 | 000,001,135 | ---- | M] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2013.03.31 04:23:19 | 004,973,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.29 14:45:05 | 000,003,021 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Word 2010.lnk [2013.03.29 14:44:53 | 000,003,041 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Publisher 2010.lnk [2013.03.29 14:44:44 | 000,002,937 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft PowerPoint 2010.lnk [2013.03.29 14:44:31 | 000,003,029 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Outlook 2010.lnk [2013.03.29 14:44:20 | 000,002,951 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Excel 2010.lnk [2013.03.29 14:44:14 | 000,002,919 | ---- | M] () -- C:\Users\MP\Desktop\Microsoft Access 2010.lnk [2013.03.27 21:23:27 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.03.27 21:18:28 | 000,002,030 | ---- | M] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk [2013.03.27 21:18:28 | 000,002,020 | ---- | M] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2013.03.21 21:41:06 | 026,271,857 | ---- | M] () -- C:\Users\MP\Desktop\D7100_EU(De)02.pdf [2013.03.21 21:39:12 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator 2008 Mission Editor.lnk [2013.03.21 21:39:12 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\Ship Simulator 2008.lnk [2013.03.18 16:09:56 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.14 14:12:10 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2013.03.11 22:27:16 | 000,001,807 | ---- | M] () -- C:\Users\MP\Desktop\Tunatic.lnk [2013.03.06 22:26:10 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.2 64-Bit.lnk [2013.03.05 22:39:59 | 000,002,845 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee 15.lnk [2013.03.05 20:55:27 | 000,002,869 | ---- | M] () -- C:\Users\MP\Desktop\ACDSee 15.lnk ========== Files Created - No Company Name ========== [2013.04.04 18:50:35 | 000,000,000 | ---- | C] () -- C:\Users\MP\defogger_reenable [2013.04.04 18:50:12 | 000,050,477 | ---- | C] () -- C:\Users\MP\Desktop\Defogger.exe [2013.04.04 17:07:34 | 000,001,059 | ---- | C] () -- C:\Users\MP\Desktop\ExposurePlot.lnk [2013.04.04 17:04:32 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job [2013.04.04 17:03:43 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\ExifViewer Installer.Zip [2013.04.04 17:02:39 | 000,000,000 | ---- | C] () -- C:\Program Files\ExifViewer Installer.Zip [2013.04.04 14:26:27 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.04 14:11:08 | 000,089,088 | ---- | C] () -- C:\Users\MP\mbr.exe [2013.03.31 14:42:36 | 000,000,673 | ---- | C] () -- C:\Users\MP\Desktop\Vehicle Simulator.lnk [2013.03.29 14:45:05 | 000,003,021 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Word 2010.lnk [2013.03.29 14:44:53 | 000,003,041 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Publisher 2010.lnk [2013.03.29 14:44:44 | 000,002,937 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft PowerPoint 2010.lnk [2013.03.29 14:44:31 | 000,003,029 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Outlook 2010.lnk [2013.03.29 14:44:20 | 000,002,951 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Excel 2010.lnk [2013.03.29 14:44:14 | 000,002,919 | ---- | C] () -- C:\Users\MP\Desktop\Microsoft Access 2010.lnk [2013.03.27 21:23:27 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.03.27 21:18:28 | 000,002,030 | ---- | C] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk [2013.03.27 21:18:28 | 000,002,020 | ---- | C] () -- C:\Users\MP\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2013.03.21 21:41:06 | 026,271,857 | ---- | C] () -- C:\Users\MP\Desktop\D7100_EU(De)02.pdf [2013.03.21 21:39:12 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator 2008 Mission Editor.lnk [2013.03.21 18:34:34 | 000,000,767 | ---- | C] () -- C:\Users\Public\Desktop\Ship Simulator 2008.lnk [2013.03.18 16:09:56 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.18 16:08:48 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.18 16:08:47 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.14 14:12:09 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2013.03.14 14:12:09 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2013.03.14 14:12:09 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk [2013.03.14 14:04:36 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.03.11 22:27:16 | 000,001,807 | ---- | C] () -- C:\Users\MP\Desktop\Tunatic.lnk [2013.03.06 22:26:10 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2 64-bit.lnk [2013.03.06 22:26:10 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.2 64-Bit.lnk [2013.03.05 22:39:59 | 000,002,845 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee 15.lnk [2013.03.05 20:55:27 | 000,002,869 | ---- | C] () -- C:\Users\MP\Desktop\ACDSee 15.lnk [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.05 20:55:33 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\ACD Systems [2013.03.21 18:32:46 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Azureus [2013.03.02 23:35:37 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Need for Speed World [2013.04.04 17:02:42 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\OCS [2013.04.04 17:02:48 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Opera [2013.03.29 18:41:40 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Samsung [2013.04.04 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\MP\AppData\Roaming\Simply Super Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:EC2E1DEC @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6DDED7D9 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.04.2013 19:05:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,92% Memory free
8,00 Gb Paging File | 6,15 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 251,37 Gb Total Space | 196,96 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
Drive D: | 97,74 Gb Total Space | 7,78 Gb Free Space | 7,96% Space Free | Partition Type: NTFS
Drive E: | 573,62 Gb Total Space | 228,59 Gb Free Space | 39,85% Space Free | Partition Type: NTFS
Drive G: | 8,79 Gb Total Space | 3,51 Gb Free Space | 39,97% Space Free | Partition Type: NTFS
Computer Name: MP-PC | User Name: MP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 15.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSeeQV15.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 15.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSeeQV15.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{339C0F29-0478-4AD3-BB51-970BA8AEB801}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AE8230A-5CF8-4A84-86EE-A508DAB25EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{62B8BCC2-46D5-455C-AB41-31FDFA258E99}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75186CD0-928E-43C1-88F4-8BF10714EE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{87138C43-3819-4292-9119-E42FEFA2A8E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9F1B8AB0-3873-454B-ABCA-CFADD3993E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C040AAA4-1C6E-4892-96DC-B7FF8420F0D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DE7E3C27-1D39-4ACB-BD1B-CD869C6D9DC0}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{42301EEA-A578-47A9-A20C-848CAE461C40}E:\spiele\vehicle simulator\vsf.exe" = protocol=6 | dir=in | app=e:\spiele\vehicle simulator\vsf.exe |
"TCP Query User{455F1876-3FC1-4359-B1C3-8451167A38DC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{DE5A2E9D-AE41-4BF5-9C12-205564A898AB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{E3FB708B-FD2E-4316-ADEA-67AB892A2377}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{907AD147-C0E3-4BE5-9950-FD42EB721063}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{D5892120-BDB0-4D46-B7E1-49E77B030225}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{DB19BBEE-9967-4EEA-994F-5C13DC2C35F7}E:\spiele\vehicle simulator\vsf.exe" = protocol=17 | dir=in | app=e:\spiele\vehicle simulator\vsf.exe |
"UDP Query User{E5162EB7-0924-4DD8-B6B3-51B4270F9CC5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{993DAF7C-A5F8-42EA-81D4-DAE3C9D2D1F7}_is1" = Remo Recover
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A573D759-F894-448D-A420-3A9C31879F88}_is1" = Remo Recover 4.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}" = Adobe Photoshop Lightroom 4.2 64-bit
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PCSU-SL_is1" = PC Speed Up - Vollständige Deinstallation
"Recuva" = Recuva
"SearchAnonymizer" = SearchAnonymizer
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2010
"{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0F513B77-0D84-4615-87F7-B814D1FC64F5}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.de-de_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.OMUI.de-de_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2010
"{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2010
"{90140000-0101-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{4733E76A-5F12-4513-9CA8-DB2540A74EDA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B580C89C-F7F8-4A78-BAF0-5560C6E9E76D}" = ACDSee 15
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ExposurePlot_is1" = ExposurePlot 1.1.5a
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.de-de" = Microsoft Office Language Pack 2010 - German/Deutsch
