MyDirtyHobby - Frage Hallo,
danke schon mal für deine Hilfe..
im Folgenden sind die Auswertungen -->
Zitat:
gmer.txt Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 08:11:58
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS725050A9A364 rev.PC4OC70E 465,76GB
Running: nbtu3uu4.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kwtdrpoc.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A83A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABD1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90A2E340, 0x3441C7, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ntdll.dll!LdrGetProcedureAddress + 26 77D02239 7 Bytes JMP 67F2D180 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7625941E 7 Bytes JMP 68276B79 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!QueryPerformanceCounter + 13 7625C435 7 Bytes JMP 68276B9C C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!LoadAppInitDlls + 355 7625F4F6 7 Bytes JMP 67F3F84B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] GDI32.dll!GetViewportOrgEx + 26C 77A1884B 7 Bytes JMP 68276AFA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4292] USER32.dll!RegisterMessagePumpHook + 2F1 77DF8B9E 7 Bytes JMP 684BFE5B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4292] USER32.dll!IsDialogMessageW + 340 77E04444 7 Bytes JMP 684BFDEA C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4292] USER32.dll!GetWindowInfo 77E04B5E 5 Bytes JMP 680EE982 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4292] USER32.dll!ToUnicodeEx + 71 77E12223 7 Bytes JMP 680EEE7F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateFile + 6 77CE55CE 4 Bytes [28, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateFile + B 77CE55D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateKey + 6 77CE560E 4 Bytes [68, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateKey + B 77CE5613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateMutant + 6 77CE564E 4 Bytes [68, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateMutant + B 77CE5653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateSection + 6 77CE56EE 4 Bytes [A8, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtCreateSection + B 77CE56F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtMapViewOfSection + B 77CE5C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenFile + 6 77CE5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenFile + B 77CE5CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenKey + 6 77CE5D0E 4 Bytes [A8, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenKey + B 77CE5D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenKeyEx + B 77CE5D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenMutant + 6 77CE5D5E 4 Bytes [28, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenMutant + B 77CE5D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcess + 6 77CE5D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcess + 6 77CE5D8E 4 Bytes [68, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcess + B 77CE5D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcessToken + 6 77CE5D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcessToken + 6 77CE5D9E 4 Bytes [A8, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcessToken + B 77CE5DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcessTokenEx + 6 77CE5DAE 4 Bytes [68, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenProcessTokenEx + B 77CE5DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenSection + B 77CE5DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenThread + 6 77CE5E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenThread + 6 77CE5E0E 4 Bytes [28, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenThread + B 77CE5E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenThreadToken + 6 77CE5E1E 4 Bytes [28, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenThreadToken + B 77CE5E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenThreadTokenEx + 6 77CE5E2E 4 Bytes [A8, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtOpenThreadTokenEx + B 77CE5E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtQueryAttributesFile + 6 77CE5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtQueryAttributesFile + B 77CE5F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtQueryFullAttributesFile + B 77CE5FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtSetInformationFile + 6 77CE663E 4 Bytes [28, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtSetInformationFile + B 77CE6643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtSetInformationThread + 6 77CE669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtSetInformationThread + B 77CE66A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77CE69BE 4 Bytes [28, 05, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ntdll.dll!NtUnmapViewOfSection + B 77CE69C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] kernel32.dll!CreateProcessW 7621204D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] kernel32.dll!CreateProcessA 76212082 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!ActivateKeyboardLayout 77DF8203 5 Bytes JMP 003104F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!ScreenToClient 77DFA506 7 Bytes JMP 00310670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!RegisterClipboardFormatA 77DFC091 5 Bytes JMP 003102F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!RegisterClipboardFormatW 77DFDF8D 5 Bytes JMP 003102B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!SetCursor 77E03075 5 Bytes JMP 00310530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!MonitorFromWindow 77E03622 7 Bytes JMP 00310630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!PostMessageW 77E0447B 5 Bytes JMP 003105F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!IsWindowVisible 77E04D69 7 Bytes JMP 003106B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetClientRect 77E054DD 7 Bytes JMP 003105B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!MapWindowPoints 77E05CAA 5 Bytes JMP 00310570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetParent 77E06029 7 Bytes JMP 003106F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!EmptyClipboard 77E1290C 5 Bytes JMP 00310130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!SetClipboardData 77E12962 5 Bytes JMP 00310170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetClipboardData 77E12BA7 5 Bytes JMP 00310030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetClipboardFormatNameW 77E15FD2 5 Bytes JMP 00310230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!SetClipboardViewer 77E16FF6 5 Bytes JMP 003104B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetClipboardFormatNameA 77E1700A 5 Bytes JMP 00310270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!ChangeClipboardChain 77E2147C 5 Bytes JMP 00310430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetTopWindow 77E224D9 7 Bytes JMP 00310730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!CloseClipboard 77E2446C 5 Bytes JMP 003100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!OpenClipboard 77E2447E 5 Bytes JMP 00310070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!IsClipboardFormatAvailable 77E244FF 5 Bytes JMP 003100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetClipboardSequenceNumber 77E24513 5 Bytes JMP 00310330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetClipboardOwner 77E24525 5 Bytes JMP 00310370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!CountClipboardFormats 77E2470A 5 Bytes JMP 003101F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!EnumClipboardFormats 77E247EC 5 Bytes JMP 003101B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetOpenClipboardWindow 77E2480B 5 Bytes JMP 003103F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!SetCursorPos 77E3C1B0 5 Bytes JMP 00310770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetClipboardViewer 77E54AF7 5 Bytes JMP 00310470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] user32.DLL!GetPriorityClipboardFormat 77E54BF9 5 Bytes JMP 003103B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!DeleteObject 77A15F14 5 Bytes JMP 003201B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SelectObject 77A16640 5 Bytes JMP 003205F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetTextColor 77A16906 5 Bytes JMP 00320A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetBkMode 77A169B1 5 Bytes JMP 003208F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!DeleteDC 77A16EAA 5 Bytes JMP 00320170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetDeviceCaps 77A16F7F 5 Bytes JMP 003203B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!ExtSelectClipRgn 77A17114 5 Bytes JMP 003202F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SelectClipRgn 77A17242 5 Bytes JMP 003205B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetStretchBltMode 77A17705 5 Bytes JMP 003206B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetCurrentObject 77A17917 5 Bytes JMP 00320370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextMetricsW 77A17B8F 5 Bytes JMP 00320E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextAlign 77A17DAF 5 Bytes JMP 00320D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!IntersectClipRect 77A17DFE 5 Bytes JMP 003203F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!ExtTextOutW 77A18192 5 Bytes JMP 00320970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetTextAlign 77A1828E 5 Bytes JMP 003209F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetClipBox 77A18525 5 Bytes JMP 