| |
| |||||||
Log-Analyse und Auswertung: Yahoo Account macht sich selbstständig - Virensuche erfolglosWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.04.2013, 16:52
| #1 |
| |  Yahoo Account macht sich selbstständig - Virensuche erfolglos Hallo, heute morgen hat sich mein Yahoo-Account verselbstständigt und E-Mails mit einem Link an mein komplettes Adressbuch verschickt. Die Mails sind auf meinem PC im gesendet-Ordner, ich hab mein PW geändert und vorsichtshalber das Adressbuch gelöscht, auch wenn das wohl jetzt nicht mehr viel bringt. Ich greife auf meinen Account mit dem Firefoxbrowser zu, außerdem von verschiedenen Computern und übers Handy. (Da die Mails aber auf meinem Heim-PC im Gesendet-Ordner sind, verdächtige ich diesen als Übeltäter) Ich habe mein Norton-Anti-Virus und Malwarebytes Anti-Malware drüber laufen lassen. Beide haben nichts Verdächtiges finden können. Ich sichere gerade meine Daten auf eine externe Festplatte, da die aber auch jetzt an meinem Heim-PC hängt, bringt das auch net viel wenn ich den PC neu aufsetze... Deswegen würde ich gerne versuchen den Übeltäter auf andere Weise zu finden. Bei meiner Internetsuche bin ich dann auf dieses Forum gestoßen. (Quelle: Google  )Andere verdächtige Aktivitäten sind mir keine aufgefallen. System läuft normal. Ich bin eigentlich auch immer sehr vorsichtig aber irgendetwas muss die Mails ja verschickt haben. Ich bitte um Hilfe!  Vielen Dank im Voraus! lg Myriam PS: Ich war zwar fest der Meinung im Forum "Plagegeister ..." meinen Thread zu eröffnen... aber anscheinend bin ich da verrutscht. Kann den Beitrag aber auch net löschen oder verschieben? Ich hab inzwischen auch die OTL & GMER Anweisungen gesehen und durchgeführt. Sorry aber ich habe vor meinem ersten Post auf der Hinweisseite nicht weit genug runtergescrollt ^^ Also nachfolgend die drei Log-Dateien: OTL Code:
ATTFilter OTL logfile created on: 12.04.2013 18:09:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myriam\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19412) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,24% Memory free 6,20 Gb Paging File | 3,76 Gb Available in Paging File | 60,65% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 450,69 Gb Total Space | 198,03 Gb Free Space | 43,94% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS Drive F: | 596,02 Gb Total Space | 542,09 Gb Free Space | 90,95% Space Free | Partition Type: FAT32 Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 18:06:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Myriam\Downloads\OTL.exe PRC - [2013.04.12 12:34:03 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.04.12 12:06:41 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.29 10:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.12.29 10:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.11.01 21:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2010.08.03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010.08.03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010.08.03 09:44:06 | 000,498,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDRSS.exe PRC - [2010.08.03 09:43:56 | 000,477,768 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe PRC - [2010.08.03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.08.03 09:42:52 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe PRC - [2010.08.03 09:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe PRC - [2009.05.04 13:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe PRC - [2009.04.17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.04.07 18:27:30 | 001,511,424 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe PRC - [2008.08.23 09:54:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2008.05.02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.05.02 03:42:18 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\LBTWiz.exe PRC - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe PRC - [2008.05.02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:25:18 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\WMPSideShowGadget.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.12 10:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007.09.12 10:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.08.23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe PRC - [2007.03.29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe PRC - [2005.06.23 20:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 12:34:00 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.04.12 12:06:41 | 016,032,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll MOD - [2011.04.28 19:39:18 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2008.08.23 09:54:17 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2007.08.23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Programme\XPSMiniViewGadget\XPSMiniViewGadget.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher) SRV - [2013.04.12 12:34:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.13 15:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV) SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2009.05.04 13:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service) SRV - [2009.04.17 13:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Programme\Kodak\AiO\Center\KodakSvc.exe -- (KodakSvc) SRV - [2008.05.14 11:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2008.05.14 11:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2008.05.14 11:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.05.02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.12 10:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Myriam\AppData\Local\Temp\jnv4_mib.sys -- (jnv4_mib) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.03.22 03:52:23 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20130322.