| |
| |||||||
Log-Analyse und Auswertung: BSI VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.05.2013, 12:37
| #1 |
| |  BSI Virus Ich habe das selbe Problem wie Jonas 5, leider habe ich mir auch den BSI Virus eingefangen und würde den gerne so schnell wie möglich los werden, da ich den PC dringends für die Uni benötige. Ich habe bereits die OTL-Dateien und Gmer-Dateien gemacht und werde diese auch direkt hochladen. Ich hoffe Ihr könnt mir schnell helfen. OTL-DateienOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2013 17:03:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\test\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,21% Memory free 6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 350,32 Gb Total Space | 276,13 Gb Free Space | 78,82% Space Free | Partition Type: NTFS Drive D: | 348,22 Gb Total Space | 199,26 Gb Free Space | 57,22% Space Free | Partition Type: NTFS Drive F: | 686,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KAI-PC | User Name: test | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\test\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Daten\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Daten\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - D:\Daten\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - D:\Daten\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Daten\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Daten\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - D:\Daten\My Lockbox\mylbx.exe (FSPro Labs) PRC - C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( ) PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\lxeacoms.exe ( ) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Programme\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - D:\Daten\Firefox\mozjs.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - D:\Daten\My Lockbox\FSPFlt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (AntiVirSchedulerService) -- D:\Daten\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Daten\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Autodesk Content Service) -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( ) SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (ATKGFNEXSrv) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( ) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (FSProFilter) -- C:\Windows\System32\drivers\FSPFltd.sys (FSPro Labs) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ASMMAP) -- C:\Programme\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys (ASUS) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=46&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3026709562-3231863478-2769425423-1003\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-3026709562-3231863478-2769425423-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Daten\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Daten\Adobe\Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Daten\Firefox\components [2013.04.17 22:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\Daten\Firefox\plugins [2013.04.30 17:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2012.03.06 22:38:37 | 000,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ADSK DLMSession] C:\Programme\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKLM..\Run: [avgnt] D:\Daten\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [mylbx] D:\Daten\My Lockbox\mylbx.exe (FSPro Labs) O4 - HKLM..\Run: [PDFPrint] D:\Daten\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Daten\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Daten\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Daten\Office2007\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD56FE41-A865-426B-9882-470E2C014AD8}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.04 11:43:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2001.08.13 23:05:32 | 001,564,672 | R--- | M] () - F:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2001.08.09 01:35:42 | 000,000,131 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Macromedia [2013.04.30 17:05:57 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Macromedia [2013.04.30 17:02:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Avira [2013.04.30 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Mozilla [2013.04.30 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Mozilla [2013.04.30 16:57:40 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Autodesk [2013.04.30 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Adobe [2013.04.30 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Apple Computer [2013.04.30 16:57:14 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.30 16:57:14 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.04.30 16:57:13 | 000,000,000 | R--D | C] -- C:\Users\test\Searches [2013.04.30 16:57:02 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Identities [2013.04.30 16:57:01 | 000,000,000 | R--D | C] -- C:\Users\test\Contacts [2013.04.30 16:56:59 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\VirtualStore [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Vorlagen [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\AppData\Local\Verlauf [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\AppData\Local\Temporary Internet Files [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Startmenü [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\SendTo [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Recent [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Netzwerkumgebung [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Lokale Einstellungen [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Documents\Eigene Videos [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Documents\Eigene Musik [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Eigene Dateien [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Documents\Eigene Bilder [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Druckumgebung [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Cookies [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\AppData\Local\Anwendungsdaten [2013.04.30 16:56:50 | 000,000,000 | -HSD | C] -- C:\Users\test\Anwendungsdaten [2013.04.30 16:56:49 | 000,000,000 | --SD | C] -- C:\Users\test\AppData\Roaming\Microsoft [2013.04.30 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.04.30 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\test\Downloads [2013.04.30 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\test\Documents [2013.04.30 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\test\Desktop [2013.04.30 16:56:49 | 000,000,000 | R--D | C] -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.30 16:56:49 | 000,000,000 | -H-D | C] -- C:\Users\test\AppData [2013.04.30 16:56:49 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Temp [2013.04.30 16:56:49 