00320330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!MoveToEx 77A18C21 5 Bytes JMP 00320470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!StretchDIBits 77A1A53E 5 Bytes JMP 00320770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!RestoreDC 77A1A67B 5 Bytes JMP 00320530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SaveDC 77A1A74B 5 Bytes JMP 00320570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextExtentPoint32W 77A1B4B5 5 Bytes JMP 00320670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextFaceW 77A1B73A 2 Bytes JMP 00320D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextFaceW + 3 77A1B73D 2 Bytes [90, 88]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetFontData 77A1BCC4 5 Bytes JMP 00320C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetWorldTransform 77A1C90A 5 Bytes JMP 003206F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!CreateDCA 77A1CCA9 5 Bytes JMP 003200B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!CreateDCW 77A1CF79 5 Bytes JMP 003200F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!CreateICW 77A1CFD0 5 Bytes JMP 00320130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextMetricsA 77A1D0F2 5 Bytes JMP 00320DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!Rectangle 77A1F1FF 5 Bytes JMP 003209B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!LineTo 77A1F59B 5 Bytes JMP 00320430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetICMMode 77A1FAA4 5 Bytes JMP 00320DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!ExtTextOutA 77A203F9 5 Bytes JMP 00320930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextExtentPoint32A 77A207B0 5 Bytes JMP 00320630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!ExtEscape 77A22949 5 Bytes JMP 003202B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!Escape 77A23939 5 Bytes JMP 00320270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetTextFaceA 77A23E6A 5 Bytes JMP 00320CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetPolyFillMode 77A2D851 5 Bytes JMP 00320B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SetMiterLimit 77A2DA0D 5 Bytes JMP 00320B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!EndPage 77A300D7 5 Bytes JMP 00320230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!ResetDCW 77A3050D 5 Bytes JMP 00320AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!GetGlyphOutlineW 77A3C1BA 5 Bytes JMP 00320CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!CreateScalableFontResourceW 77A3E817 5 Bytes JMP 00320BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!AddFontResourceW 77A3EC13 5 Bytes JMP 00320BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!RemoveFontResourceW 77A3F109 5 Bytes JMP 00320C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!AbortDoc 77A44C63 5 Bytes JMP 00320030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!EndDoc 77A450AA 5 Bytes JMP 003201F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!StartPage 77A45195 5 Bytes JMP 00320730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!StartDocW 77A45BB0 5 Bytes JMP 003207F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!BeginPath 77A4635D 5 Bytes JMP 00320830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!SelectClipPath 77A463B4 5 Bytes JMP 00320AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!CloseFigure 77A4640F 5 Bytes JMP 00320070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!EndPath 77A46466 5 Bytes JMP 00320A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!StrokePath 77A46699 5 Bytes JMP 003207B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!FillPath 77A46726 5 Bytes JMP 00320870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!PolylineTo 77A46B94 5 Bytes JMP 003204F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!PolyBezierTo 77A46C25 5 Bytes JMP 003204B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] GDI32.dll!PolyDraw 77A46CD7 5 Bytes JMP 003208B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ole32.dll!OleSetClipboard 77030045 5 Bytes JMP 00340030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ole32.dll!OleIsCurrentClipboard 770336B2 5 Bytes JMP 00340070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[4388] ole32.dll!OleGetClipboard 7705FDCD 5 Bytes JMP 003400B0
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e3d89a5ab
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e3d89a5ab@cc08e058cbc6 0x4E 0xEE 0xCE 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001e3d89a5ab@7c1e5267c2a2 0x37 0x5F 0xA5 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e3d89a5ab (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e3d89a5ab@cc08e058cbc6 0x4E 0xEE 0xCE 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001e3d89a5ab@7c1e5267c2a2 0x37 0x5F 0xA5 0xF2 ...
