Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.03.2013, 22:39   #1
Unleashed_80
 
HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme - Standard

HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme



Abend,

Am Donnerstag den 28.03.2013 habe ich eine Email von einem Kunden von mir bekommen das ich Spam Mails mit meinem Hotmail Konto verschicke. Im Postausgang war tatsächlich eine Abgesendete Email an mehrer Kontakte von mir.

Darauf habe ich mein Passwort geändert und alle Passwort-Logs von meinem Browser (Firefox) gelöscht.

Zu erst bin ich davon ausgegangen das mein Passwort gehackt wurde, als ich bemerkte das in einer meiner anderen Emailaccounts das selbe problem auftauchte (yahoo). habe ich den verdacht gehabt das diese Informationen von enem Virus oder so was ähnlichem vom meinem Laptop entwendet worden.

Als erstes habe ich eine 30 Tage Testversion von Kaspersky herunterladen und ein Virenscan gemacht. Der endeckte das hier

Kaspersky
Code:
ATTFilter
Typ: trojanisches Programm (1)	
HEUR:Exploit.Java.CVE-2012-0507.gen	Gefunden; nicht verarbeitet	29.03.2013 20:26:47	c:\documents and settings\***\appdata\locallow\sun\java\deployment\cache\6.0\14\	39fa268e-698ca078	
Typ: Unbekannt (1)	
Auto0Shutdown0Restyled0Pierre.gadget.~0000	Desinfiziert	29.03.2013 00:24:48	C:\Documents and Settings\***\AppData\Local\Temp\	Auto0Shutdown0Restyled0Pierre.gadget.~0000	
Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (1)	
not-a-virus:RiskTool.JS.Shutdown.b	Gelöscht	29.03.2013 00:24:48	C:\Documents and Settings\***\AppData\Local\Temp\Auto0Shutdown0Restyled0Pierre.gadget.~0000//core/	gadget.js
         
Da ich keine richtige lösung gefunden habe, dachte mir, einfach mal wieder den Rechner Platt machen. Rechner Neugestartet und dann F2 gedrückt, ich wollte erstmal in den Abgesicherten-Modus nur da wurde ich auf einmal nach einem Passwort gefragt! Was für ein Passswort? Ich hab da kein Passwort?

defogger runter geladen und die Schritte befolgt! Auf Desktop gespeichert und ausgeführt nach Anweisung "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?"

OTL.txt erhalten aber KEIN Extra.txt
Was ist schief gelaufen

Ich hoffe Ihr könnt mir HELFEN, danke im Vorrraus


EDIT:
Werde nochmal eine OTL SCAN machen diesmal nach der Anleitung von
http://www.trojaner-board.de/85104-o...-oldtimer.html

liegt daran das die Scan Benutzer Hacken gesetz sein muss damit Extra-Registrierung eingeschaltet wird.
Diesmal mache ich ein SCAN und kein QUICK SCAN. Zusätzlich habe ich Hacken an LOP Prüfung und Purity Prüfung gemacht wie bei der Edit Einleitung von OTL-SCAN

.
OTL.txt
Code:
ATTFilter
OTL logfile created on: 30.03.2013 00:01:28 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 43,16% Memory free
9,91 Gb Paging File | 7,26 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): d:\pagefile.sys 6090 6090 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217,69 Gb Total Space | 81,68 Gb Free Space | 37,52% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,95 Gb Free Space | 59,70% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (IDT, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD D8 4E 28 A5 E9 CD 01  [binary data]
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..\SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20130110&user_guid=D565FD806174475989F2E89C6F838B4A&machine_id=2a365d1fa0e5d9dc9b85d05519ed3cba&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.18 23:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.19 01:30:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.01.19 04:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.03.28 22:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.29 21:41:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:42:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.29 21:41:13 | 000,000,000 | ---D | M]
 
