| |
| |||||||
Log-Analyse und Auswertung: HEUR:Exploit.Java.CVE-2012-0507.gen und wetere ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.03.2013, 23:39
| #1 |
| |  HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme Abend, Am Donnerstag den 28.03.2013 habe ich eine Email von einem Kunden von mir bekommen das ich Spam Mails mit meinem Hotmail Konto verschicke. Im Postausgang war tatsächlich eine Abgesendete Email an mehrer Kontakte von mir. Darauf habe ich mein Passwort geändert und alle Passwort-Logs von meinem Browser (Firefox) gelöscht. Zu erst bin ich davon ausgegangen das mein Passwort gehackt wurde, als ich bemerkte das in einer meiner anderen Emailaccounts das selbe problem auftauchte (yahoo). habe ich den verdacht gehabt das diese Informationen von enem Virus oder so was ähnlichem vom meinem Laptop entwendet worden. Als erstes habe ich eine 30 Tage Testversion von Kaspersky herunterladen und ein Virenscan gemacht. Der endeckte das hier Kaspersky Code:
ATTFilter Typ: trojanisches Programm (1)
HEUR:Exploit.Java.CVE-2012-0507.gen Gefunden; nicht verarbeitet 29.03.2013 20:26:47 c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\14\ 39fa268e-698ca078
Typ: Unbekannt (1)
Auto0Shutdown0Restyled0Pierre.gadget.~0000 Desinfiziert 29.03.2013 00:24:48 C:\Documents and Settings\***\AppData\Local\Temp\ Auto0Shutdown0Restyled0Pierre.gadget.~0000
Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (1)
not-a-virus:RiskTool.JS.Shutdown.b Gelöscht 29.03.2013 00:24:48 C:\Documents and Settings\***\AppData\Local\Temp\Auto0Shutdown0Restyled0Pierre.gadget.~0000//core/ gadget.js
defogger runter geladen und die Schritte befolgt! Auf Desktop gespeichert und ausgeführt nach Anweisung "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" OTL.txt erhalten aber KEIN Extra.txt Was ist schief gelaufen Ich hoffe Ihr könnt mir HELFEN, danke im Vorrraus  EDIT: Werde nochmal eine OTL SCAN machen diesmal nach der Anleitung von http://www.trojaner-board.de/85104-o...-oldtimer.html liegt daran das die Scan Benutzer Hacken gesetz sein muss damit Extra-Registrierung eingeschaltet wird. Diesmal mache ich ein SCAN und kein QUICK SCAN. Zusätzlich habe ich Hacken an LOP Prüfung und Purity Prüfung gemacht wie bei der Edit Einleitung von OTL-SCAN . OTL.txt Code:
ATTFilter OTL logfile created on: 30.03.2013 00:01:28 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 43,16% Memory free 9,91 Gb Paging File | 7,26 Gb Available in Paging File | 73,28% Paging File free Paging file location(s): d:\pagefile.sys 6090 6090 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 217,69 Gb Total Space | 81,68 Gb Free Space | 37,52% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 8,95 Gb Free Space | 59,70% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll () ========== Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD D8 4E 28 A5 E9 CD 01 [binary data] IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57} IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20130110&user_guid=D565FD806174475989F2E89C6F838B4A&machine_id=2a365d1fa0e5d9dc9b85d05519ed3cba&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source} IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.18 23:23:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.19 01:30:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.01.19 04:31:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:42:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.29 21:41:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:42:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.29 21:41:13 | 000,000,000 | ---D | M] [2013.01.20 14:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.03.08 13:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.28 22:45:33 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 13:42:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.19 04:30:42 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.27 02:47:10 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe (MAGIX AG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk = C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..Trusted Domains: dell.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C28292FF-D304-44DD-A323-9183358D1BFD}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.29 22:47:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2013.03.29 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.03.29 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\trojaner board [2013.03.29 22:07:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.29 00:50:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.29 00:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.29 00:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.29 00:48:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.29 00:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.28 22:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.03.28 22:34:02 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.03.28 22:33:20 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.03.28 22:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.28 22:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.03.28 22:32:52 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.03.28 22:32:52 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.03.28 22:23:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013 [2013.03.28 21:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.28 21:53:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.28 21:53:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.28 21:53:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.28 21:53:48 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.28 17:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.03.28 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.03.27 15:18:37 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013.03.20 22:04:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.14 10:15:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 10:15:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 10:15:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 10:15:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 10:15:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 10:15:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 10:15:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 10:15:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 