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Microsoft Help [2013.04.30 16:56:49 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Microsoft [2013.04.30 16:56:49 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Roaming\Media Center Programs [2013.04.30 16:56:48 | 000,000,000 | R--D | C] -- C:\Users\test\Videos [2013.04.30 16:56:48 | 000,000,000 | R--D | C] -- C:\Users\test\Saved Games [2013.04.30 16:56:48 | 000,000,000 | R--D | C] -- C:\Users\test\Pictures [2013.04.30 16:56:48 | 000,000,000 | R--D | C] -- C:\Users\test\Music [2013.04.30 16:56:48 | 000,000,000 | R--D | C] -- C:\Users\test\Links [2013.04.30 16:56:48 | 000,000,000 | R--D | C] -- C:\Users\test\Favorites [2013.04.29 17:10:55 | 000,127,488 | ---- | C] (Корпорация Майкрософт2) -- C:\ProgramData\jejenini.dat [2013.04.29 17:10:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.04.23 20:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.23 20:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.10 21:06:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 21:06:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 21:06:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 21:06:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 21:06:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 21:06:49 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 21:06:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 21:06:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 19:26:45 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 19:26:41 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 19:26:40 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 19:26:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.30 17:07:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.30 17:03:55 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 17:03:55 | 000,015,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 16:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.30 16:56:55 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.30 16:56:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.30 16:56:13 | 2415,345,664 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 07:52:54 | 095,023,320 | ---- | M] () -- C:\ProgramData\ininejej.pad [2013.04.29 17:10:55 | 000,127,488 | ---- | M] (Корпорация Майкрософт2) -- C:\ProgramData\jejenini.dat [2013.04.29 17:10:55 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.04.22 17:13:49 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.22 17:13:49 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.22 17:13:49 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.22 17:13:49 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.18 14:27:07 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.18 14:27:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.12 15:45:52 | 002,382,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.30 16:57:18 | 000,001,413 | ---- | C] () -- C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.30 07:51:40 | 000,002,685 | ---- | C] () -- C:\ProgramData\ininejej.js [2013.04.29 17:10:56 | 095,023,320 | ---- | C] () -- C:\ProgramData\ininejej.pad [2013.03.03 21:43:38 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat [2013.01.15 20:14:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2013.01.15 20:14:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2012.11.08 11:35:56 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.03.07 19:16:33 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.02.08 13:21:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL-Extra-DateienOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 17:03:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\test\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,21% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 350,32 Gb Total Space | 276,13 Gb Free Space | 78,82% Space Free | Partition Type: NTFS
Drive D: | 348,22 Gb Total Space | 199,26 Gb Free Space | 57,22% Space Free | Partition Type: NTFS
Drive F: | 686,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KAI-PC | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3026709562-3231863478-2769425423-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Daten\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Daten\Office2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Daten\Office2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Daten\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Daten\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Daten\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086F903-A10C-4A13-8D4C-F7BF830D7325}" = lport=137 | protocol=17 | dir=in | app=system |
"{171F9262-1228-4B9C-9B43-CDDFEA8A45C0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1A188122-BB24-4B46-9FCF-D508B5D923E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{216832FD-E2A3-42B2-9F94-AA59E122CD0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22CFD600-1D61-4F65-BDFC-D1072F93FBC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{268AC67C-53B7-4455-AA53-8E3A6F33F48F}" = lport=138 | protocol=17 | dir=in | app=system |
"{35775C35-22DC-45EB-BDD1-3DFF692CD1E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{431A3D13-8063-4236-BDA7-F298B61B5129}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46A5E126-7143-4BD3-A8E9-7620A64C8089}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{5AC0381D-CB97-4FF5-AFEE-9B6578B6BD03}" = lport=6004 | protocol=17 | dir=in | app=d:\daten\office2007\office12\outlook.exe |
"{5D74C5CF-C699-4DF6-91F5-95965DFF2E80}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{748E0C07-7DA3-409C-B3B8-5A2E26508B71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B5F9217-8765-412A-A1D2-0DEB65A2BD3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B76E85B-3BCF-4261-89A3-16419F857FC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ECA9F01-D36E-4315-BAF4-8C3C7B524807}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D0FF1C3-3352-4D80-9025-7C92550A4D94}" = rport=137 | protocol=17 | dir=out | app=system |
"{9181252D-DF2A-427F-A094-038575FA1589}" = rport=139 | protocol=6 | dir=out | app=system |
"{91C432CE-2906-4177-9457-4783DBB463B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{98BEA4DC-A109-4FBF-AD9A-621353F94EC0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A43B2A18-0E5D-4C92-B6EA-A0F7F65A925B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4F8C634-145E-4AA8-8BB4-7680B17A87A7}" = rport=445 | protocol=6 | dir=out | app=system |
"{AEF88B5E-5968-4457-8C98-74A1960E2DC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0735D1E-9BF1-4CF8-A2AF-FFA23D812DE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C27D27F8-54C1-432A-A0A0-02479493DE80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3600C99-2C1C-4F10-AC49-A1C9163AF38F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D07B5B3D-FB92-42CA-9FF5-C0963D40041E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D0834E43-8864-40DB-94E1-FE5FABB12018}" = lport=53908 | protocol=6 | dir=in | name=akamai netsession interface |