[2013.01.20 14:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.03.08 13:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.28 22:45:33 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.08 13:42:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.19 04:30:42 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.27 02:47:10 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe (MAGIX AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk = C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2821305750-3191182855-151338836-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C28292FF-D304-44DD-A323-9183358D1BFD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.29 22:47:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.03.29 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.03.29 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\trojaner board
[2013.03.29 22:07:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.29 00:50:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.29 00:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.29 00:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.29 00:48:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.29 00:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.28 22:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.03.28 22:34:02 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.03.28 22:33:20 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.03.28 22:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.28 22:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.03.28 22:32:52 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.03.28 22:32:52 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.03.28 22:23:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013
[2013.03.28 21:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.28 21:53:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.28 21:53:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.28 21:53:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.28 21:53:48 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.28 17:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.03.28 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.03.27 15:18:37 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.03.20 22:04:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.14 10:15:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.14 10:15:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.14 10:15:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.14 10:15:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.14 10:15:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.14 10:15:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.14 10:15:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.14 10:15:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.14 10:15:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.14 10:15:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.14 10:15:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.14 10:15:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.14 10:15:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.14 10:15:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.14 10:15:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 20:24:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2013.03.13 20:12:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2013.03.08 13:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.01 23:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.02.28 01:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.02.28 01:42:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2013.02.28 01:29:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2013.02.28 00:09:06 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 00:09:05 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 00:09:05 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 00:09:05 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 00:09:04 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 00:09:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 00:09:03 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 00:09:03 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 00:09:03 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 00:09:03 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 00:09:03 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 00:09:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 00:09:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 00:09:03 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 00:09:03 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 00:09:02 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 00:09:02 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 00:09:02 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 00:09:02 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 00:09:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 00:09:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 00:09:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 00:09:01 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 00:09:01 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 00:09:01 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 00:09:01 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 00:09:01 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 00:09:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 00:09:01 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 00:09:01 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 00:09:01 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 00:09:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 00:09:00 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.28 00:09:00 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.28 00:09:00 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.29 23:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.29 22:29:52 | 000,001,237 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.03.29 22:09:43 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 22:09:43 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.29 22:02:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.29 22:01:18 | 003,106,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.29 22:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.29 22:00:56 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.29 12:52:09 | 000,037,066 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2013-03-29.json
[2013.03.29 11:25:11 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.03.29 01:12:46 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.03.29 01:12:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.29 01:12:03 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.03.29 00:49:00 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.28 22:35:21 | 000,002,342 | ---- | M] () -- C:\Users\***\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.03.28 22:34:03 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.03.28 21:53:41 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.28 21:53:39 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.28 21:53:39 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.28 21:53:38 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.28 21:53:38 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.28 21:53:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.28 17:49:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.16 10:52:48 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.16 10:52:48 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.10 02:39:30 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.10 02:39:30 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.10 02:39:30 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.10 02:39:30 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.10 02:39:30 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.08 15:47:16 | 000,604,592 | ---- | M] () -- C:\Users\***\Documents\img016.pdf
[2013.03.08 15:39:24 | 000,346,220 | ---- | M] () -- C:\Users\***\Documents\img015.pdf
[2013.03.08 15:36:53 | 000,323,774 | ---- | M] () -- C:\Users\***\Documents\img014.pdf
[2013.03.08 15:05:10 | 000,442,266 | ---- | M] () -- C:\Users\***\Documents\img013.pdf
[2013.02.28 14:19:49 | 000,416,226 | ---- | M] () -- C:\Users\***\Documents\img012.pdf
 