---- EOF - GMER 2.1 ----
--- --- ---
Zitat:
OTL.txtOTL Logfile: Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 12.04.2013 08:22:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,58% Memory free
6,00 Gb Paging File | 4,53 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 28,77 Gb Free Space | 35,96% Space Free | Partition Type: NTFS
Drive D: | 100,01 Gb Total Space | 61,75 Gb Free Space | 61,74% Space Free | Partition Type: NTFS
Drive E: | 100,01 Gb Total Space | 10,53 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive F: | 85,74 Gb Total Space | 34,23 Gb Free Space | 39,92% Space Free | Partition Type: NTFS
Drive G: | 100,01 Gb Total Space | 99,35 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive J: | 3,74 Gb Total Space | 3,65 Gb Free Space | 97,48% Space Free | Partition Type: FAT32
Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.12 07:24:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
PRC - [2013.03.15 10:53:54 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.08 21:33:01 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.01.20 21:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.26 10:03:22 | 002,417,576 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.15 10:53:54 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.08 21:33:00 | 003,069,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV - [2013.03.08 21:33:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 19:01:42 | 000,036,072 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Users\itz09\.hudson\hudson.exe -- (hudson)
SRV - [2012.10.26 10:03:22 | 002,417,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.03.11 15:52:52 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.30 10:23:38 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008.01.30 10:23:38 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008.01.30 09:05:08 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2520309146-1266688456-3349112998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2520309146-1266688456-3349112998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2520309146-1266688456-3349112998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF E8 2E 06 F3 93 CD 01 [binary data]
IE - HKU\S-1-5-21-2520309146-1266688456-3349112998-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2520309146-1266688456-3349112998-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2520309146-1266688456-3349112998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.eintracht.de/aktuell/#"
FF - prefs.js..extensions.enabledAddons: linky%40gemal.dk:3.0.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}:7.0.01
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Ba3601cb1-5711-4ab8-89c6-63cd46aae1c4%7D&mid=1a0669bd8a9d47d0bc97d1577b6d4c58-56b0e2bc6e2f25fd3a6e7f07f49e61d3ad7a9efd&ds=od011&v=11.0.0.9&lang=de&pr=sa&d=2012-05-02%2020%3A45%3A02&sap=ku&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.0.200"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "192.168.0.200"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "192.168.0.200"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "192.168.0.200"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "192.168.0.200"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "192.168.0.200"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "192.168.0.200"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.200"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "192.168.0.200"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 21:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 21:33:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.09.16 12:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\mozilla\Extensions
[2013.03.01 08:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\mozilla\Firefox\Profiles\bt5jbb6s.default\extensions
[2012.09.16 12:18:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adam\AppData\Roaming\mozilla\Firefox\Profiles\bt5jbb6s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.16 12:18:13 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Adam\AppData\Roaming\mozilla\Firefox\Profiles\bt5jbb6s.default\extensions\firefox@tvunetworks.com
[2012.09.16 12:18:13 | 000,000,000 | ---D | M] (Linky) -- C:\Users\Adam\AppData\Roaming\mozilla\Firefox\Profiles\bt5jbb6s.default\extensions\linky@gemal.dk
[2012.09.16 12:18:13 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Adam\AppData\Roaming\mozilla\Firefox\Profiles\bt5jbb6s.default\extensions\LogMeInClient@logmein.com
[2013.03.01 08:32:13 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Adam\AppData\Roaming\mozilla\firefox\profiles\bt5jbb6s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.03.08 21:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 21:33:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-2520309146-1266688456-3349112998-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73E0A692-1CD0-4D5B-8106-B4C015F32F51}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.10 23:41:08 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 23:41:07 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 23:41:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 23:41:07 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 23:41:06 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 23:41:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 23:41:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 23:41:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.10 23:41:06 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 23:41:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 07:25:05 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 07:25:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 07:25:02 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 07:25:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 07:24:58 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 07:24:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 07:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.03.31 22:10:23 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.31 22:10:23 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.31 22:10:23 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.31 22:10:23 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.31 22:10:23 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.31 22:10:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.31 22:10:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.31 22:10:23 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.31 22:10:23 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.31 22:10:23 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.31 