"{DB7206AF-4135-4D8F-A9A1-CBAEE1FA213B}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{E8A7C76B-314B-4A43-95DF-34CD1FE1AC1A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F906B9B3-024D-41BE-86EE-1471454C5914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC92FAEB-1BCB-4AD2-9E6F-8323B57FF69D}" = lport=80 | protocol=6 | dir=in | name=http |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0214B312-AAD9-4A78-846C-EF8CCEE0178B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06D3A05F-0BB5-4FA9-BB5F-7EF48423B561}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{162EE40B-37C2-4C24-A6FF-97EF37D92DF4}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{1EEC4B01-F1F8-4E1F-9030-AED1CCE6A4F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{25E7A6BF-D667-4710-B8AE-DEE165F4B4D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26B7E2AC-79F3-4417-809E-8C6C72C0F691}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe |
"{27953119-0997-4015-B842-9A44CF25339E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{27E6C3FF-730E-4E11-9E2B-23E2B06321A8}" = protocol=6 | dir=in | app=d:\spiele\overlord ii\overlord2.exe |
"{306EFDEB-1D46-4D50-89FD-AAE701AE7825}" = protocol=17 | dir=in | app=d:\spiele\overlord ii\overlord2.exe |
"{30EDA747-3D63-43E1-8902-17788D6BB748}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CFE3CA5-5DC2-46AE-B28A-869DBDBBBCAE}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{3EE11E14-899B-443E-A42C-F3D7DF819C6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F65ED3C-6F08-428A-99FF-5A03F401EBD3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{420030CA-6FF7-4DFF-AB57-9591F2D1E75F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{4AD574C1-C316-474D-8C0B-C1C88E19F849}" = protocol=6 | dir=out | app=system |
"{52E1C089-9AA5-49B0-867D-B5BE242CAC9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{594E5C94-E80E-4917-B391-BE1BDC4D6B3A}" = dir=in | app=d:\daten\itunes\itunes.exe |
"{5AD87D6E-0F5F-4EAD-8BF8-05E19283FAA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{662001CA-957F-423C-A698-BA935A0FF483}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{71A9292E-81B9-40B9-9F2E-A8BC0E202261}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74BFDED8-0FFF-4A80-86A8-E0688052E41D}" = protocol=6 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"{77FA0B95-1966-4554-A926-2F8792AFB0B0}" = protocol=17 | dir=in | app=d:\daten\office2007\office12\onenote.exe |
"{7C1F0D5F-91E4-4904-992E-77F5751A8F85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{835A3409-98EE-4C55-8075-6A11C8F34F3B}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe |
"{8C0223A1-A4C2-407E-8C37-B4A8C6AA31C1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{944A4B76-6208-4303-B7B1-C88AA44F897F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94AEF0D3-B46A-408A-8736-B2371D5B6E26}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{98A29F3E-B120-44E1-B757-6F3EFCBAB799}" = protocol=6 | dir=in | app=d:\daten\office2007\office12\onenote.exe |
"{9D93D159-AF0A-43F8-A5AC-4AF0949256B9}" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{AECA1F85-F885-4591-B0E4-CAD2A6E0CDAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA9BAEDE-8626-4141-848E-0ECB34C9BBBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFA46A46-12E1-4272-A9E6-267B645F0013}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{BFC62061-C5ED-4983-8A53-EB84B355F847}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\source sdk base 2007\hl2.exe |
"{C05259D5-1557-4F52-B5B6-62B300286ED4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1030AC7-2596-4247-ACF4-1E1F095EE223}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C3BD1924-497D-465A-9B50-694238D72429}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\source sdk base 2007\hl2.exe |
"{C744C96D-087E-4CC6-9596-0BD22E453C92}" = protocol=17 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"{CDC9672D-4E9F-476E-89E8-06FA74973E0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D002EFF0-5ADA-4ECA-88BA-FC2F895EE7A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D11289F4-4E4C-43AF-9014-82FADE663FB5}" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{DED0FE38-104D-4F25-81F4-A084CB067083}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{EA4243B0-F8D4-415A-BCCC-173639E405AF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{F0785630-7019-4860-AAE8-3BF25CBD85B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{03A14974-BCE3-49EE-8952-A467134BDF77}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"TCP Query User{16EF7CE9-6E0A-42E4-BD1A-AE3090F89AC6}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
"TCP Query User{1F21A618-E3EF-4349-BD11-6D95E78754A9}D:\daten\remote mouse\server\server.exe" = protocol=6 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"TCP Query User{49569D13-576C-4782-BB2D-1D1B9C0BC037}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"TCP Query User{63C04B0F-A642-4813-8136-F8A7F76FEC1C}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
"TCP Query User{92C875A6-C7A4-4AC7-8CCE-2345CAF9423E}D:\spiele\demo\age of wonders ii\aow2.exe" = protocol=6 | dir=in | app=d:\spiele\demo\age of wonders ii\aow2.exe |
"TCP Query User{98ECDA12-82B1-4D64-88DF-B19AE4930CB4}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DF208FC4-56B1-4A02-843E-9FF7F34E5339}D:\daten\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\daten\sopcast\sopcast.exe |
"TCP Query User{DFCD84D6-81B6-4377-8141-73BCCC7369D5}D:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe |
"TCP Query User{EA5B1BE9-A660-4CCF-9875-6813DA8D94CE}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F4DE3F3F-5007-4AFE-ACE7-BE5B8AFE1951}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0F996188-63D3-4E0E-A002-EBB9E7B26255}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{459D2E4D-2B82-4785-BB4A-758A98564CEA}D:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe |
"UDP Query User{71ECE4BB-7B77-4760-AE4D-AA1125D18DF2}D:\spiele\demo\age of wonders ii\aow2.exe" = protocol=17 | dir=in | app=d:\spiele\demo\age of wonders ii\aow2.exe |
"UDP Query User{80EE6BCD-E590-4B62-B48C-FB4CF5BF3F20}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
"UDP Query User{92BD085C-A5D5-4868-93C3-9F558FAE580F}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A26CDBE0-645E-49D0-BE27-F35FA90F5994}D:\daten\remote mouse\server\server.exe" = protocol=17 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"UDP Query User{A6D272D6-2A94-4A85-83E4-7B4B995C0A65}D:\daten\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\daten\sopcast\sopcast.exe |