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.01.18 16:39:36 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130411.032\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.18 16:39:36 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20130411.032\NAVENG.SYS -- (NAVENG) DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.12.24 00:28:44 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.12.24 00:28:44 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.12.21 19:04:02 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20130411.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.12.13 15:28:42 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012.12.13 15:26:36 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux) DRV - [2012.12.13 15:26:36 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint) DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtsp.sys -- (SRTSP) DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ccsetx86.sys -- (ccSet_NAV) DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symefa.sys -- (SymEFA) DRV - [2012.04.18 04:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symtdiv.sys -- (SYMTDIv) DRV - [2012.04.18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\ironx86.sys -- (SymIRON) DRV - [2012.03.26 23:10:50 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1309010.00E\symds.sys -- (SymDS) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.04.04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp) DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2011.02.07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2010.04.01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.01.29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009.01.29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2008.04.01 16:48:14 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.02.29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2007.11.02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007.09.12 10:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.09.12 10:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.03.01 10:25:12 | 000,008,704 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0080815 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sacajewia.yfw24.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{D348BADA-AED4-422D-84DE-B8C9BDA6386C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.sacajewia.yfw24.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012.02.01 10:59:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 13:15:04 | 000,000,000 | ---D | M] [2010.04.15 14:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions [2008.10.06 22:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Extensions\info@zla.bs [2013.01.03 11:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions [2011.04.07 19:15:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Myriam\AppData\Roaming\mozilla\Firefox\Profiles\8ktg4j01.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.08 12:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 12:34:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.01 14:06:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.01 14:06:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.01 14:06:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.01 14:06:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.01 14:06:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.01 14:06:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.11 18:01:33 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 129.187.254.28 asa-cluster.lrz.de O1 - Hosts: 129.187.254.28 asa-cluster.lrz.de O1 - Hosts: 129.187.254.28 asa-cluster.lrz.de O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD226102-D412-4584-BE6A-F573DAD411F6}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{03beb4c8-9fb9-11df-aff4-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\installer.exe O33 - MountPoints2\{35e3ee55-70e3-11dd-8fb6-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{35e3ee55-70e3-11dd-8fb6-001e4ccc83fe}\Shell\AutoRun\command - "" = J:\StartVMCLite.exe O33 - MountPoints2\{35e3ee5d-70e3-11dd-8fb6-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{35e3ee5d-70e3-11dd-8fb6-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{5c8f1820-76ea-11de-be8c-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{5c8f1820-76ea-11de-be8c-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5c8f1828-76ea-11de-be8c-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{5c8f1828-76ea-11de-be8c-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{61f3db21-2b89-11e0-a7ff-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{61f3db21-2b89-11e0-a7ff-001e4ccc83fe}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta O33 - MountPoints2\{ee718ece-4d09-11e2-952a-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{ee718ece-4d09-11e2-952a-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f656c8c2-f58a-11e1-8088-001e4ccc83fe}\Shell - "" = AutoRun O33 - MountPoints2\{f656c8c2-f58a-11e1-8088-001e4ccc83fe}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Toshiba\more4you.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 12:25:29 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\SUPERAntiSpyware.com [2013.04.12 12:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013.04.12 12:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013.04.12 12:22:46 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Malwarebytes [2013.04.12 12:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.12 12:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.12 12:22:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.12 12:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.05 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2013.03.20 13:21:30 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Local\Macromedia [2013.03.20 13:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.20 13:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.03.20 13:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.03.20 13:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013.03.20 12:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity [2013.03.20 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Myriam\AppData\Roaming\Audacity [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 18:08:16 | 000,000,000 | ---- | M] () -- C:\Users\Myriam\defogger_reenable [2013.04.12 17:36:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.12 17:25:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 17:25:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 17:25:27 | 000,002,016 | ---- | M] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37} [2013.04.12 14:37:49 | 000,102,912 | ---- | M] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.12 13:54:18 | 000,691,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.12 13:54:18 | 000,649,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.12 13:54:18 | 000,154,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.12 13:54:18 | 000,126,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.12 12:30:05 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job [2013.04.12 12:25:36 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job [2013.04.12 12:25:14 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.12 12:22:34 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.12 07:21:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.12 03:23:01 | 000,358,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.12 03:22:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 03:20:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.11 18:01:33 | 000,000,878 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.05 15:57:38 | 000,000,965 | ---- | M] () -- C:\Users\Myriam\Desktop\Dropbox.lnk [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.20 13:14:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.03.20 11:18:31 | 000,000,806 | ---- | M] () -- C:\Users\Myriam\Desktop\Audacity.lnk [2013.03.20 10:18:30 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000015B3.LCS [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.12 18:08:16 | 000,000,000 | ---- | C] () -- C:\Users\Myriam\defogger_reenable [2013.04.12 17:25:25 | 000,002,016 | ---- | C] () -- C:\{6D7FDC3E-7712-4BEA-8257-8FD13B82DF37} [2013.04.12 12:25:37 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e29e66a-de73-4156-a7ef-5d7b19725d06.job [2013.04.12 12:25:36 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 518cc619-09f5-4146-8dcc-bd1e06200697.job [2013.04.12 12:25:14 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013.04.12 12:22:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.20 13:14:53 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.03.20 11:18:31 | 000,000,806 | ---- | C] () -- C:\Users\Myriam\Desktop\Audacity.lnk [2013.03.19 17:10:02 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000015B3.LCS [2013.01.18 16:57:47 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2012.10.04 20:07:25 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.09.26 21:36:19 | 000,001,574 | ---- | C] () -- C:\Users\Myriam\.recently-used.xbel [2011.01.27 15:46:48 | 000,000,680 | ---- | C] () -- C:\Users\Myriam\AppData\Local\d3d9caps.dat [2010.10.27 11:15:55 | 000,001,940 | ---- | C] () -- C:\Users\Myriam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.03.12 14:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Myriam\AppData\Local\fusioncache.dat [2010.03.10 23:29:52 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.03.10 23:28:30 | 000,034,990 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.07 20:10:05 | 039,048,624 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_image32.Cache [2008.10.07 20:10:04 | 002,375,716 | ---- | C] () -- C:\Users\Myriam\AppData\Local\rx_audio.Cache [2008.08.28 17:35:31 | 000,000,270 | ---- | C] () -- C:\Users\Myriam\AppData\Roaming\wklnhst.dat [2008.08.23 15:19:35 | 000,102,912 | ---- | C] () -- C:\Users\Myriam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.10.13 16:52:51 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ankh [2009.04.11 15:01:49 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ankh - Heart of Osiris [2013.03.30 19:49:45 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Audacity [2011.08.28 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Awem [2012.02.21 12:50:32 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\com.llingo.tha-l00-trl [2013.04.11 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Dropbox [2012.07.11 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\DVDFab [2009.11.20 01:03:31 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\everlight [2013.03.01 19:11:19 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\F4 [2011.09.26 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\gtk-2.0 [2010.08.02 01:13:00 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Imperium Romanum [2013.02.28 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\mp3DirectCut [2011.03.02 20:40:36 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\MysteryStudio [2008.12.17 16:37:56 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\NAVIGON [2011.04.28 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\OpenOffice.org [2011.08.29 12:11:51 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Peace Craft [2011.08.28 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\PoBros [2013.03.19 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\ProtectDisc [2010.01.15 19:09:32 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\SecondLife [2008.08.31 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Serif [2013.04.05 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Temp [2010.02.24 23:29:53 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Template [2009.08.16 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\The Longest Journey [2011.09.14 18:37:03 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Tropico 3 [2011.03.02 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Ubisoft [2010.03.11 00:34:26 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\VistaCodecs [2009.07.22 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Vodafone [2012.04.07 16:23:06 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\wargaming.net [2009.09.20 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\Wildlife Park 2 [2008.10.06 22:34:22 | 000,000,000 | ---D | M] -- C:\Users\Myriam\AppData\Roaming\ZLabs ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 18:09:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Myriam\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19412)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,24% Memory free