10:15:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 10:15:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 10:15:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 10:15:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 10:15:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.14 10:15:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 10:15:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 20:24:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2013.03.13 20:12:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2013.03.08 13:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.01 23:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.28 01:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.28 01:42:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.02.28 01:29:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2013.02.28 00:09:06 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 00:09:05 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 00:09:05 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 00:09:05 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 00:09:04 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 00:09:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 00:09:03 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 00:09:03 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 00:09:03 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 00:09:03 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 00:09:03 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 00:09:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 00:09:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 00:09:03 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 00:09:03 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 00:09:02 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 00:09:02 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 00:09:02 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 00:09:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 00:09:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 00:09:01 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 00:09:01 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 00:09:01 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 00:09:01 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 00:09:01 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 00:09:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 00:09:01 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 00:09:01 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 00:09:01 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 00:09:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 00:09:00 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 00:09:00 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 00:09:00 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll ========== Files - Modified Within 30 Days ========== [2013.03.29 23:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.29 22:29:52 | 000,001,237 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.29 22:09:43 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 22:09:43 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 22:02:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.29 22:01:18 | 003,106,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.29 22:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.29 22:00:56 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys [2013.03.29 12:52:09 | 000,037,066 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2013-03-29.json [2013.03.29 11:25:11 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.03.29 01:12:46 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe [2013.03.29 01:12:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.29 01:12:03 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.03.29 00:49:00 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 22:35:21 | 000,002,342 | ---- | M] () -- C:\Users\***\Desktop\Sicherer Zahlungsverkehr.lnk [2013.03.28 22:34:03 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.03.28 21:53:41 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.28 21:53:39 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.28 21:53:39 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.28 21:53:38 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.28 21:53:38 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.28 21:53:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.28 17:49:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.03.16 10:52:48 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.16 10:52:48 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.10 02:39:30 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.10 02:39:30 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.10 02:39:30 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.10 02:39:30 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.10 02:39:30 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.08 15:47:16 | 000,604,592 | ---- | M] () -- C:\Users\***\Documents\img016.pdf [2013.03.08 15:39:24 | 000,346,220 | ---- | M] () -- C:\Users\***\Documents\img015.pdf [2013.03.08 15:36:53 | 000,323,774 | ---- | M] () -- C:\Users\***\Documents\img014.pdf [2013.03.08 15:05:10 | 000,442,266 | ---- | M] () -- C:\Users\***\Documents\img013.pdf [2013.02.28 14:19:49 | 000,416,226 | ---- | M] () -- C:\Users\***\Documents\img012.pdf ========== Files Created - No Company Name ========== [2013.03.29 22:29:52 | 000,001,237 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.29 22:07:50 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe [2013.03.29 22:07:50 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.03.29 12:52:09 | 000,037,066 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2013-03-29.json [2013.03.29 11:25:11 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.29 00:49:00 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.28 22:35:21 | 000,002,342 | ---- | C] () -- C:\Users\***\Desktop\Sicherer Zahlungsverkehr.lnk [2013.03.28 22:34:13 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.03.28 17:49:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.03.28 17:49:11 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.03.08 15:47:16 | 000,604,592 | ---- | C] () -- C:\Users\***\Documents\img016.pdf [2013.03.08 15:39:24 | 000,346,220 | ---- | C] () -- C:\Users\***\Documents\img015.pdf [2013.03.08 15:36:53 | 000,323,774 | ---- | C] () -- C:\Users\***\Documents\img014.pdf [2013.03.08 15:05:10 | 000,442,266 | ---- | C] () -- C:\Users\***\Documents\img013.pdf [2013.02.28 14:19:49 | 000,416,226 | ---- | C] () -- C:\Users\***\Documents\img012.pdf [2013.02.28 01:42:38 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.28 01:42:36 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.20 15:26:50 | 000,009,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.20 15:19:48 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.10 22:56:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.01.10 00:53:58 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.27 02:58:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.12.27 00:46:43 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll [2012.12.24 16:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.10 00:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.01.18 23:25:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2013.01.18 23:25:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2013.01.05 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2013.01.18 16:28:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2013.02.22 14:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Learnpulse [2013.01.19 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2013.03.29 22:29:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.01.18 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD [2013.01.18 22:28:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\simplitec [2013.01.18 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.12.29 04:26:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows SideBar [2013.02.01 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.02.01 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 30.03.2013 00:01:28 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 43,16% Memory free
9,91 Gb Paging File | 7,26 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): d:\pagefile.sys 6090 6090 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217,69 Gb Total Space | 81,68 Gb Free Space | 37,52% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,95 Gb Free Space | 59,70% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E88329-2EEC-407F-88CD-92E7F829640D}" = rport=445 | protocol=6 | dir=out | app=system |
"{02FD9EC1-308F-4B68-BC9A-333630A2D12A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{076C0EC0-4D9D-4E1A-88FF-B70A98778409}" = lport=445 | protocol=6 | dir=in | app=system |
"{13603921-E141-448C-A1CB-0D023C640425}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B58D467-6CDA-4A75-9EF0-56A7AE6C8EDD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C787BDA-AAC3-4A44-9E6D-EE96C4B07315}" = rport=138 | protocol=17 | dir=out | app=system |
"{3618603B-2EF5-4EC8-90A9-A9719AFC7BA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{401171D6-BB82-4E52-AAF9-56B33ED8043A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5BF3F394-E1FC-4E9E-AE3F-DAAF0EF28F98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C2F52FE-18CC-4B39-9A67-38DC32FBC4D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{61B10E63-9F2B-4B35-ABB6-8D4A04E51148}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6906E662-2DFF-4C69-BE1B-CAF30BDF6478}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C9D6096-C75D-464F-B0EB-3F4E0F6C1510}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95782473-2752-4961-ACDE-8DF7EC8304C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{BD400D36-9038-406F-A57F-A17956268D15}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE79BB18-C5EE-43D8-93EB-46857629CC2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6A512B6-EC34-4696-860D-4CBE80CF9417}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCCE698D-23D6-4AB0-BF15-C6AB95C22BD8}" = lport=137 | protocol=17 | dir=in | app=system |
"{DCB9C59C-6BB7-43D7-9B02-52EECA90F100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E32CEFDA-0DFD-4A29-A483-2C3F0CD8ADF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB41DD6B-C0E1-41BF-B82E-0BE10E74AED8}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC36C7D6-C60D-4992-91E9-0D30EC2605D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD5A1954-2B04-4F27-9902-451C1F70315C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CDE10AF-301B-4728-B817-FDB09EDD8696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3027D6C5-CA34-41BE-BA26-9DA21678C7F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C1D296E-5154-4288-B1BF-B1EE61006E81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C4B2A4B-1CBB-4658-8FFB-0D3602E59F64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{529A3B2C-599B-4D36-8D6D-C346AA2B873C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5313FDE7-5C55-4C20-9C05-23F1B42FD7AF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54FF1718-249D-453E-8480-A17141C064B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{657D51E3-CCB1-4C34-B26C-EA31FA01D3A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{696BF2B0-0A91-4810-8D93-FE3F89D67735}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F8F538A-5F56-4238-86D7-FC10069ABA4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E4DD87E-755D-4351-BE3F-7A889EA57480}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{805B405D-D1C9-445C-B615-E394E2421D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{894CB74E-A861-47F6-BA04-521F41BC90B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DE4A598-6746-4188-98F8-76147CD0FA62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{966945D6-E0F2-42DA-B1F9-1D6E0AD9E59C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9DBF0DD2-5158-47E9-AF7E-1EF35AA67638}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{ADF1209E-F1A1-4E7A-82B8-B22B03A189BC}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{BCA563E8-3AB3-4AA6-A258-EBCB03357B49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C482F0DD-9569-4B49-9D58-186F6B3FAA9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8317A6D-C10D-4AFC-87E9-5036F01E5C15}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5907F4C-0636-4EA1-BDE0-00B34030538B}" = protocol=6 | dir=out | app=system |