========== Files Created - No Company Name ==========
 
[2013.03.29 22:29:52 | 000,001,237 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.03.29 22:07:50 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.03.29 22:07:50 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.03.29 12:52:09 | 000,037,066 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2013-03-29.json
[2013.03.29 11:25:11 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.29 00:49:00 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.28 22:35:21 | 000,002,342 | ---- | C] () -- C:\Users\***\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.03.28 22:34:13 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.03.28 17:49:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.03.28 17:49:11 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.03.08 15:47:16 | 000,604,592 | ---- | C] () -- C:\Users\***\Documents\img016.pdf
[2013.03.08 15:39:24 | 000,346,220 | ---- | C] () -- C:\Users\***\Documents\img015.pdf
[2013.03.08 15:36:53 | 000,323,774 | ---- | C] () -- C:\Users\***\Documents\img014.pdf
[2013.03.08 15:05:10 | 000,442,266 | ---- | C] () -- C:\Users\***\Documents\img013.pdf
[2013.02.28 14:19:49 | 000,416,226 | ---- | C] () -- C:\Users\***\Documents\img012.pdf
[2013.02.28 01:42:38 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.28 01:42:36 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.20 15:26:50 | 000,009,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.20 15:19:48 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.10 22:56:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.10 00:53:58 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.27 02:58:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.12.27 00:46:43 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\implode.dll
[2012.12.24 16:29:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.10 00:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.01.18 23:25:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.01.18 23:25:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.05 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2013.01.18 16:28:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2013.02.22 14:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Learnpulse
[2013.01.19 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2013.03.29 22:29:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.01.18 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2013.01.18 22:28:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\simplitec
[2013.01.18 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.12.29 04:26:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows SideBar
[2013.02.01 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.02.01 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 30.03.2013 00:01:28 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 43,16% Memory free
9,91 Gb Paging File | 7,26 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): d:\pagefile.sys 6090 6090 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 217,69 Gb Total Space | 81,68 Gb Free Space | 37,52% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,95 Gb Free Space | 59,70% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E88329-2EEC-407F-88CD-92E7F829640D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{02FD9EC1-308F-4B68-BC9A-333630A2D12A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{076C0EC0-4D9D-4E1A-88FF-B70A98778409}" = lport=445 | protocol=6 | dir=in | app=system | 
"{13603921-E141-448C-A1CB-0D023C640425}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2B58D467-6CDA-4A75-9EF0-56A7AE6C8EDD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C787BDA-AAC3-4A44-9E6D-EE96C4B07315}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3618603B-2EF5-4EC8-90A9-A9719AFC7BA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{401171D6-BB82-4E52-AAF9-56B33ED8043A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5BF3F394-E1FC-4E9E-AE3F-DAAF0EF28F98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C2F52FE-18CC-4B39-9A67-38DC32FBC4D5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{61B10E63-9F2B-4B35-ABB6-8D4A04E51148}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6906E662-2DFF-4C69-BE1B-CAF30BDF6478}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7C9D6096-C75D-464F-B0EB-3F4E0F6C1510}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{95782473-2752-4961-ACDE-8DF7EC8304C9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BD400D36-9038-406F-A57F-A17956268D15}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BE79BB18-C5EE-43D8-93EB-46857629CC2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C6A512B6-EC34-4696-860D-4CBE80CF9417}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CCCE698D-23D6-4AB0-BF15-C6AB95C22BD8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DCB9C59C-6BB7-43D7-9B02-52EECA90F100}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E32CEFDA-0DFD-4A29-A483-2C3F0CD8ADF