6,20 Gb Paging File | 3,76 Gb Available in Paging File | 60,65% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,69 Gb Total Space | 198,03 Gb Free Space | 43,94% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,63 Gb Free Space | 64,22% Space Free | Partition Type: NTFS
Drive F: | 596,02 Gb Total Space | 542,09 Gb Free Space | 90,95% Space Free | Partition Type: FAT32
Computer Name: MYRIAM-PC | User Name: Myriam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8F8E2D-677E-4047-AA24-CA20D9DE3D74}" = rport=137 | protocol=17 | dir=out | app=system |
"{0CC2F914-B5BC-4F42-AB32-A4D3311CEDCD}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D39A2B5-68C0-47B7-B6FC-BFCFC468A03A}" = lport=445 | protocol=6 | dir=in | app=system |
"{1246FBDC-1E0B-47FB-BEFA-27750678113B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{46ED7DAB-D7FC-48A2-BACD-DD6E7089D769}" = rport=10243 | protocol=6 | dir=out | app=system |
"{507D743D-BD98-4431-9746-96229266CF0D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51E40662-C5FB-42D1-991A-4DFD7AAA4816}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{61003B25-8C50-428D-AB20-34758EBAF052}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6278AC08-C05C-4659-B674-60A5EABC3B7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6960348A-6A51-44E1-9781-79893ABADB2A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B44C1BE-7358-41C9-B4EE-599EBA4A07C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{76B0B33F-F528-4E84-8EDC-B94982E1F27F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7AAB8082-F175-487B-BFEB-60F3065E0F1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{816D2907-EA11-4362-8471-69B8B93AFAA1}" = rport=139 | protocol=6 | dir=out | app=system |
"{92FFA179-BEF6-42AC-A845-54753E9A1A9E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{A9A941B6-80A4-463C-B872-8441D12A7B82}" = rport=138 | protocol=17 | dir=out | app=system |
"{D28D7570-029C-49F9-923F-C0E7B7F77882}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D51247CA-AD98-4616-B05E-4E2A46ED25F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9C9BB91-D863-4E02-9610-E8187FC54B64}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{E225B8D8-121C-4EFF-95FC-232056FCB729}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEB79099-BAC0-41F9-A269-16FD6DA148F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F00DC730-88B6-467A-BAFB-DB64E231F7E1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F019CF87-942B-42C1-AD85-336605D53FC9}" = lport=139 | protocol=6 | dir=in | app=system |
"{F820B161-F58B-4943-A256-13CC521465A3}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015EAFED-D196-40D7-9BB7-05F7DB0954E8}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{07DC966F-AF57-42F2-93EC-598474FC7D26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13C46594-FA44-47C4-9EAA-F7F7E282F81A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{17D20452-9800-4DD9-84D3-B2F4EC34184A}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{18AACA02-7B95-4E5A-80ED-85FC8BCA1B7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E9400D8-BAE5-4B54-819F-E755ADD212C4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{2176A2EE-E56A-48F5-8B5A-59346CE609F4}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{26F75F16-F043-45EA-8308-3A4C8C8C4FA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{30B0C95A-A486-4899-BE43-619A3B15DC7A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3188185F-2D62-4205-A8C8-B71D734E40DC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe |
"{367650DE-B9EE-44D7-BBC7-87DADEE68E30}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{385A4E4F-3B79-4504-B684-115EC5281BBF}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{437CAFD3-5780-456C-B9EE-089A8F708549}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{45F7D31F-9318-4B15-9657-734AC3FB5E67}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4751E395-79B0-4330-96CE-39BD2880BEB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4ACEE7D6-8C43-4D7A-859E-86FED02005EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{55173B6F-586B-424A-A2EB-51D1C1BA4908}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5674A47E-0EC6-40A5-8688-EF39B3143892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61F4A8BD-E03A-4D43-8937-5C76ADC4B7AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A2521AF-3FF6-4195-AB63-42F7B507F4C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71256B30-870D-481F-AD31-4F33B5D1FF78}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7FD5E20B-37B7-4795-A441-3A5003FA32AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FD873D7-B15B-415E-8444-7305B024B4CE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{81B0BCCD-3476-4AAC-907A-A993CDD5E84E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{8A0B390D-E738-4EAA-8D70-9812AE4FFA18}" = protocol=6 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe |
"{8D70644F-DDE7-4571-AA65-D5BA9F0E096B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{8E25BCB3-455B-4ED3-B085-6C1C177B5792}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{91B76FAB-B8DA-4F8A-A98B-4D1E3EAA1ADF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{995F8E31-62AE-4A86-B286-E4E9FDB41878}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{996C5683-5301-4016-B7BC-3FD8098E0344}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{99A4B8A9-D14E-4038-8E83-1FB7F800C6A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9C28CE91-5AE9-43C9-A9BC-9AE708FF6A22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9F2CEAA9-FD44-4559-9F9D-EFF151050EC3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A0CD47D7-5B95-43D1-B046-53063E706EDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A2993279-8E58-4804-BEB1-6ABC83E03BD9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{A3D04630-24B7-4C10-B62F-2DD661C2C750}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{A55E4E44-6B42-49A4-9457-CA1A361821D9}" = protocol=17 | dir=in | app=c:\users\myriam\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3521D14-5E51-405D-A4A6-A2ACEAB1E914}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9F44E35-E34D-4384-94FE-35A1D8912FA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\risen 2\system\risen2.exe |
"{D26900B8-638F-4C78-92E4-17B718901F31}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DBE48E50-7845-4C36-BB3B-ABD5A6B87FC8}" = protocol=6 | dir=out | app=system |
"{E0DAF8DE-1037-4C58-A7F7-F418738E24A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4154EED-EF2C-47BE-AC8C-754B8E2A1306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9A00FF0-995F-4993-886B-80513749D2AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA4FCE7C-A19A-48DB-A45C-2EF63793E92D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC80D682-CADE-4486-A4A9-610BA5704BE6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEE4C139-2C19-4C13-9A9D-0A6496DEC567}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F0F471BE-9405-42C3-8C2C-05FFB83D6083}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{F13DA791-72CC-493E-A137-EA6C9DDAD72A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F41EE4B1-AE3B-4144-B6F6-84C838A8D0F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4EE3612-6280-4596-998B-8317E2022087}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{FA50FB17-2975-4BB8-8D49-7E05D16073FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF171E50-BC2F-4CDC-944A-5AD6981DE397}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{15EA6954-DC5F-4FFE-9F99-4723A59A7489}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{225AE057-4BFF-4FA9-9C29-7ED5621E80A5}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{3ECFD284-C5C5-4701-B75A-8EF249D05C05}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{43B63FAB-7A1A-4950-ACF7-6E113D7F83D4}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"TCP Query User{4920D7BB-0C6C-431E-9029-79044BD61ED6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5CB060C1-4B2D-4243-8E58-9E2ABF2B3D43}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{5FCCF948-FB48-4861-9384-51C777EAED63}C:\users\myriam\downloads\f4\f4.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe |
"TCP Query User{74C8D1F1-4980-4FCC-AF88-532944F43415}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{AB399E19-7F47-4CA3-AD21-6C237236F08A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{C82C56EA-6252-4FB1-9741-F3E9DAC58065}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{CE606602-90A2-4F64-BBBB-6528E452D021}C:\program files\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"TCP Query User{D92F0F33-47D8-4046-807E-DF026547032A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{EC4CA91E-1EFD-4171-8730-4E4719D83094}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{00D8DCE6-ABC6-4D4F-B259-123EE5B9B1AE}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{3B2DB38F-F922-44F9-9D86-9B763454FEDB}C:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\appdata\local\temp\temp1_diablo-iii-8370-dede-installer-downloader.zip\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{3B3A35D8-42E0-4E73-9280-13D50C5F90D0}C:\users\myriam\downloads\f4\f4.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\f4\f4.exe |
"UDP Query User{3C83304D-6010-4FD6-A2FC-F4B1FBABB74C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{3D4E8D28-6583-4F3F-ABB6-61F7D0BB8D33}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{50AA09BD-BFA4-431F-816C-98CE0E2F3BDC}C:\program files\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"UDP Query User{646E7007-8F04-4A61-8FDC-183EAABC9BAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{65AC74DF-E366-4912-BAF3-5BF615C5F6D5}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{6D0E4FAD-8789-4B9C-9BE4-8297132442D7}C:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\myriam\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{A6A49604-E714-4DDE-BF26-AC964A7569B6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{B8AE7ACA-D04F-476E-8479-26BA1A0A5F67}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"UDP Query User{D8E4F352-81EC-4EDD-8008-23D8FEA2607D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{FF3DD940-C197-4E0A-885B-83B62874F008}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{07222CAA-F008-48D1-B09F-3F23FCCD610C}" = IBM SPSS Statistics 19 Help Packs
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBB0F0D8-D1A1-4F15-A031-C2B7BCCF63D0}" = GoGear Spark Device Manager
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = Kodak All-in-One-Druckersoftware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Bink and Smacker" = Bink and Smacker
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CEP - Colour Enable Packages_is1" = CEP - Color Enable Package
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_Phileasson_is1" = Drakensang - Phileassons Geheimnis
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVDFab 8 Qt_is1" = DVDFab 8.1.9.0 (06/07/2012) Qt
"f42012" = f4 2012
"Google Desktop" = Google Desktop
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAV" = Norton AntiVirus
"NAVIGON Fresh" = NAVIGON Fresh 1.6.2
"NAVIGON Sync" = NAVIGON Sync 1.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.07.2010 06:08:21 | Computer Name = Myriam-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EKDiscovery.exe, Version 4.0.0.1, Zeitstempel
0x499f1d83, fehlerhaftes Modul EKDiscovery.exe, Version 4.0.0.1, Zeitstempel 0x499f1d83,
Ausnahmecode 0xc0000005, Fehleroffset 0x00008e30, Prozess-ID 0x”±Ú ”±Ú $, Anwendungsstartzeit
”±Ú ”±Ú $.