"{EDB4EF54-DE2A-489C-97CC-23704C98B69E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F68ED043-78B8-48FD-999F-FBD13CFC5F67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{00B13F28-362F-48AC-AFFD-EECCF7A8DD3F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{EC545AF0-A086-4001-954E-388C98F4E9EB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{2C1AE975-4CAE-4146-A496-98CA1A5B080C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{CC389EE9-E40C-48E6-BD21-91BC27799781}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24773223-031F-4291-B85F-E7AF4ABE5E46}" = MAGIX Foto Manager 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}" = MAGIX Speed burnR (MSI)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2009
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F78CC9B-AC09-4C96-B834-C137C3C62871}" = mufin player 2.5
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}" = simplitec simplicheck
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}" = MAGIX Screenshare
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E41712A1-DEEB-4D10-BCF1-046BA0611F94}" = MAGIX Video deluxe MX Plus Sonderedition
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"Dell Dock" = Dell Dock
"DivX Setup" = DivX-Setup
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Free Studio_is1" = Free Studio version 5.8.0.1201
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MAGIX_{24773223-031F-4291-B85F-E7AF4ABE5E46}" = MAGIX Foto Manager 10
"MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}" = MAGIX Speed burnR (MSI)
"MAGIX_{9F78CC9B-AC09-4C96-B834-C137C3C62871}" = mufin player 2.5
"MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}" = MAGIX Screenshare
"MAGIX_{E41712A1-DEEB-4D10-BCF1-046BA0611F94}" = MAGIX Video deluxe MX Plus Sonderedition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for Magix" = Art Effects for Magix
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"PS3 Media Server" = PS3 Media Server
"RealPlayer 15.0" = RealPlayer
"VirtualCloneDrive" = VirtualCloneDrive
"WinAce Archiver" = WinAce Archiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2013 20:18:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften
Prozesses: 0x6518 Startzeit der fehlerhaften Anwendung: 0x01ce2b49b34a0932 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
046b3574-973d-11e2-9699-00225f4e02bd
Error - 27.03.2013 23:39:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2013 06:28:54 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2013 16:12:36 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c58 Startzeit:
01ce2bf0785385a2 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
cf525098-97e3-11e2-a450-00225f4e02bd
Error - 28.03.2013 17:26:36 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.03.2013 05:54:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.03.2013 07:32:35 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c84 Startzeit: 01ce2c6342a137e0 Endzeit: 47 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 4f7a7d4f-9864-11e2-9318-002219e7091b
Error - 29.03.2013 07:38:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.03.2013 15:56:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.03.2013 16:59:56 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11719
Description =
Error - 29.03.2013 17:02:47 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 28.03.2013 15:35:57 | Computer Name = ***-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 29.03.2013 07:31:38 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.03.2013 07:31:38 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.03.2013 07:31:39 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.03.2013 07:31:39 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 29.03.2013 07:32:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 29.03.2013 07:32:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WSearch erreicht.
Error - 29.03.2013 07:33:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 29.03.2013 07:33:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WSearch erreicht.
Error - 29.03.2013 15:11:38 | Computer Name = ***-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
Gmer GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 01:43:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250421ASG rev.DE17 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\***\AppData\Local\Temp\uwlyikob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\RunDll32.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ae1465 2 bytes [AE, 75]
.text C:\Windows\SysWOW64\RunDll32.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ae14bb 2 bytes [AE, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ae1465 2 bytes [AE, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ae14bb 2 bytes [AE, 75]
.text ... * 2
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 8 bytes {MOV EDX, 0xd03e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077d3f99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 0000000077d3fa0d 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 0000000077d3fa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 0000000077d3fb25 8 bytes {MOV EDX, 0xd0168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 0000000077d3fb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 8 bytes {MOV EDX, 0xd0428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077d3fbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 8 bytes {MOV EDX, 0xd0368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077d3fc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077d3fc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 8 bytes {MOV EDX, 0xd04e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077d3fc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 8 bytes {MOV EDX, 0xd0528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077d3fc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 8 bytes {MOV EDX, 0xd04a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077d3fcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 8 bytes {MOV EDX, 0xd0468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077d3fd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 8 bytes {MOV EDX, 0xd0068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077d3fd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 0000000077d3fdad 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 0000000077d3fdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077d3fe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 0000000077d3ff89 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 0000000077d3ff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 8 bytes {MOV EDX, 0xd0028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077d400a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077d40781 