"UDP Query User{AAC1C855-0ABA-494F-A718-F694906A0CCF}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BFFA6A2F-0842-4635-AF6C-90AAF806E1BC}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C5CF3EE0-CAAF-4F05-A904-CABCED70BC53}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CEC1AEBA-5E32-4C79-AA3B-D301D61A7EB8}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{266597A9-1732-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39FF4C41-0C7E-498D-ABAA-3CC74830BA53}" = Eco Materials Adviser for Autodesk Inventor 2013
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4209F371-4927-659B-6665-F7524E53AE40}_is1" = Ashampoo WinOptimizer 8 v.8.14.00
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5783F2D7-A005-0407-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2012
"{5783F2D7-A005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2012 Language Pack - Deutsch
"{5783F2D7-B005-0000-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2013 Language Pack - Deutsch (German)
"{5783F2D7-B005-0407-2002-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2013
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7F4DD591-1732-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1732-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B46DECD1-1732-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF526A26-1732-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1732-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.50
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FFF5619F-2013-0032-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"ANNO1602" = Anno 1602
"AutoCAD Mechanical 2012" = AutoCAD Mechanical 2012
"AutoCAD Mechanical 2013 - Deutsch (German)" = AutoCAD Mechanical 2013 - Deutsch (German)
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"DWG TrueView 2013" = DWG TrueView 2013
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Lockbox_is1" = My Lockbox 2.8.2
"Origin" = Origin
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"RocketDock_is1" = RocketDock 1.3.5
"SopCast" = SopCast 3.5.0
"Steam App 218" = Source SDK Base 2007
"Steam App 340" = Half-Life 2: Lost Coast
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.04.2013 05:35:40 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 29.04.2013 06:19:34 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.04.2013 06:19:34 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2299423
Error - 29.04.2013 06:19:34 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2299423
Error - 29.04.2013 10:19:32 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 29.04.2013 10:19:57 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 30.04.2013 01:07:06 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 30.04.2013 01:07:43 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 30.04.2013 01:51:37 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 30.04.2013 01:51:37 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
[ OSession Events ]
Error - 05.05.2012 05:30:36 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2958
seconds with 300 seconds of active time. This session ended with a crash.
Error - 05.05.2012 05:30:55 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.05.2012 05:31:16 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 13.09.2012 21:16:12 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 111908
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 26.11.2012 08:05:33 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 76
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.04.2013 10:56:21 | Computer Name = Kai-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.04.2013 10:56:25 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 10:56:49 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 10:56:51 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 10:56:53 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:01:03 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:01:04 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:01:06 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:02:24 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:02:43 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
OTL-Extra-DateienOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 17:03:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\test\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,21% Memory free
6,00 Gb Paging File | 4,62 Gb Available in Paging File | 77,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 350,32 Gb Total Space | 276,13 Gb Free Space | 78,82% Space Free | Partition Type: NTFS
Drive D: | 348,22 Gb Total Space | 199,26 Gb Free Space | 57,22% Space Free | Partition Type: NTFS
Drive F: | 686,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KAI-PC | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3026709562-3231863478-2769425423-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Daten\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Daten\Office2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Daten\Office2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Daten\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Daten\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Daten\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0086F903-A10C-4A13-8D4C-F7BF830D7325}" = lport=137 | protocol=17 | dir=in | app=system |
"{171F9262-1228-4B9C-9B43-CDDFEA8A45C0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{1A188122-BB24-4B46-9FCF-D508B5D923E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{216832FD-E2A3-42B2-9F94-AA59E122CD0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22CFD600-1D61-4F65-BDFC-D1072F93FBC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{268AC67C-53B7-4455-AA53-8E3A6F33F48F}" = lport=138 | protocol=17 | dir=in | app=system |
"{35775C35-22DC-45EB-BDD1-3DFF692CD1E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{431A3D13-8063-4236-BDA7-F298B61B5129}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46A5E126-7143-4BD3-A8E9-7620A64C8089}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{5AC0381D-CB97-4FF5-AFEE-9B6578B6BD03}" = lport=6004 | protocol=17 | dir=in | app=d:\daten\office2007\office12\outlook.exe |
"{5D74C5CF-C699-4DF6-91F5-95965DFF2E80}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{748E0C07-7DA3-409C-B3B8-5A2E26508B71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B5F9217-8765-412A-A1D2-0DEB65A2BD3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B76E85B-3BCF-4261-89A3-16419F857FC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7ECA9F01-D36E-4315-BAF4-8C3C7B524807}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D0FF1C3-3352-4D80-9025-7C92550A4D94}" = rport=137 | protocol=17 | dir=out | app=system |
"{9181252D-DF2A-427F-A094-038575FA1589}" = rport=139 | protocol=6 | dir=out | app=system |