Error - 14.07.2010 06:42:46 | Computer Name = Myriam-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.07.2010 06:43:59 | Computer Name = Myriam-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.07.2010 06:46:59 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:05 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:12 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:32 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:47:35 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:48:41 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:50:30 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 06:57:33 | Computer Name = Myriam-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 14.07.2010 09:55:40 | Computer Name = Myriam-PC | Source = Application Error | ID = 1000
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 21:32:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AA0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Myriam\AppData\Local\Temp\ugdiypod.sys
---- System - GMER 2.1 ----
SSDT 885AAF10 ZwAlertResumeThread
SSDT 885AAFD0 ZwAlertThread
SSDT 84B5D050 ZwAllocateVirtualMemory
SSDT 884AB740 ZwAlpcConnectPort
SSDT 885AA528 ZwAssignProcessToJobObject
SSDT 885A5C70 ZwCreateMutant
SSDT 885AA248 ZwCreateSymbolicLinkObject
SSDT 87C195A0 ZwCreateThread
SSDT 889DA400 ZwDebugActiveProcess
SSDT 884A7290 ZwDuplicateObject
SSDT 885A8E48 ZwFreeVirtualMemory
SSDT 885A5D60 ZwImpersonateAnonymousToken
SSDT 885AA910 ZwImpersonateThread
SSDT 884AB6A8 ZwLoadDriver
SSDT 885A8D68 ZwMapViewOfSection
SSDT 87C1BF48 ZwOpenEvent
SSDT 883AD308 ZwOpenProcess
SSDT 87C2D588 ZwOpenProcessToken
SSDT 87C6C1B8 ZwOpenSection
SSDT 87C2D5C0 ZwOpenThread
SSDT 885AA438 ZwProtectVirtualMemory
SSDT 885BCB70 ZwResumeThread
SSDT 885B8C98 ZwSetContextThread
SSDT 885B8D58 ZwSetInformationProcess
SSDT 889DA4C0 ZwSetSystemInformation
SSDT 87C1BE88 ZwSuspendProcess
SSDT 885BC930 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0xDD54A640]
SSDT 885BC9F0 ZwTerminateThread
SSDT 885B8F48 ZwUnmapViewOfSection
SSDT 885AADB0 ZwWriteVirtualMemory
SSDT 885AA338 ZwCreateThreadEx
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 826B4860 8 Bytes [10, AF, 5A, 88, D0, AF, 5A, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 826B4874 4 Bytes [50, D0, B5, 84]
.text ntkrnlpa.exe!KeSetEvent + 13D 826B4880 4 Bytes [40, B7, 4A, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 826B48D4 4 Bytes [28, A5, 5A, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 826B4938 4 Bytes [70, 5C, 5A, 88]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA92FB69D]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateFile + 6 7743424A 4 Bytes [28, 68, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateFile + B 7743424F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateKey + 6 7743428A 4 Bytes [68, 69, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateKey + B 7743428F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateMutant + 6 774342BA 4 Bytes [28, 6A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateMutant + B 774342BF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateSection + 6 7743433A 4 Bytes [68, 6A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtCreateSection + B 7743433F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtMapViewOfSection + 6 7743499A 4 Bytes [A8, 6C, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtMapViewOfSection + B 7743499F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenFile + 6 77434A2A 4 Bytes [68, 68, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenFile + B 77434A2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenKey + 6 77434A5A 4 Bytes [A8, 69, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenKey + B 77434A5F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenMutant + B 77434A7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcess + 6 77434AAA 4 Bytes [28, 6B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcess + B 77434AAF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessToken + 6 77434ABA 4 Bytes [68, 6B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessToken + B 77434ABF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessTokenEx + 6 77434ACA 4 Bytes [28, 6C, 06, 00] {SUB [ESI+EAX+0x0], CH}
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenProcessTokenEx + B 77434ACF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenSection + 6 77434ADA 4 Bytes [A8, 6A, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenSection + B 77434ADF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThread + B 77434B1F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadToken + B 77434B2F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadTokenEx + 6 77434B3A 4 Bytes [68, 6C, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtOpenThreadTokenEx + B 77434B3F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryAttributesFile + 6 77434BCA 4 Bytes [A8, 68, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryAttributesFile + B 77434BCF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtQueryFullAttributesFile + B 77434C7F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationFile + 6 7743515A 4 Bytes [28, 69, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationFile + B 7743515F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationThread + 6 774351AA 4 Bytes [A8, 6B, 06, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtSetInformationThread + B 774351AF 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ntdll.dll!NtUnmapViewOfSection + B 7743544F 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateProcessW 76151BF3 5 Bytes JMP 000800B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateProcessA 76151C28 5 Bytes JMP 000800F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!OpenEventW 7616C023 