22:10:23 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.31 22:10:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.31 22:10:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.31 22:10:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.31 22:10:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.31 22:10:23 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.31 22:10:23 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.31 22:10:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.31 22:10:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.31 22:10:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.31 22:10:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.31 22:10:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.31 22:10:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.31 22:10:23 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.31 22:10:23 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.31 22:10:23 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.31 22:09:47 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.31 22:09:47 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.31 22:09:47 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.31 22:09:47 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.31 22:09:47 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.31 22:09:47 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.31 22:09:47 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.31 22:09:47 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.31 22:09:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.31 22:09:47 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.31 22:09:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.31 22:09:47 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.31 22:09:47 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.31 22:09:47 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.31 22:09:47 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.31 22:09:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.31 22:09:47 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.31 22:09:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.31 22:09:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.31 22:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.31 22:09:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.20 22:17:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.18 18:49:27 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\FreeCommander
[2013.03.18 18:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander
[2013.03.18 18:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCommander
========== Files - Modified Within 30 Days ==========
[2013.04.12 08:20:16 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 08:20:16 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 08:13:35 | 000,000,214 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.04.12 08:13:33 | 000,000,218 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013.04.12 08:13:26 | 000,077,824 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2013.04.12 08:13:14 | 000,051,528 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\nvModes.001
[2013.04.12 08:12:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 08:12:52 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 07:25:25 | 000,000,000 | ---- | M] () -- C:\Users\Adam\defogger_reenable
[2013.04.11 07:14:36 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.10 18:05:37 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.10 18:05:37 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.10 18:05:37 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.10 18:05:37 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.04 17:08:57 | 000,072,839 | ---- | M] () -- C:\Users\Adam\Desktop\IM000975.JPG
[2013.03.31 22:10:23 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.31 22:10:23 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.31 22:10:23 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.31 22:10:23 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.31 22:10:23 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.31 22:10:23 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.31 22:10:23 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.31 22:10:23 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.31 22:10:23 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.31 22:10:23 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.31 22:10:23 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.31 22:10:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.31 22:10:23 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.31 22:10:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.31 22:10:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.31 22:10:23 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.31 22:10:23 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.31 22:10:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.31 22:10:23 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.31 22:10:23 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.31 22:10:23 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.31 22:10:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.31 22:10:23 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.31 22:10:23 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.31 22:10:23 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.31 22:10:23 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.31 22:10:23 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.31 22:09:47 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.03.31 22:09:47 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.03.31 22:09:47 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.03.31 22:09:47 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.03.31 22:09:47 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.03.31 22:09:47 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.03.31 22:09:47 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.03.31 22:09:47 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.03.31 22:09:47 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.31 22:09:47 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.03.31 22:09:47 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.03.31 22:09:47 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.03.31 22:09:47 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.03.31 22:09:47 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.31 22:09:47 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.03.31 22:09:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.03.31 22:09:47 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.03.31 22:09:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.03.31 22:09:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.03.31 22:09:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.03.31 22:09:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.03.31 22:09:47 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.03.18 18:49:27 | 000,001,038 | ---- | M] () -- C:\Users\Adam\Desktop\FreeCommander.lnk