"{91C432CE-2906-4177-9457-4783DBB463B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{98BEA4DC-A109-4FBF-AD9A-621353F94EC0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A43B2A18-0E5D-4C92-B6EA-A0F7F65A925B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A4F8C634-145E-4AA8-8BB4-7680B17A87A7}" = rport=445 | protocol=6 | dir=out | app=system |
"{AEF88B5E-5968-4457-8C98-74A1960E2DC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0735D1E-9BF1-4CF8-A2AF-FFA23D812DE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C27D27F8-54C1-432A-A0A0-02479493DE80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3600C99-2C1C-4F10-AC49-A1C9163AF38F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D07B5B3D-FB92-42CA-9FF5-C0963D40041E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D0834E43-8864-40DB-94E1-FE5FABB12018}" = lport=53908 | protocol=6 | dir=in | name=akamai netsession interface |
"{DB7206AF-4135-4D8F-A9A1-CBAEE1FA213B}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{E8A7C76B-314B-4A43-95DF-34CD1FE1AC1A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F906B9B3-024D-41BE-86EE-1471454C5914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC92FAEB-1BCB-4AD2-9E6F-8323B57FF69D}" = lport=80 | protocol=6 | dir=in | name=http |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0214B312-AAD9-4A78-846C-EF8CCEE0178B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06D3A05F-0BB5-4FA9-BB5F-7EF48423B561}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{162EE40B-37C2-4C24-A6FF-97EF37D92DF4}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{1EEC4B01-F1F8-4E1F-9030-AED1CCE6A4F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{25E7A6BF-D667-4710-B8AE-DEE165F4B4D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26B7E2AC-79F3-4417-809E-8C6C72C0F691}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe |
"{27953119-0997-4015-B842-9A44CF25339E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{27E6C3FF-730E-4E11-9E2B-23E2B06321A8}" = protocol=6 | dir=in | app=d:\spiele\overlord ii\overlord2.exe |
"{306EFDEB-1D46-4D50-89FD-AAE701AE7825}" = protocol=17 | dir=in | app=d:\spiele\overlord ii\overlord2.exe |
"{30EDA747-3D63-43E1-8902-17788D6BB748}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CFE3CA5-5DC2-46AE-B28A-869DBDBBBCAE}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{3EE11E14-899B-443E-A42C-F3D7DF819C6C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F65ED3C-6F08-428A-99FF-5A03F401EBD3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{420030CA-6FF7-4DFF-AB57-9591F2D1E75F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{4AD574C1-C316-474D-8C0B-C1C88E19F849}" = protocol=6 | dir=out | app=system |
"{52E1C089-9AA5-49B0-867D-B5BE242CAC9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{594E5C94-E80E-4917-B391-BE1BDC4D6B3A}" = dir=in | app=d:\daten\itunes\itunes.exe |
"{5AD87D6E-0F5F-4EAD-8BF8-05E19283FAA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{662001CA-957F-423C-A698-BA935A0FF483}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{71A9292E-81B9-40B9-9F2E-A8BC0E202261}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74BFDED8-0FFF-4A80-86A8-E0688052E41D}" = protocol=6 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"{77FA0B95-1966-4554-A926-2F8792AFB0B0}" = protocol=17 | dir=in | app=d:\daten\office2007\office12\onenote.exe |
"{7C1F0D5F-91E4-4904-992E-77F5751A8F85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{835A3409-98EE-4C55-8075-6A11C8F34F3B}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe |
"{8C0223A1-A4C2-407E-8C37-B4A8C6AA31C1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{944A4B76-6208-4303-B7B1-C88AA44F897F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94AEF0D3-B46A-408A-8736-B2371D5B6E26}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{98A29F3E-B120-44E1-B757-6F3EFCBAB799}" = protocol=6 | dir=in | app=d:\daten\office2007\office12\onenote.exe |
"{9D93D159-AF0A-43F8-A5AC-4AF0949256B9}" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{AECA1F85-F885-4591-B0E4-CAD2A6E0CDAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA9BAEDE-8626-4141-848E-0ECB34C9BBBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFA46A46-12E1-4272-A9E6-267B645F0013}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{BFC62061-C5ED-4983-8A53-EB84B355F847}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\source sdk base 2007\hl2.exe |
"{C05259D5-1557-4F52-B5B6-62B300286ED4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1030AC7-2596-4247-ACF4-1E1F095EE223}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C3BD1924-497D-465A-9B50-694238D72429}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\source sdk base 2007\hl2.exe |
"{C744C96D-087E-4CC6-9596-0BD22E453C92}" = protocol=17 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"{CDC9672D-4E9F-476E-89E8-06FA74973E0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D002EFF0-5ADA-4ECA-88BA-FC2F895EE7A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D11289F4-4E4C-43AF-9014-82FADE663FB5}" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{DED0FE38-104D-4F25-81F4-A084CB067083}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{EA4243B0-F8D4-415A-BCCC-173639E405AF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{F0785630-7019-4860-AAE8-3BF25CBD85B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{03A14974-BCE3-49EE-8952-A467134BDF77}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"TCP Query User{16EF7CE9-6E0A-42E4-BD1A-AE3090F89AC6}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
"TCP Query User{1F21A618-E3EF-4349-BD11-6D95E78754A9}D:\daten\remote mouse\server\server.exe" = protocol=6 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"TCP Query User{49569D13-576C-4782-BB2D-1D1B9C0BC037}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"TCP Query User{63C04B0F-A642-4813-8136-F8A7F76FEC1C}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=6 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
"TCP Query User{92C875A6-C7A4-4AC7-8CCE-2345CAF9423E}D:\spiele\demo\age of wonders ii\aow2.exe" = protocol=6 | dir=in | app=d:\spiele\demo\age of wonders ii\aow2.exe |
"TCP Query User{98ECDA12-82B1-4D64-88DF-B19AE4930CB4}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DF208FC4-56B1-4A02-843E-9FF7F34E5339}D:\daten\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\daten\sopcast\sopcast.exe |
"TCP Query User{DFCD84D6-81B6-4377-8141-73BCCC7369D5}D:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe |
"TCP Query User{EA5B1BE9-A660-4CCF-9875-6813DA8D94CE}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"TCP Query User{F4DE3F3F-5007-4AFE-ACE7-BE5B8AFE1951}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0F996188-63D3-4E0E-A002-EBB9E7B26255}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{459D2E4D-2B82-4785-BB4A-758A98564CEA}D:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\_adrenalin_\counter-strike source\hl2.exe |
"UDP Query User{71ECE4BB-7B77-4760-AE4D-AA1125D18DF2}D:\spiele\demo\age of wonders ii\aow2.exe" = protocol=17 | dir=in | app=d:\spiele\demo\age of wonders ii\aow2.exe |