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] kernel32.dll!CreateEventW 7619B85E 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!DeleteObject 77385A37 5 Bytes JMP 000B01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetDeviceCaps 7738617F 5 Bytes JMP 000B03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectObject 773862A0 5 Bytes JMP 000B05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetTextColor 7738666B 5 Bytes JMP 000B0A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetBkMode 77386716 5 Bytes JMP 000B08F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!DeleteDC 773868CD 5 Bytes JMP 000B0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetCurrentObject 77386B58 5 Bytes JMP 000B0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetStretchBltMode 77387206 5 Bytes JMP 000B06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SaveDC 773875BA 5 Bytes JMP 000B0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!RestoreDC 77387675 5 Bytes JMP 000B0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StretchDIBits 773878CF 5 Bytes JMP 000B0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtSelectClipRgn 773879F8 5 Bytes JMP 000B02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectClipRgn 77387AF9 5 Bytes JMP 000B05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!MoveToEx 77387C33 5 Bytes JMP 000B0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!Rectangle 77387EA9 5 Bytes JMP 000B09B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextAlign 773882E0 5 Bytes JMP 000B0D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetTextAlign 773885CB 5 Bytes JMP 000B09F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtTextOutW 7738872B 5 Bytes JMP 000B0970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextMetricsW 77388A81 5 Bytes JMP 000B0E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!IntersectClipRect 77388B64 5 Bytes JMP 000B03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetClipBox 77389071 5 Bytes JMP 000B0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetICMMode 773894E7 5 Bytes JMP 000B0DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateDCW 7738A91D 5 Bytes JMP 000B00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateDCA 7738AA49 5 Bytes JMP 000B00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateICW 7738B2E9 5 Bytes JMP 000B0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextFaceW 7738B637 5 Bytes JMP 000B0D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetFontData 7738BA6C 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetFontData 7738BA6C 5 Bytes JMP 000B0C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextExtentPoint32W 7738C01A 5 Bytes JMP 000B0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetWorldTransform 7738C46A 5 Bytes JMP 000B06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!LineTo 7738C65E 5 Bytes JMP 000B0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextMetricsA 7738CCEB 5 Bytes JMP 000B0DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtTextOutA 773900A5 5 Bytes JMP 000B0930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextExtentPoint32A 77390E58 5 Bytes JMP 000B0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ExtEscape 773922A7 5 Bytes JMP 000B02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!Escape 773927F1 5 Bytes JMP 000B0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!ResetDCW 77393132 5 Bytes JMP 000B0AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndPage 7739375E 5 Bytes JMP 000B0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetPolyFillMode 773961D3 5 Bytes JMP 000B0B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SetMiterLimit 773962E2 5 Bytes JMP 000B0B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetTextFaceA 7739F4C5 5 Bytes JMP 000B0CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!GetGlyphOutlineW 773AA41F 5 Bytes JMP 000B0CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CreateScalableFontResourceW 773AC88B 5 Bytes JMP 000B0BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!AddFontResourceW 773ACC93 5 Bytes JMP 000B0BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!RemoveFontResourceW 773AD129 5 Bytes JMP 000B0C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!AbortDoc 773B2CC4 5 Bytes JMP 000B0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndDoc 773B30D8 5 Bytes JMP 000B01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StartPage 773B31C3 5 Bytes JMP 000B0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StartDocW 773B3CA7 5 Bytes JMP 000B07F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!BeginPath 773B4465 5 Bytes JMP 000B0830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!SelectClipPath 773B44BC 5 Bytes JMP 000B0AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!CloseFigure 773B4517 5 Bytes JMP 000B0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!EndPath 773B456E 5 Bytes JMP 000B0A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!StrokePath 773B47A0 5 Bytes JMP 000B07B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!FillPath 773B482C 5 Bytes JMP 000B0870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolylineTo 773B4C95 5 Bytes JMP 000B04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolyBezierTo 773B4D25 5 Bytes JMP 000B04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] GDI32.dll!PolyDraw 773B4DD6 5 Bytes JMP 000B08B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetCursor 75A7D37D 5 Bytes JMP 000C0530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatW 75A7D6AC 1 Byte [E9]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatW 75A7D6AC 5 Bytes JMP 000C02B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ActivateKeyboardLayout 75A8478C 5 Bytes JMP 000C04F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!IsWindowVisible 