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB41DD6B-C0E1-41BF-B82E-0BE10E74AED8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FC36C7D6-C60D-4992-91E9-0D30EC2605D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD5A1954-2B04-4F27-9902-451C1F70315C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CDE10AF-301B-4728-B817-FDB09EDD8696}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3027D6C5-CA34-41BE-BA26-9DA21678C7F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4C1D296E-5154-4288-B1BF-B1EE61006E81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C4B2A4B-1CBB-4658-8FFB-0D3602E59F64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{529A3B2C-599B-4D36-8D6D-C346AA2B873C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5313FDE7-5C55-4C20-9C05-23F1B42FD7AF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{54FF1718-249D-453E-8480-A17141C064B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{657D51E3-CCB1-4C34-B26C-EA31FA01D3A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{696BF2B0-0A91-4810-8D93-FE3F89D67735}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6F8F538A-5F56-4238-86D7-FC10069ABA4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E4DD87E-755D-4351-BE3F-7A889EA57480}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{805B405D-D1C9-445C-B615-E394E2421D0E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{894CB74E-A861-47F6-BA04-521F41BC90B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DE4A598-6746-4188-98F8-76147CD0FA62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{966945D6-E0F2-42DA-B1F9-1D6E0AD9E59C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9DBF0DD2-5158-47E9-AF7E-1EF35AA67638}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{ADF1209E-F1A1-4E7A-82B8-B22B03A189BC}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{BCA563E8-3AB3-4AA6-A258-EBCB03357B49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C482F0DD-9569-4B49-9D58-186F6B3FAA9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8317A6D-C10D-4AFC-87E9-5036F01E5C15}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5907F4C-0636-4EA1-BDE0-00B34030538B}" = protocol=6 | dir=out | app=system | 
"{EDB4EF54-DE2A-489C-97CC-23704C98B69E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F68ED043-78B8-48FD-999F-FBD13CFC5F67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{00B13F28-362F-48AC-AFFD-EECCF7A8DD3F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{EC545AF0-A086-4001-954E-388C98F4E9EB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2C1AE975-4CAE-4146-A496-98CA1A5B080C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{CC389EE9-E40C-48E6-BD21-91BC27799781}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64FBA03C-575C-D688-1C80-A5773CE471F9}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"VLC media player" = VLC media player 2.0.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{24773223-031F-4291-B85F-E7AF4ABE5E46}" = MAGIX Foto Manager 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}" = MAGIX Speed burnR (MSI)
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2009
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F78CC9B-AC09-4C96-B834-C137C3C62871}" = mufin player 2.5
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}" = simplitec simplicheck
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}" = MAGIX Screenshare
"{BAED3957-C271-4670-A50D-8D7438701917}" = Nemetschek Allplan 2009
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E41712A1-DEEB-4D10-BCF1-046BA0611F94}" = MAGIX Video deluxe MX Plus Sonderedition
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"Dell Dock" = Dell Dock
"DivX Setup" = DivX-Setup
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Free Studio_is1" = Free Studio version 5.8.0.1201
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MAGIX_{24773223-031F-4291-B85F-E7AF4ABE5E46}" = MAGIX Foto Manager 10
"MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}" = MAGIX Speed burnR (MSI)
"MAGIX_{9F78CC9B-AC09-4C96-B834-C137C3C62871}" = mufin player 2.5
"MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}" = MAGIX Screenshare
"MAGIX_{E41712A1-DEEB-4D10-BCF1-046BA0611F94}" = MAGIX Video deluxe MX Plus Sonderedition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for Magix" = Art Effects for Magix
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"PS3 Media Server" = PS3 Media Server
"RealPlayer 15.0" = RealPlayer
"VirtualCloneDrive" = VirtualCloneDrive
"WinAce Archiver" = WinAce Archiver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2821305750-3191182855-151338836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.03.2013 20:18:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a1d3  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a0ed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00172818  ID des fehlerhaften
 Prozesses: 0x6518  Startzeit der fehlerhaften Anwendung: 0x01ce2b49b34a0932  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 046b3574-973d-11e2-9699-00225f4e02bd
 