"UDP Query User{80EE6BCD-E590-4B62-B48C-FB4CF5BF3F20}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
"UDP Query User{92BD085C-A5D5-4868-93C3-9F558FAE580F}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A26CDBE0-645E-49D0-BE27-F35FA90F5994}D:\daten\remote mouse\server\server.exe" = protocol=17 | dir=in | app=d:\daten\remote mouse\server\server.exe |
"UDP Query User{A6D272D6-2A94-4A85-83E4-7B4B995C0A65}D:\daten\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\daten\sopcast\sopcast.exe |
"UDP Query User{AAC1C855-0ABA-494F-A718-F694906A0CCF}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BFFA6A2F-0842-4635-AF6C-90AAF806E1BC}C:\users\kai\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C5CF3EE0-CAAF-4F05-A904-CABCED70BC53}C:\users\kai\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CEC1AEBA-5E32-4C79-AA3B-D301D61A7EB8}D:\daten\miranda\app\miranda\miranda32.exe" = protocol=17 | dir=in | app=d:\daten\miranda\app\miranda\miranda32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{266597A9-1732-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39FF4C41-0C7E-498D-ABAA-3CC74830BA53}" = Eco Materials Adviser for Autodesk Inventor 2013
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4209F371-4927-659B-6665-F7524E53AE40}_is1" = Ashampoo WinOptimizer 8 v.8.14.00
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5783F2D7-A005-0407-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2012
"{5783F2D7-A005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2012 Language Pack - Deutsch
"{5783F2D7-B005-0000-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B005-0407-1002-0060B0CE6BBA}" = AutoCAD Mechanical 2013 Language Pack - Deutsch (German)
"{5783F2D7-B005-0407-2002-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2013
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7F4DD591-1732-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1732-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B46DECD1-1732-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF526A26-1732-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1732-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion Plugin for AutoCAD 2012
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.50
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FFF5619F-2013-0032-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"ANNO1602" = Anno 1602
"AutoCAD Mechanical 2012" = AutoCAD Mechanical 2012
"AutoCAD Mechanical 2013 - Deutsch (German)" = AutoCAD Mechanical 2013 - Deutsch (German)
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"DWG TrueView 2013" = DWG TrueView 2013
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Lockbox_is1" = My Lockbox 2.8.2
"Origin" = Origin
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"RocketDock_is1" = RocketDock 1.3.5
"SopCast" = SopCast 3.5.0
"Steam App 218" = Source SDK Base 2007
"Steam App 340" = Half-Life 2: Lost Coast
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.04.2013 05:35:40 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 29.04.2013 06:19:34 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 29.04.2013 06:19:34 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2299423
Error - 29.04.2013 06:19:34 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2299423
Error - 29.04.2013 10:19:32 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 29.04.2013 10:19:57 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 30.04.2013 01:07:06 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 30.04.2013 01:07:43 | Computer Name = Kai-PC | Source = MsiInstaller | ID = 11310
Description =
Error - 30.04.2013 01:51:37 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 30.04.2013 01:51:37 | Computer Name = Kai-PC | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)
[ OSession Events ]
Error - 05.05.2012 05:30:36 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2958
seconds with 300 seconds of active time. This session ended with a crash.
Error - 05.05.2012 05:30:55 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.05.2012 05:31:16 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.
Error - 13.09.2012 21:16:12 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 111908
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 26.11.2012 08:05:33 | Computer Name = Kai-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 76
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.04.2013 10:56:21 | Computer Name = Kai-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.04.2013 10:56:25 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 10:56:49 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 10:56:51 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 10:56:53 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:01:03 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:01:04 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:01:06 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:02:24 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 30.04.2013 11:02:43 | Computer Name = Kai-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
|
|
02.05.2013, 12:41
| #2 |
| | BSI Virus Gmer Dateien
__________________GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-30 18:21:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HN-M750MBB rev.2AR10001 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\test\AppData\Local\Temp\uwldqpow.sys
---- System - GMER 2.1 ----
SSDT 903A9AAE ZwCreateSection
SSDT 903A9AB8 ZwRequestWaitReplyPort
SSDT 903A9AB3 ZwSetContextThread
SSDT 903A9ABD ZwSetSecurityObject
SSDT 903A9AC2 ZwSystemDebugControl
SSDT 903A9A4F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4DA09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C871F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8E34C 4 Bytes [AE, 9A, 3A, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C8E6A8 4 Bytes JMP BD639F2F
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C8E6EC 4 Bytes [B3, 9A, 3A, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C8E768 4 Bytes [BD, 9A, 3A, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C8E7BC 4 Bytes [C2, 9A, 3A, 90] {RET 0x3a9a; NOP }
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91411000, 0x2D5378, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text D:\Daten\Firefox\firefox.exe[316] ntdll.dll!LdrGetProcedureAddress + 26 77B52239 7 Bytes JMP 5CB56D70 D:\Daten\Firefox\xul.dll
.text D:\Daten\Firefox\firefox.exe[316] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7615941E 7 Bytes JMP 5CEAD713 D:\Daten\Firefox\xul.dll
.text D:\Daten\Firefox\firefox.exe[316] kernel32.dll!QueryPerformanceCounter + 13 7615C435 7 Bytes JMP 5CEAD736 D:\Daten\Firefox\xul.dll
.text D:\Daten\Firefox\firefox.exe[316] kernel32.dll!LoadAppInitDlls + 355 7615F4F6 7 Bytes JMP 5CB71C62 D:\Daten\Firefox\xul.dll