75A8878A 7 Bytes JMP 000C06B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!MonitorFromWindow 75A888D4 7 Bytes JMP 000C0630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ScreenToClient 75A88C56 7 Bytes JMP 000C0670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClientRect 75A88F0D 7 Bytes JMP 000C05B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetParent 75A890AA 7 Bytes JMP 000C06F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!RegisterClipboardFormatA 75A8A111 5 Bytes JMP 000C02F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!PostMessageW 75A8A175 5 Bytes JMP 000C05F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!MapWindowPoints 75A8A30D 5 Bytes JMP 000C0570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardFormatNameA 75A8A552 5 Bytes JMP 000C0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetOpenClipboardWindow 75A926A6 5 Bytes JMP 000C03F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetClipboardViewer 75A9BA2D 5 Bytes JMP 000C04B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!IsClipboardFormatAvailable 75A9C2E3 5 Bytes JMP 000C00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!CloseClipboard 75A9C2F7 5 Bytes JMP 000C00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!OpenClipboard 75A9C31D 5 Bytes JMP 000C0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetTopWindow 75A9CE0A 7 Bytes JMP 000C0730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardSequenceNumber 75A9D8B7 5 Bytes JMP 000C0330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!ChangeClipboardChain 75A9DF83 5 Bytes JMP 000C0430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!CountClipboardFormats 75AA0048 5 Bytes JMP 000C01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardOwner 75AA26EF 5 Bytes JMP 000C0370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetClipboardData 75AB6410 5 Bytes JMP 000C0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!EnumClipboardFormats 75AB6D16 5 Bytes JMP 000C01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!SetCursorPos 75AB6FB2 5 Bytes JMP 000C0770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardData 75AB715A 5 Bytes JMP 000C0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardFormatNameW 75ABA99F 5 Bytes JMP 000C0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!EmptyClipboard 75AD398B 5 Bytes JMP 000C0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetClipboardViewer 75AD39ED 5 Bytes JMP 000C0470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] USER32.dll!GetPriorityClipboardFormat 75AD3AEF 5 Bytes JMP 000C03B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleGetClipboard 762A74C9 5 Bytes JMP 000D00B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleSetClipboard 762D11E3 5 Bytes JMP 000D0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] ole32.dll!OleIsCurrentClipboard 762DA8F9 5 Bytes JMP 000D0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!FreeContextBuffer 75902D83 5 Bytes JMP 000F00F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!DeleteSecurityContext 75902F18 5 Bytes JMP 000F0270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!FreeCredentialsHandle 75903598 5 Bytes JMP 000F0130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!EncryptMessage 75903745 5 Bytes JMP 000F01F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!DecryptMessage 75903813 5 Bytes JMP 000F0230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!InitializeSecurityContextA 759087DF 5 Bytes JMP 000F0170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!AcquireCredentialsHandleA 75908A43 5 Bytes JMP 000F0030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!QueryContextAttributesA 75908E77 5 Bytes JMP 000F0070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!ApplyControlToken 7590DE4F 5 Bytes JMP 000F01B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[5252] Secur32.dll!QueryCredentialsAttributesA 7590E052 5 Bytes JMP 000F00B0
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!InSendMessageEx + 4C9 75A7E7C8 7 Bytes JMP 59B343E6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!CreateWindowExW + AA 75A813AF 7 Bytes JMP 59B34375 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!GetWindowInfo 75A8428E 5 Bytes JMP 5977E50D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6656] USER32.dll!SetMenuItemBitmaps + 71 75A914EE 7 Bytes JMP 5977E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] ntdll.dll!LdrLoadDll 773F9378 5 Bytes JMP 595A6D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!HeapSetInformation + 26 7617A8B0 7 Bytes JMP 595C1C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!LockResource + C 76196ACB 7 Bytes JMP 598FD713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] kernel32.dll!VirtualAllocEx + 54 7619AF50 7 Bytes JMP 598FD736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] USER32.dll!GetWindowInfo 75A8428E 5 Bytes JMP 59786045 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[7716] GDI32.dll!SetStretchBltMode + 256 7738745C 7 Bytes JMP 598FD694 C:\Program Files\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\0000008e bthport.sys
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS
Device \Driver\BTHUSB \Device\0000008c bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ccc83fe
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4ccc83fe (not active ControlSet)
---- EOF - GMER 2.1 ----
 lg Myriam |
| Themen zu Yahoo Account macht sich selbstständig - Virensuche erfolglos |
| 7-zip, account, anti-malware, battle.net, canon, computer, computern, daten, externe festplatte, festplatte, forum, gelöscht, geändert, google, hilfe!, hängt, install.exe, intranet, link, malwarebytes, neu, nicht mehr, nichts, ntdll.dll, platte, plug-in, spark, suche, system, verdächtige, verschiedene, yahoo, zunge |
Baum-Darstellung