Error - 27.03.2013 23:39:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2013 06:28:54 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2013 16:12:36 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c58    Startzeit: 
01ce2bf0785385a2    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 cf525098-97e3-11e2-a450-00225f4e02bd  
 
Error - 28.03.2013 17:26:36 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2013 05:54:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2013 07:32:35 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: c84    Startzeit: 01ce2c6342a137e0    Endzeit: 47    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: 4f7a7d4f-9864-11e2-9318-002219e7091b  
 
Error - 29.03.2013 07:38:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2013 15:56:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.03.2013 16:59:56 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11719
Description = 
 
Error - 29.03.2013 17:02:47 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 28.03.2013 15:35:57 | Computer Name = ***-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 29.03.2013 07:31:38 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 29.03.2013 07:31:38 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 29.03.2013 07:31:39 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 29.03.2013 07:31:39 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 29.03.2013 07:32:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 29.03.2013 07:32:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 29.03.2013 07:33:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 29.03.2013 07:33:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 29.03.2013 15:11:38 | Computer Name = ***-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
         
werde jetzt erstmal weiter machen und den GMER scannen lassen

Gmer
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 01:43:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250421ASG rev.DE17 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\***\AppData\Local\Temp\uwlyikob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\RunDll32.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000075ae1465 2 bytes [AE, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           0000000075ae14bb 2 bytes [AE, 75]
.text  ...                                                                                                                                       * 2
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000075ae1465 2 bytes [AE, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000075ae14bb 2 bytes [AE, 75]
.text  ...                                                                                                                                       * 2
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5      0000000077d3f991 8 bytes {MOV EDX, 0xd03e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15     0000000077d3f99b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                   0000000077d3fa0d 8 bytes {MOV EDX, 0xd01a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                  0000000077d3fa17 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                 0000000077d3fb25 8 bytes {MOV EDX, 0xd0168; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                0000000077d3fb2f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5           0000000077d3fbd5 8 bytes {MOV EDX, 0xd0428; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15          0000000077d3fbdf 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5               0000000077d3fc05 8 bytes {MOV EDX, 0xd0368; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15              0000000077d3fc0f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5        0000000077d3fc1d 8 bytes {MOV EDX, 0xd0128; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15       0000000077d3fc27 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5          0000000077d3fc35 8 bytes {MOV EDX, 0xd04e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15         0000000077d3fc3f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5        0000000077d3fc65 8 bytes {MOV EDX, 0xd0528; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15       0000000077d3fc6f 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5         0000000077d3fce5 8 bytes {MOV EDX, 0xd04a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15        0000000077d3fcef 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5        0000000077d3fcfd 8 bytes {MOV EDX, 0xd0468; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15       0000000077d3fd07 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                  0000000077d3fd49 8 bytes {MOV EDX, 0xd0068; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                 0000000077d3fd53 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5               0000000077d3fdad 8 bytes {MOV EDX, 0xd02e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15              0000000077d3fdb7 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5       0000000077d3fe41 8 bytes {MOV EDX, 0xd00a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15      0000000077d3fe4b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5             0000000077d3ff89 8 bytes {MOV EDX, 0xd02a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15            0000000077d3ff93 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                0000000077d40099 8 bytes {MOV EDX, 0xd0028; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15               0000000077d400a3 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5              0000000077d40781 8 bytes {MOV EDX, 0xd0268; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15             0000000077d4078b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                 0000000077d40ffd 8 bytes {MOV EDX, 0xd01e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                0000000077d41007 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                0000000077d4105d 8 bytes {MOV EDX, 0xd0228; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15               0000000077d41067 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5          0000000077d410a5 8 bytes {MOV EDX, 0xd03a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15         0000000077d410af 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                0000000077d4111d 8 bytes {MOV EDX, 0xd0328; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15               0000000077d41127 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5   0000000077d41321 8 bytes {MOV EDX, 0xd00e8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15  0000000077d4132b 1 byte [90]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\kernel32.dll!CreateProcessW               000000007559103d 5 bytes JMP 