.text D:\Daten\Firefox\firefox.exe[316] GDI32.dll!GetViewportOrgEx + 26C 763B884B 7 Bytes JMP 5CEAD694 D:\Daten\Firefox\xul.dll
.text D:\Daten\Firefox\plugin-container.exe[1576] USER32.dll!GetWindowInfo 764B4B5E 5 Bytes JMP 5CD2E50D D:\Daten\Firefox\xul.dll
.text D:\Daten\Firefox\plugin-container.exe[1576] USER32.dll!ToUnicodeEx + 71 764C2223 7 Bytes JMP 5CD2E9FB D:\Daten\Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateFile + 6 77B355CE 4 Bytes [28, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateFile + B 77B355D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateKey + 6 77B3560E 4 Bytes [68, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateKey + B 77B35613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateMutant + 6 77B3564E 4 Bytes [68, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateMutant + B 77B35653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateSection + 6 77B356EE 4 Bytes [A8, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtCreateSection + B 77B356F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtMapViewOfSection + B 77B35C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenFile + 6 77B35CDE 4 Bytes [68, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenFile + B 77B35CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenKey + 6 77B35D0E 4 Bytes [A8, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenKey + B 77B35D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenKeyEx + B 77B35D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenMutant + 6 77B35D5E 4 Bytes [28, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenMutant + B 77B35D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcess + 6 77B35D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcess + 6 77B35D8E 4 Bytes [68, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcess + B 77B35D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcessToken + 6 77B35D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcessToken + 6 77B35D9E 4 Bytes [A8, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcessToken + B 77B35DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcessTokenEx + 6 77B35DAE 4 Bytes [68, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenProcessTokenEx + B 77B35DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenSection + B 77B35DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenThread + 6 77B35E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenThread + 6 77B35E0E 4 Bytes [28, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenThread + B 77B35E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenThreadToken + 6 77B35E1E 4 Bytes [28, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenThreadToken + B 77B35E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenThreadTokenEx + 6 77B35E2E 4 Bytes [A8, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtOpenThreadTokenEx + B 77B35E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtQueryAttributesFile + 6 77B35F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtQueryAttributesFile + B 77B35F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtQueryFullAttributesFile + B 77B35FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtSetInformationFile + 6 77B3663E 4 Bytes [28, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtSetInformationFile + B 77B36643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtSetInformationThread + 6 77B3669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtSetInformationThread + B 77B366A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtUnmapViewOfSection + 6 77B369BE 4 Bytes [28, 05, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ntdll.dll!NtUnmapViewOfSection + B 77B369C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] kernel32.dll!CreateProcessW 7611204D 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] kernel32.dll!CreateProcessA 76112082 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!DeleteObject 763B5F14 5 Bytes JMP 001301B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SelectObject 763B6640 5 Bytes JMP 001305F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetTextColor 763B6906 5 Bytes JMP 00130A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetBkMode 763B69B1 5 Bytes JMP 001308F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!DeleteDC 763B6EAA 5 Bytes JMP 00130170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetDeviceCaps 763B6F7F 5 Bytes JMP 001303B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!ExtSelectClipRgn 763B7114 5 Bytes JMP 001302F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SelectClipRgn 763B7242 5 Bytes JMP 001305B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetStretchBltMode 763B7705 5 Bytes JMP 001306B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetCurrentObject 763B7917 5 Bytes JMP 00130370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextMetricsW 763B7B8F 5 Bytes JMP 00130E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextAlign 763B7DAF 5 Bytes JMP 00130D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!IntersectClipRect 763B7DFE 5 Bytes JMP 001303F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!ExtTextOutW 763B8192 5 Bytes JMP 00130970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetTextAlign 763B828E 5 Bytes JMP 001309F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetClipBox 763B8525 5 Bytes JMP 00130330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!MoveToEx 763B8C21 5 Bytes JMP 00130470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!StretchDIBits 763BA53E 5 Bytes JMP 00130770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!RestoreDC 763BA67B 5 Bytes JMP 00130530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SaveDC 763BA74B 5 Bytes JMP 00130570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextExtentPoint32W 763BB4B5 5 Bytes JMP 00130670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextFaceW 763BB73A 2 Bytes JMP 00130D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextFaceW + 3 763BB73D 2 Bytes [D7, 89]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetFontData 763BBCC4 5 Bytes JMP 00130C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetWorldTransform 763BC90A 5 Bytes JMP 001306F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!CreateDCA 763BCCA9 5 Bytes JMP 001300B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!CreateDCW 763BCF79 5 Bytes JMP 001300F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!CreateICW 763BCFD0 5 Bytes JMP 00130130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextMetricsA 763BD0F2 5 Bytes JMP 00130DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!Rectangle 763BF1FF 5 Bytes JMP 001309B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!LineTo 763BF59B 5 Bytes JMP 00130430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetICMMode 763BFAA4 5 Bytes JMP 