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Ship Simulator 2008 Horns and Whistles Add-on V1.3_is1" = Ship Simulator 2008 Horns and Whistles Add-on V1.3
"Ship Simulator 2008 Solent Radio Sounds_is1" = Ship Simulator 2008 Solent Radio Sounds
"Shipsim2008" = Ship Simulator 2008
"Trojan Remover_is1" = Trojan Remover 6.8.5
"Tunatic" = Tunatic
"Vehicle Simulator_is1" = Vehicle Simulator
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.03.2013 14:59:04 | Computer Name = MP-PC | Source = Windows Backup | ID = 4103
Description = Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort
"L:\" nicht abgeschlossen. Fehler: "The backup location cannot be found or is not
valid. Review your backup settings and check the backup location. (0x81000006)"
Error - 27.03.2013 15:23:06 | Computer Name = MP-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code
= 0x800700d8
Error - 27.03.2013 15:23:07 | Computer Name = MP-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64)
- 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code
= 0x800700d8
Error - 31.03.2013 06:06:03 | Computer Name = MP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Vs.exe, Version: 7.0.0.1, Zeitstempel:
0x45f41410 Name des fehlerhaften Moduls: sapi.dll, Version: 5.3.13120.0, Zeitstempel:
0x4ce7b9a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003a460 ID des fehlerhaften Prozesses:
0xd70 Startzeit der fehlerhaften Anwendung: 0x01ce2df699156520 Pfad der fehlerhaften
Anwendung: E:\Spiele\Virtual Sailor\Vs.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\Speech\Common\sapi.dll
Berichtskennung:
981df000-99ea-11e2-9554-002185f92100
Error - 31.03.2013 06:06:34 | Computer Name = MP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Vs.exe, Version: 7.0.0.1, Zeitstempel:
0x45f41410 Name des fehlerhaften Moduls: sapi.dll, Version: 5.3.13120.0, Zeitstempel:
0x4ce7b9a3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003a460 ID des fehlerhaften Prozesses:
0xae0 Startzeit der fehlerhaften Anwendung: 0x01ce2df75da595e0 Pfad der fehlerhaften
Anwendung: E:\Spiele\Virtual Sailor\Vs.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\Speech\Common\sapi.dll
Berichtskennung:
aa540c00-99ea-11e2-9554-002185f92100
Error - 31.03.2013 10:33:03 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 664 Startzeit: 01ce2e0b2928e920 Endzeit: 40 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: e24780e1-9a0f-11e2-89d7-002185f92100
Error - 31.03.2013 13:00:02 | Computer Name = MP-PC | Source = Windows Backup | ID = 4103
Description = Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort
"L:\" nicht abgeschlossen. Fehler: "The backup location cannot be found or is not
valid. Review your backup settings and check the backup location. (0x81000006)"
Error - 31.03.2013 16:45:50 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm vsf.exe, Version 2.4.2.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b1c Startzeit:
01ce2e50ae864eb0 Endzeit: 60 Anwendungspfad: E:\Spiele\Vehicle Simulator\vsf.exe Berichts-ID:
f6efa111-9a43-11e2-8cc1-002185f92100
Error - 04.04.2013 11:10:22 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm ExposurePlot.exe, Version 1.1.5.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1088 Startzeit:
01ce314629687b60 Endzeit: 21 Anwendungspfad: C:\Program Files (x86)\ExposurePlot\ExposurePlot.exe
Berichts-ID:
c3b390b1-9d39-11e2-970a-002185f92100
Error - 04.04.2013 11:11:21 | Computer Name = MP-PC | Source = Application Hang | ID = 1002
Description = Programm ExposurePlot.exe, Version 1.1.5.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1068 Startzeit:
01ce314688982860 Endzeit: 8 Anwendungspfad: C:\Program Files (x86)\ExposurePlot\ExposurePlot.exe
Berichts-ID:
e73bf091-9d39-11e2-970a-002185f92100
[ System Events ]
Error - 31.03.2013 10:33:09 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 31.03.2013 10:33:11 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 31.03.2013 10:33:13 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 31.03.2013 10:33:15 | Computer Name = MP-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 31.03.2013 10:41:20 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 16:39:40 unerwartet heruntergefahren.
Error - 31.03.2013 16:17:25 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 22:16:06 unerwartet heruntergefahren.
Error - 31.03.2013 16:19:57 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 22:18:14 unerwartet heruntergefahren.
Error - 31.03.2013 17:06:16 | Computer Name = MP-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?03.?2013 um 22:52:47 unerwartet heruntergefahren.