0000000100010030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\kernel32.dll!CreateProcessA               0000000075591072 5 bytes JMP 0000000100010070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW               0000000075b0119f 5 bytes JMP 0000000100020030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                 0000000075b011cf 5 bytes JMP 0000000100020070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                   0000000075b54de0 5 bytes JMP 00000001000f03b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SelectObject                    0000000075b54f70 5 bytes JMP 00000001000f05f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetBkMode                       0000000075b551a2 5 bytes JMP 00000001000f08f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetTextColor                    0000000075b5522d 5 bytes JMP 00000001000f0a30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!DeleteObject                    0000000075b55689 5 bytes JMP 00000001000f01b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!DeleteDC                        0000000075b558b3 5 bytes JMP 00000001000f0170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                0000000075b56bad 5 bytes JMP 00000001000f0370
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SaveDC                          0000000075b56e05 5 bytes JMP 00000001000f0570
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!RestoreDC                       0000000075b56ead 5 bytes JMP 00000001000f0530
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode               0000000075b57180 5 bytes JMP 00000001000f06b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StretchDIBits                   0000000075b57435 5 bytes JMP 00000001000f0770
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateDCA                       0000000075b57bcc 5 bytes JMP 00000001000f00b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!IntersectClipRect               0000000075b57dc4 5 bytes JMP 00000001000f03f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextAlign                    0000000075b57fd5 5 bytes JMP 00000001000f0d70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                 0000000075b582b2 5 bytes JMP 00000001000f0e30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetTextAlign                    0000000075b58401 5 bytes JMP 00000001000f09f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                0000000075b5879f 5 bytes JMP 00000001000f02f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                   0000000075b58916 5 bytes JMP 00000001000f05b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                     0000000075b58b7a 5 bytes JMP 00000001000f0970
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!MoveToEx                        0000000075b58ee6 5 bytes JMP 00000001000f0470
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetFontData                     0000000075b59875 5 bytes JMP 00000001000f0c70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                    0000000075b59936 5 bytes JMP 00000001000f0d30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!Rectangle                       0000000075b5a53a 5 bytes JMP 00000001000f09b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetClipBox                      0000000075b5af9f 5 bytes JMP 00000001000f0330
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!LineTo                          0000000075b5b9e5 5 bytes JMP 00000001000f0430
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetICMMode                      0000000075b5bd55 5 bytes JMP 00000001000f0db0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateICW                       0000000075b5c040 5 bytes JMP 00000001000f0130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W           0000000075b5c107 5 bytes JMP 00000001000f0670
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetWorldTransform               0000000075b5c269 5 bytes JMP 00000001000f06f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                 0000000075b5d1f1 5 bytes JMP 00000001000f0df0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A           0000000075b5d349 5 bytes JMP 00000001000f0630
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                     0000000075b5dce4 5 bytes JMP 00000001000f0930
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateDCW                       0000000075b5e743 5 bytes JMP 00000001000f00f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ExtEscape                       0000000075b603b7 5 bytes JMP 00000001000f02b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!Escape                          0000000075b61bda 5 bytes JMP 00000001000f0270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                    0000000075b61e89 5 bytes JMP 00000001000f0cf0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                 0000000075b64843 5 bytes JMP 00000001000f0b30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                   0000000075b65690 5 bytes JMP 00000001000f0b70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!EndPage                         0000000075b66bde 5 bytes JMP 00000001000f0230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!ResetDCW                        0000000075b6e2db 5 bytes JMP 00000001000f0ab0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                0000000075b7940d 5 bytes JMP 00000001000f0cb0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW     0000000075b7c621 5 bytes JMP 00000001000f0bb0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                0000000075b7d2b2 5 bytes JMP 00000001000f0bf0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW             0000000075b7d919 5 bytes JMP 00000001000f0c30
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!AbortDoc                        0000000075b83adc 5 bytes JMP 00000001000f0030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!EndDoc                          0000000075b83f29 5 bytes JMP 00000001000f01f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StartPage                       0000000075b8401a 5 bytes JMP 00000001000f0730
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StartDocW                       0000000075b84c51 5 bytes JMP 00000001000f07f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!BeginPath                       0000000075b853fd 5 bytes JMP 00000001000f0830
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!SelectClipPath                  0000000075b85454 5 bytes JMP 00000001000f0af0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!CloseFigure                     0000000075b854af 5 bytes JMP 00000001000f0070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!EndPath                         0000000075b85506 5 bytes JMP 00000001000f0a70