00130DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!ExtTextOutA 763C03F9 5 Bytes JMP 00130930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextExtentPoint32A 763C07B0 5 Bytes JMP 00130630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!ExtEscape 763C2949 5 Bytes JMP 001302B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!Escape 763C3939 5 Bytes JMP 00130270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetTextFaceA 763C3E6A 5 Bytes JMP 00130CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetPolyFillMode 763CD851 5 Bytes JMP 00130B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SetMiterLimit 763CDA0D 5 Bytes JMP 00130B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!EndPage 763D00D7 5 Bytes JMP 00130230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!ResetDCW 763D050D 5 Bytes JMP 00130AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!GetGlyphOutlineW 763DC1BA 5 Bytes JMP 00130CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!CreateScalableFontResourceW 763DE817 5 Bytes JMP 00130BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!AddFontResourceW 763DEC13 5 Bytes JMP 00130BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!RemoveFontResourceW 763DF109 5 Bytes JMP 00130C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!AbortDoc 763E4C63 5 Bytes JMP 00130030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!EndDoc 763E50AA 5 Bytes JMP 001301F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!StartPage 763E5195 5 Bytes JMP 00130730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!StartDocW 763E5BB0 5 Bytes JMP 001307F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!BeginPath 763E635D 5 Bytes JMP 00130830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!SelectClipPath 763E63B4 5 Bytes JMP 00130AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!CloseFigure 763E640F 5 Bytes JMP 00130070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!EndPath 763E6466 5 Bytes JMP 00130A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!StrokePath 763E6699 5 Bytes JMP 001307B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!FillPath 763E6726 5 Bytes JMP 00130870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!PolylineTo 763E6B94 5 Bytes JMP 001304F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!PolyBezierTo 763E6C25 5 Bytes JMP 001304B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] GDI32.dll!PolyDraw 763E6CD7 5 Bytes JMP 001308B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!ActivateKeyboardLayout 764A8203 5 Bytes JMP 001404F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!ScreenToClient 764AA506 7 Bytes JMP 00140670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!RegisterClipboardFormatA 764AC091 5 Bytes JMP 001402F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!RegisterClipboardFormatW 764ADF8D 5 Bytes JMP 001402B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!SetCursor 764B3075 5 Bytes JMP 00140530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!MonitorFromWindow 764B3622 7 Bytes JMP 00140630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!PostMessageW 764B447B 5 Bytes JMP 001405F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!IsWindowVisible 764B4D69 7 Bytes JMP 001406B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetClientRect 764B54DD 7 Bytes JMP 001405B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!MapWindowPoints 764B5CAA 5 Bytes JMP 00140570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetParent 764B6029 7 Bytes JMP 001406F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!EmptyClipboard 764C290C 5 Bytes JMP 00140130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!SetClipboardData 764C2962 5 Bytes JMP 00140170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetClipboardData 764C2BA7 5 Bytes JMP 00140030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetClipboardFormatNameW 764C5FD2 5 Bytes JMP 00140230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!SetClipboardViewer 764C6FF6 5 Bytes JMP 001404B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetClipboardFormatNameA 764C700A 5 Bytes JMP 00140270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!ChangeClipboardChain 764D147C 5 Bytes JMP 00140430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetTopWindow 764D24D9 7 Bytes JMP 00140730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!CloseClipboard 764D446C 5 Bytes JMP 001400B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!OpenClipboard 764D447E 5 Bytes JMP 00140070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!IsClipboardFormatAvailable 764D44FF 5 Bytes JMP 001400F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetClipboardSequenceNumber 764D4513 5 Bytes JMP 00140330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetClipboardOwner 764D4525 5 Bytes JMP 00140370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!CountClipboardFormats 764D470A 5 Bytes JMP 001401F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!EnumClipboardFormats 764D47EC 5 Bytes JMP 001401B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetOpenClipboardWindow 764D480B 5 Bytes JMP 001403F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!SetCursorPos 764EC1B0 5 Bytes JMP 00140770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetClipboardViewer 76504AF7 5 Bytes JMP 00140470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] USER32.dll!GetPriorityClipboardFormat 76504BF9 5 Bytes JMP 001403B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ole32.dll!OleSetClipboard 779F0045 5 Bytes JMP 00150030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ole32.dll!OleIsCurrentClipboard 779F36B2 5 Bytes JMP 00150070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe[3464] ole32.dll!OleGetClipboard 77A1FDCD 5 Bytes JMP 001500B0
---- EOF - GMER 2.1 ----
|
|
03.05.2013, 11:53
| #3 |
| /// Helfer-Team  | BSI Virus Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
[2013.04.29 17:10:55 | 000,127,488 | ---- | C] (§¬§à§â§á§à§â§Ñ§è§Ú§ñ §®§Ñ§Û§Ü§â§à§ã§à§æ§ä2) -- C:\ProgramData\jejenini.dat
[2013.04.29 17:10:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.04.30 07:52:54 | 095,023,320 | ---- | M] () -- C:\ProgramData\ininejej.pad
[2013.04.30 07:51:40 | 000,002,685 | ---- | C] () -- C:\ProgramData\ininejej.js
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\test\*.tmp
C:\Users\test\AppData\*.dll
C:\Users\test\AppData\*.exe
C:\Users\test\AppData\Local\Temp\*.exe
C:\Users\test\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
19.06.2013, 07:36
| #4 |
| /// Helfer-Team | BSI Virus Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu BSI Virus |
| adobe after effects, bereits, bsi gvu trojaner, bsi trojaner, direkt, eingefangen, gefangen, gen, hoffe, install.exe, msiinstaller, origin, plug-in, problem, schnell, third party, virus, virus eingefangen, würde, youtube downloader |
Linear-Darstellung