Error - 31.03.2013 17:12:10 | Computer Name = MP-PC | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit
dem Computer mit der Netzwerkhardwareadresse 00-1F-3C-4B-9E-54 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 04.04.2013 08:12:11 | Computer Name = MP-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\MP\AppData\Local\Temp\mbr.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
< End of report >
und noch die Gmer.txt Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-04 19:55:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000333AS rev.SD25 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MP\AppData\Local\Temp\pxldypoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ce1465 2 bytes [CE, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ce14bb 2 bytes [CE, 76]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077baf991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077baf99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077bafa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077bafa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077bafb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077bafb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bafbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077bafbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bafc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077bafc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bafc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077bafc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bafc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077bafc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bafc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077bafc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bafce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077bafcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bafcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077bafd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bafd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077bafd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077bafdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077bafdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bafe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077bafe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077baff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077baff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077bb0099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077bb00a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077bb0781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077bb078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077bb0ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077bb1007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077bb105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077bb1067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077bb10a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077bb10af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077bb111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077bb1127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077bb1321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077bb132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075fe103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075fe1072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 00000000770e119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000770e11cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076794de0 5 bytes JMP 00000001001203b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076794f70 5 bytes JMP 00000001001205f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000767951a2 5 bytes JMP 00000001001208f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetTextColor 000000007679522d 5 bytes JMP 0000000100120a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076795689 5 bytes JMP 00000001001201b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000767958b3 5 bytes JMP 0000000100120170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076796bad 5 bytes JMP 0000000100120370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076796e05 5 bytes JMP 0000000100120570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076796ead 5 bytes JMP 0000000100120530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076797180 5 bytes JMP 00000001001206b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076797435 5 bytes JMP 0000000100120770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076797bcc 5 bytes JMP 00000001001200b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076797dc4 5 bytes JMP 00000001001203f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076797fd5 5 bytes JMP 0000000100120d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000767982b2 5 bytes JMP 0000000100120e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076798401 5 bytes JMP 00000001001209f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 000000007679879f 5 bytes JMP 00000001001202f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076798916 5 bytes JMP 00000001001205b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076798b7a 5 bytes JMP 0000000100120970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076798ee6 5 bytes JMP 0000000100120470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076799875 5 bytes JMP 0000000100120c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076799936 5 bytes JMP 0000000100120d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!Rectangle 000000007679a53a 5 bytes JMP 00000001001209b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetClipBox 000000007679af9f 5 bytes JMP 0000000100120330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!LineTo 000000007679b9e5 5 bytes JMP 0000000100120430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetICMMode 000000007679bd55 5 bytes JMP 0000000100120db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateICW 000000007679c040 5 bytes JMP 0000000100120130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 000000007679c107 5 bytes JMP 0000000100120670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 000000007679c269 5 bytes JMP 00000001001206f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 000000007679d1f1 5 bytes JMP 0000000100120df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 000000007679d349 5 bytes JMP 0000000100120630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 000000007679dce4 5 bytes JMP 0000000100120930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007679e743 5 bytes JMP 00000001001200f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000767a03b7 5 bytes JMP 00000001001202b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!Escape 00000000767a1bda 5 bytes JMP 0000000100120270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000767a1e89 5 bytes JMP 0000000100120cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000767a4843 5 bytes JMP 0000000100120b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000767a5690 5 bytes JMP 0000000100120b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!EndPage 00000000767a6bde 5 bytes JMP 0000000100120230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000767ae2db 5 bytes JMP 0000000100120ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000767b940d 5 bytes JMP 0000000100120cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000767bc621 5 bytes JMP 0000000100120bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000767bd2b2 5 bytes JMP 0000000100120bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000767bd919 5 bytes JMP 