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!StrokePath                      0000000075b8573f 5 bytes JMP 00000001000f07b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!FillPath                        0000000075b857d2 5 bytes JMP 00000001000f0870
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!PolylineTo                      0000000075b85c44 5 bytes JMP 00000001000f04f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                    0000000075b85cd5 5 bytes JMP 00000001000f04b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\GDI32.dll!PolyDraw                        0000000075b85d87 5 bytes JMP 00000001000f08b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!MapWindowPoints                0000000076fe8c40 5 bytes JMP 0000000100200570
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW       0000000076fe9ebd 5 bytes JMP 00000001002002b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA       0000000076ff0afa 5 bytes JMP 00000001002002f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClientRect                  0000000076ff0c62 7 bytes JMP 00000001002005b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetParent                      0000000076ff0f68 7 bytes JMP 00000001002006f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!IsWindowVisible                0000000076ff112d 7 bytes JMP 00000001002006b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!PostMessageW                   0000000076ff12a5 5 bytes JMP 00000001002005f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!ScreenToClient                 0000000076ff227d 7 bytes JMP 0000000100200670
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!MonitorFromWindow              0000000076ff3150 7 bytes JMP 0000000100200630
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetCursor                      0000000076ff41f6 5 bytes JMP 0000000100200530
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA        0000000076ff68ef 5 bytes JMP 0000000100200270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW        0000000076ff77fa 5 bytes JMP 0000000100200230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetTopWindow                   0000000076ff7887 7 bytes JMP 0000000100200730
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable     0000000076ff8676 5 bytes JMP 00000001002000f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber     0000000076ff8696 5 bytes JMP 0000000100200330
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!CloseClipboard                 0000000076ff8e8d 5 bytes JMP 00000001002000b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!OpenClipboard                  0000000076ff8ecb 5 bytes JMP 0000000100200070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain           0000000076ffc17b 5 bytes JMP 0000000100200430
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats           0000000076ffc449 5 bytes JMP 00000001002001b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow         0000000076ffc468 5 bytes JMP 00000001002003f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!CountClipboardFormats          0000000076ffc486 5 bytes JMP 00000001002001f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetClipboardViewer             0000000076ffc4b6 5 bytes JMP 00000001002004b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout         0000000076ffd6c0 5 bytes JMP 00000001002004f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardOwner              0000000076ffe360 5 bytes JMP 0000000100200370
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetClipboardData               0000000077028e57 5 bytes JMP 0000000100200170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!SetCursorPos                   0000000077029cfd 5 bytes JMP 0000000100200770
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardData               0000000077029f1d 5 bytes JMP 0000000100200030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!EmptyClipboard                 0000000077047cb9 5 bytes JMP 0000000100200130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetClipboardViewer             0000000077048111 5 bytes JMP 0000000100200470
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat     000000007704832f 5 bytes JMP 00000001002003b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer             0000000075419606 5 bytes JMP 00000001002900f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle         0000000075420581 5 bytes JMP 0000000100290130
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext         0000000075420bb9 5 bytes JMP 0000000100290270
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken             0000000075420c2e 5 bytes JMP 00000001002901b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA       0000000075420f2e 5 bytes JMP 0000000100290070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA   0000000075421096 5 bytes JMP 00000001002900b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                000000007542124e 5 bytes JMP 00000001002901f0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                000000007542129d 5 bytes JMP 0000000100290230
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA     0000000075421527 5 bytes JMP 0000000100290030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA    0000000075421590 5 bytes JMP 0000000100290170
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\ole32.dll!OleSetClipboard                 0000000075e00045 5 bytes JMP 0000000100410030
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard           0000000075e036b2 5 bytes JMP 0000000100410070
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\ole32.dll!OleGetClipboard                 0000000075e2fdcd 5 bytes JMP 00000001004100b0
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000075ae1465 2 bytes [AE, 75]
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[2884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000075ae14bb 2 bytes [AE, 75]
.text  ...                                                                                                                                       * 2
.text  C:\Users\***\Desktop\OTL.exe[5104] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                           0000000075ae1465 2 bytes [AE, 75]
.text  C:\Users\***\Desktop\OTL.exe[5104] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                          0000000075ae14bb 2 bytes [AE, 75]
.text  ...                                                                                                                                       * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f4e02bd                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f4e02bd@d8b3772d5a42                                                  0x65 0x72 0x7E 0x6F ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f4e02bd (not active ControlSet)                                           
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f4e02bd@d8b3772d5a42                                                      0x65 0x72 0x7E 0x6F ...