8 bytes {MOV EDX, 0xd0268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 0000000077d4078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077d40ffd 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077d41007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 0000000077d4105d 8 bytes {MOV EDX, 0xd0228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077d41067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 8 bytes {MOV EDX, 0xd03a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077d410af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 8 bytes {MOV EDX, 0xd0328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077d41127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077d4132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007559103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075591072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000075b0119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000075b011cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075b54de0 5 bytes JMP 00000001000f03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075b54f70 5 bytes JMP 00000001000f05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000075b551a2 5 bytes JMP 00000001000f08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000075b5522d 5 bytes JMP 00000001000f0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075b55689 5 bytes JMP 00000001000f01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075b558b3 5 bytes JMP 00000001000f0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075b56bad 5 bytes JMP 00000001000f0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075b56e05 5 bytes JMP 00000001000f0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075b56ead 5 bytes JMP 00000001000f0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075b57180 5 bytes JMP 00000001000f06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075b57435 5 bytes JMP 00000001000f0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075b57bcc 5 bytes JMP 00000001000f00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075b57dc4 5 bytes JMP 00000001000f03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075b57fd5 5 bytes JMP 00000001000f0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000075b582b2 5 bytes JMP 00000001000f0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075b58401 5 bytes JMP 00000001000f09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000075b5879f 5 bytes JMP 00000001000f02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075b58916 5 bytes JMP 00000001000f05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075b58b7a 5 bytes JMP 00000001000f0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075b58ee6 5 bytes JMP 00000001000f0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075b59875 5 bytes JMP 00000001000f0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075b59936 5 bytes JMP 00000001000f0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000075b5a53a 5 bytes JMP 00000001000f09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000075b5af9f 5 bytes JMP 00000001000f0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!LineTo 0000000075b5b9e5 5 bytes JMP 00000001000f0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000075b5bd55 5 bytes JMP 00000001000f0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000075b5c040 5 bytes JMP 00000001000f0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000075b5c107 5 bytes JMP 00000001000f0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000075b5c269 5 bytes JMP 00000001000f06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000075b5d1f1 5 bytes JMP 00000001000f0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000075b5d349 5 bytes JMP 00000001000f0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000075b5dce4 5 bytes JMP 00000001000f0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075b5e743 5 bytes JMP 00000001000f00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000075b603b7 5 bytes JMP 00000001000f02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!Escape 0000000075b61bda 5 bytes JMP 00000001000f0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000075b61e89 5 bytes JMP 00000001000f0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000075b64843 5 bytes JMP 00000001000f0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000075b65690 5 bytes JMP 00000001000f0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!EndPage 0000000075b66bde 5 bytes JMP 00000001000f0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000075b6e2db 5 bytes JMP 00000001000f0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000075b7940d 5 bytes JMP 00000001000f0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000075b7c621 5 bytes JMP 00000001000f0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000075b7d2b2 5 bytes JMP 00000001000f0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000075b7d919 5 bytes JMP 00000001000f0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000075b83adc 5 bytes JMP 00000001000f0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000075b83f29 5 bytes JMP 00000001000f01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StartPage 0000000075b8401a 5 bytes JMP 00000001000f0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000075b84c51 5 bytes JMP 00000001000f07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000075b853fd 5 bytes JMP 00000001000f0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000075b85454 5 bytes JMP 00000001000f0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000075b854af 5 bytes JMP 00000001000f0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!EndPath 0000000075b85506 5 bytes JMP 00000001000f0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000075b8573f 5 bytes JMP 00000001000f07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!FillPath 0000000075b857d2 5 bytes JMP 00000001000f0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000075b85c44 5 bytes JMP 00000001000f04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000075b85cd5 5 bytes JMP 00000001000f04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000075b85d87 5 bytes JMP 00000001000f08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076fe8c40 5 bytes JMP 0000000100200570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076fe9ebd 5 bytes JMP 00000001002002b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076ff0afa 