0000000100120c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000767c3adc 5 bytes JMP 0000000100120030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000767c3f29 5 bytes JMP 00000001001201f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StartPage 00000000767c401a 5 bytes JMP 0000000100120730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000767c4c51 5 bytes JMP 00000001001207f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000767c53fd 5 bytes JMP 0000000100120830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000767c5454 5 bytes JMP 0000000100120af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000767c54af 5 bytes JMP 0000000100120070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!EndPath 00000000767c5506 5 bytes JMP 0000000100120a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000767c573f 5 bytes JMP 00000001001207b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!FillPath 00000000767c57d2 5 bytes JMP 0000000100120870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000767c5c44 5 bytes JMP 00000001001204f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000767c5cd5 5 bytes JMP 00000001001204b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000767c5d87 5 bytes JMP 00000001001208b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076998c40 5 bytes JMP 0000000100130570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076999ebd 5 bytes JMP 00000001001302b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000769a0afa 5 bytes JMP 00000001001302f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000769a0c62 7 bytes JMP 00000001001305b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetParent 00000000769a0f68 7 bytes JMP 00000001001306f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000769a112d 7 bytes JMP 00000001001306b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000769a12a5 5 bytes JMP 00000001001305f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000769a227d 7 bytes JMP 0000000100130670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000769a3150 7 bytes JMP 0000000100130630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetCursor 00000000769a41f6 5 bytes JMP 0000000100130530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000769a68ef 5 bytes JMP 0000000100130270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000769a77fa 5 bytes JMP 0000000100130230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000769a7887 7 bytes JMP 0000000100130730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000769a8676 5 bytes JMP 00000001001300f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000769a8696 5 bytes JMP 0000000100130330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000769a8e8d 5 bytes JMP 00000001001300b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000769a8ecb 5 bytes JMP 0000000100130070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000769ac17b 5 bytes JMP 0000000100130430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000769ac449 5 bytes JMP 00000001001301b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000769ac468 5 bytes JMP 00000001001303f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000769ac486 5 bytes JMP 00000001001301f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000769ac4b6 5 bytes JMP 00000001001304b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000769ad6c0 5 bytes JMP 00000001001304f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000769ae360 5 bytes JMP 0000000100130370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000769d8e57 5 bytes JMP 0000000100130170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000769d9cfd 5 bytes JMP 0000000100130770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000769d9f1d 5 bytes JMP 0000000100130030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000769f7cb9 5 bytes JMP 0000000100130130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000769f8111 5 bytes JMP 0000000100130470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000769f832f 5 bytes JMP 00000001001303b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000075289606 5 bytes JMP 00000001001400f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000075290581 5 bytes JMP 0000000100140130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000075290bb9 5 bytes JMP 0000000100140270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000075290c2e 5 bytes JMP 00000001001401b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000075290f2e 5 bytes JMP 0000000100140070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000075291096 5 bytes JMP 00000001001400b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007529124e 5 bytes JMP 00000001001401f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007529129d 5 bytes JMP 0000000100140230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000075291527 5 bytes JMP 0000000100140030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000075291590 5 bytes JMP 0000000100140170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000076260045 5 bytes JMP 0000000100150030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000762636b2 5 bytes JMP 0000000100150070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\ole32.dll!OleGetClipboard 000000007628fdcd 5 bytes JMP 00000001001500b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076ce1465 2 bytes [CE, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076ce14bb 2 bytes [CE, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1184:1224] 000007fefb5d341c
Thread C:\Windows\system32\svchost.exe [1184:1232] 000007fefb5d3a2c
Thread C:\Windows\system32\svchost.exe [1184:1236] 000007fefb5d3768
Thread C:\Windows\system32\svchost.exe [1184:1240] 000007fefb5d5c20
Thread C:\Windows\system32\svchost.exe [1184:2052] 000007fef62fbd88
Thread C:\Windows\system32\svchost.exe [1184:1956] 000007fefb5d3900
Thread C:\Windows\system32\svchost.exe [1184:2784] 000007fef6225124
Thread C:\Windows\system32\svchost.exe [1184:3996] 000007fef26b5170
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1056:3732] 000007fefc3a2a7c
Thread C:\Windows\System32\svchost.exe [1820:2952] 000007fef5949688
Thread C:\Windows\system32\svchost.exe [1604:3040] 000007fefe42a808
---- EOF - GMER 2.1 ----
|
|
05.04.2013, 11:36
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden Hallo und
__________________ Zitat:
Warum bitte eine Ultimate Edition von Windows, brauchst du das als Heimanwender? Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Code:
ATTFilter Return-Path: <meinemail@domain.at>
Received: (qmail 11952 invoked from network); 4 Apr 2013 19:00:09 +0200
Received: from xdslfs230.osnanet.de (HELO sven) (89.166.204.230)
(smtp-auth username meinemail@domain.at, mechanism login)
by server153-han.de-nserver.de (qpsmtpd/0.82) with (DES-CBC3-SHA encrypted) ESMTPSA; Thu, 04 Apr 2013 19:00:09 +0200
From: "Rechnungsstelle Naschplatz.de" <meinemail@domain.at>
To: "=?utf-8?q?R=C3=BCdiger Kern?=" <empfänger@gmail.com>
Ich bin mir nicht ganz sicher, ob einfach nur deine Adresse als Absender missbraucht wurde (das nennt man Adressfälschung) oder ob jmd sich Zugang zu deinem Postfach verschafft hat. Wie auch immer, sicherheitshalber ist das Passwort deines Postfaches zu ändern oder hast du das schon gemacht? Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
| Themen zu Eigene Mailadresse wird missbraucht um Spam-Mails zu versenden |
| adobe reader xi, antivir, avira, bho, browser, cursor, email, error, euro, excel, failed, firefox, flash player, hängen, install.exe, kunde, logfile, ntdll.dll, ntopenkeyex, object, plug-in, popup, problem, programm, recuva, scan, security, server, software, strong, super, svchost.exe, system, windows, zahlung |
Linear-Darstellung