---- EOF - GMER 2.1 ----
         
--- --- ---


so ich hoffe jemand kann mir jetzt helfen

nochmals Danke im Vorraus

Geändert von Unleashed_80 (29.03.2013 um 23:28 Uhr)

Alt 01.04.2013, 12:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme - Standard

HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme



Hallo und

Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
Warum bitte ist bei dir dieser Eintrag in deiner Hosts-Datei?

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Professional Edition von Windows, brauchst du das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________

__________________

Alt 01.04.2013, 19:53   #3
Unleashed_80
 
HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme - Standard

HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme



Die 64-Bit Windows haben wir von der Uni bekommen. Warum? War kostenlos und da mein Rechner eine 4GB Areitsspeicher hat brauch ich doch die 64-Bit Version oder nicht? Dell hatte mir nur eine ne 32-Bit Version geschickt (Was ich auch nicht verstehe)! Aber das ist auch über 3-4 jahre her.
.
Was ist das?
O1 - Hosts: 127.0.0.1 activate.adobe.com
__________________

Alt 01.04.2013, 20:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme - Standard

HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme



Zitat:
Was ist das?
O1 - Hosts: 127.0.0.1 activate.adobe.com
Verrate du es mir
Warum benötigt dein Rechner einen Hack, der es ermöglicht, dass nichts mehr activate.adobe.com kontaktieren kann?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.04.2013, 20:44   #5
Unleashed_80
 
HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme - Standard

HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme



Doppel PFUI
habs gegoogelt danke für die Info. Hatte im Dez mein Rechner platt gemacht und ich brauchte die Treiber für meinen Rechner. Da habe ich eine alte CD gefunden wo Treiber und sonstiges drin stand. Dachte das wäre der Kostenlose reader.
Anders kann ich mir es nicht erklären.


Antwort

Themen zu HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme
adobe reader xi, autorun, benutzerdaten, bho, browser, computer, converter, desktop, down, ebanking, email, excel, firefox, helper, heur, heur:exploit.java.cve-2012-0507.gen, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, kunde, legales programm, logfile, mozilla, mp3, msiinstaller, ntdll.dll, ntopenkeyex, passwort gehackt, problem, programm, registry, scan, security, software, tastatur, trojanisches programm, virus, visual studio, windows, wsearch



Ähnliche Themen: HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme


  1. Kaspersky findet 2 trojanische Programme (Windows 7): HEUR:Exploit.Java.CVE-2012-1723.gen und Exploit.Java.CVE-2012-1723.nh
    Plagegeister aller Art und deren Bekämpfung - 18.09.2013 (14)
  2. Kaspersky erkennt HEUR:Exploit.Java.CVE-2012-0507/1723.gen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (3)
  3. Trojaner: HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (37)
  4. HEUR:Exploit.Java.CVE-2012-0507.GEN weg oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 28.04.2013 (17)
  5. Kasperskay meldet "Gefunden: HEUR: Exploit.Java.CVE-2012-0507.gen"
    Log-Analyse und Auswertung - 03.04.2013 (21)
  6. HEUR:Exploit.Java.CVE-2012-0507.gen
    Log-Analyse und Auswertung - 03.04.2013 (13)
  7. HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (40)
  8. HEUR:Exploit.Java.CVE-2012-0507.gen (von Kaspersky gefunden)
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (11)
  9. HEUR:Exploit.Java.CVE-2012-0507.gen durch Kaspersky IS entdeckt
    Log-Analyse und Auswertung - 15.02.2013 (23)
  10. Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 26.01.2013 (24)
  11. HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (3)
  12. Befall durch HEUR:Exploit.Java.CVE-2012-0507.gen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2013 (25)
  13. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)
  14. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  15. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  16. Exploit.Java.CVE-2012-0507.fb
    Log-Analyse und Auswertung - 22.05.2012 (8)
  17. Exploit.Java.CVE-2012-0507.be in C:\Documents and Settings\Jonathan\Appdata\LocalLow\Sun\Java [...]
    Log-Analyse und Auswertung - 16.04.2012 (8)

Zum Thema HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme - Abend, Am Donnerstag den 28.03.2013 habe ich eine Email von einem Kunden von mir bekommen das ich Spam Mails mit meinem Hotmail Konto verschicke. Im Postausgang war tatsächlich eine Abgesendete - HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme...
Archiv
Du betrachtest: HEUR:Exploit.Java.CVE-2012-0507.gen und wetere Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.