5 bytes JMP 00000001002002f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000076ff0c62 7 bytes JMP 00000001002005b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetParent 0000000076ff0f68 7 bytes JMP 00000001002006f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000076ff112d 7 bytes JMP 00000001002006b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076ff12a5 5 bytes JMP 00000001002005f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000076ff227d 7 bytes JMP 0000000100200670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000076ff3150 7 bytes JMP 0000000100200630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetCursor 0000000076ff41f6 5 bytes JMP 0000000100200530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000076ff68ef 5 bytes JMP 0000000100200270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000076ff77fa 5 bytes JMP 0000000100200230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000076ff7887 7 bytes JMP 0000000100200730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000076ff8676 5 bytes JMP 00000001002000f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000076ff8696 5 bytes JMP 0000000100200330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000076ff8e8d 5 bytes JMP 00000001002000b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000076ff8ecb 5 bytes JMP 0000000100200070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000076ffc17b 5 bytes JMP 0000000100200430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000076ffc449 5 bytes JMP 00000001002001b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000076ffc468 5 bytes JMP 00000001002003f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000076ffc486 5 bytes JMP 00000001002001f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076ffc4b6 5 bytes JMP 00000001002004b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000076ffd6c0 5 bytes JMP 00000001002004f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000076ffe360 5 bytes JMP 0000000100200370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000077028e57 5 bytes JMP 0000000100200170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000077029cfd 5 bytes JMP 0000000100200770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000077029f1d 5 bytes JMP 0000000100200030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000077047cb9 5 bytes JMP 0000000100200130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000077048111 5 bytes JMP 0000000100200470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 000000007704832f 5 bytes JMP 00000001002003b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000075419606 5 bytes JMP 00000001002900f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000075420581 5 bytes JMP 0000000100290130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000075420bb9 5 bytes JMP 0000000100290270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000075420c2e 5 bytes JMP 00000001002901b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000075420f2e 5 bytes JMP 0000000100290070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000075421096 5 bytes JMP 00000001002900b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 000000007542124e 5 bytes JMP 00000001002901f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 000000007542129d 5 bytes JMP 0000000100290230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000075421527 5 bytes JMP 0000000100290030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000075421590 5 bytes JMP 0000000100290170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075e00045 5 bytes JMP 0000000100410030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075e036b2 5 bytes JMP 0000000100410070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075e2fdcd 5 bytes JMP 00000001004100b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ae1465 2 bytes [AE, 75]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ae14bb 2 bytes [AE, 75]
.text ... * 2
.text C:\Users\***\Desktop\OTL.exe[5104] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000075ae1465 2 bytes [AE, 75]
.text C:\Users\***\Desktop\OTL.exe[5104] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000075ae14bb 2 bytes [AE, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f4e02bd
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f4e02bd@d8b3772d5a42 0x65 0x72 0x7E 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f4e02bd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f4e02bd@d8b3772d5a42 0x65 0x72 0x7E 0x6F ...
---- EOF - GMER 2.1 ----
so ich hoffe jemand kann mir jetzt helfen nochmals Danke im Vorraus Geändert von Unleashed_80 (30.03.2013 um 00:28 Uhr) |
|
01.04.2013, 12:15
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme Hallo und
__________________ Zitat:
Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
01.04.2013, 19:53
| #3 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme Die 64-Bit Windows haben wir von der Uni bekommen. Warum? War kostenlos und da mein Rechner eine 4GB Areitsspeicher hat brauch ich doch die 64-Bit Version oder nicht? Dell hatte mir nur eine ne 32-Bit Version geschickt (Was ich auch nicht verstehe)! Aber das ist auch über 3-4 jahre her.
__________________. Was ist das? O1 - Hosts: 127.0.0.1 activate.adobe.com |
|
01.04.2013, 20:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen und wetere ProblemeZitat:
Warum benötigt dein Rechner einen Hack, der es ermöglicht, dass nichts mehr activate.adobe.com kontaktieren kann? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.04.2013, 20:44
| #5 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme Doppel PFUI habs gegoogelt danke für die Info. Hatte im Dez mein Rechner platt gemacht und ich brauchte die Treiber für meinen Rechner. Da habe ich eine alte CD gefunden wo Treiber und sonstiges drin stand. Dachte das wäre der Kostenlose reader. Anders kann ich mir es nicht erklären.  |
|
| Themen zu HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme |
| adobe reader xi, autorun, benutzerdaten, bho, browser, computer, converter, desktop, down, ebanking, email, excel, firefox, helper, heur, heur:exploit.java.cve-2012-0507.gen, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, kunde, legales programm, logfile, mozilla, mp3, msiinstaller, ntdll.dll, ntopenkeyex, passwort gehackt, plug-in, problem, programm, registry, scan, security, software, tastatur, trojanisches programm, virus, visual studio, windows, wsearch |
Linear-Darstellung