[2013.03.15 10:53:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.15 10:53:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013.04.12 07:25:25 | 000,000,000 | ---- | C] () -- C:\Users\Adam\defogger_reenable
[2013.04.04 17:08:52 | 000,072,839 | ---- | C] () -- C:\Users\Adam\Desktop\IM000975.JPG
[2013.04.04 17:06:39 | 000,056,710 | ---- | C] () -- C:\Users\Adam\Desktop\IM000764.JPG
[2013.03.31 22:10:23 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.18 18:49:27 | 000,001,038 | ---- | C] () -- C:\Users\Adam\Desktop\FreeCommander.lnk
[2012.10.18 20:04:59 | 000,077,824 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012.09.22 20:06:03 | 000,051,528 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\nvModes.dat
[2012.09.22 20:06:03 | 000,051,528 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\nvModes.001
[2012.09.17 21:41:34 | 000,024,064 | ---- | C] () -- C:\Windows\autoload.exe
[2012.09.17 11:38:05 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.09.17 11:37:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
Zitat:
Extras.txtOTL Logfile: Code:
Alles auswählen Aufklappen ATTFilter
OTL Extras logfile created on: 12.04.2013 08:22:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 53,58% Memory free
6,00 Gb Paging File | 4,53 Gb Available in Paging File | 75,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 28,77 Gb Free Space | 35,96% Space Free | Partition Type: NTFS
Drive D: | 100,01 Gb Total Space | 61,75 Gb Free Space | 61,74% Space Free | Partition Type: NTFS
Drive E: | 100,01 Gb Total Space | 10,53 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive F: | 85,74 Gb Total Space | 34,23 Gb Free Space | 39,92% Space Free | Partition Type: NTFS
Drive G: | 100,01 Gb Total Space | 99,35 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive J: | 3,74 Gb Total Space | 3,65 Gb Free Space | 97,48% Space Free | Partition Type: FAT32
Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2520309146-1266688456-3349112998-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073E86AA-609A-4D43-8169-9044ABB20D72}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C99E6E4-9849-452A-85C6-F450459F3418}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31B497FC-6AC3-483B-99CB-6E51FEBB9FD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39FA6A58-2C32-48FB-A484-9F49C806AC21}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4873C217-674B-4706-88B1-8297822BADE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{52F7DE8C-A321-45E0-ADB9-83958E8AB5B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77E0047E-CA91-4F79-9A95-8537B4395060}" = lport=445 | protocol=6 | dir=in | app=system |
"{82AED0DD-8B35-472E-8936-438A82DD71BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85FB10B9-CCCB-4E13-9992-7127CCA4AC3B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8DCD9183-06C2-4112-9967-F43D65509F68}" = rport=139 | protocol=6 | dir=out | app=system |
"{90E3E90D-0BCB-4780-AD45-FA30D0D7D8FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0C85068-4F69-4D01-B6F8-BE9E3BF3CCAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2CC8B4B-DD7A-4AF6-B9ED-8EB4E1186868}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BB7B8CF4-AFAF-42C7-A7BF-A47939E8B0B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C77F8691-8907-494D-B8AB-5B1F15305217}" = lport=137 | protocol=17 | dir=in | app=system |
"{D37470FC-AED0-4478-85C7-F018832B3361}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E9199156-32D7-4183-A9F0-0E8185F90109}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E94AD043-836A-4523-ABA2-21AE8094D82F}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA7E955A-94AE-4FD9-BCC6-680D03571435}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2E49FEF-0428-43AC-917F-1B6829D8B5CE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FA941169-CAE5-400E-A2C3-AEABAF66A5EC}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAC9C393-E825-4CBA-B3CE-BF2E293AB8A5}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0017357A-77C3-4DDC-9F67-FF15B2665FCD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06B0CB6B-8CBE-4C09-8C2F-AB14A986FD47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{073FA0C7-0B53-49D0-B1A5-725F5B8CCA80}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{0A6FDDFA-D178-4FC0-81AA-94C562C159AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{101C004B-EAAF-4F73-AA2B-B9B20582C70D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1761ECAA-EFFC-45E1-AD5E-DE29B2275D8D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C27C392-9D5A-40EF-A327-768E8853A671}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57E14D8C-9708-4B54-9880-645A737737F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{586BADBB-F0EF-4B22-ABAD-8D255B426B9E}" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe |
"{5F86FF0D-742B-4DDA-904B-69ED744BA32B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77C2F5F0-F933-4B75-9F73-BB3880543C94}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{7A58D7E4-E43E-4AE2-B7DF-EF8B459A33E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{829113A1-E515-483D-A627-D6B208618C85}" = protocol=6 | dir=out | app=system |
"{9682799F-85DF-4745-B103-B4C79FD0F14C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B310543-177B-4971-8BE5-92B5E240C49A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{B323EE95-4821-4D4E-8B24-6EEB8F22356F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{B557FE36-333B-445F-9E70-3EFD97EFE6F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCFE640A-7335-4788-BE40-80A62F182AD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C385FF3F-32A6-4BA7-96C3-6DFF39D4336E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D0C387CA-94D8-4DAF-BA10-640BFAE0726A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E275746F-DB79-4733-A2A3-6779B79BA71A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E652C5C3-B743-49FB-B761-245CA870A72B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ECB6C4FB-3A2A-43FF-829F-08E1F8CEB392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEBEB8B7-3918-4044-B49F-68E18705A8FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1AFB603-7213-4823-94A3-25F47CD15A2C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FD7A0A98-854E-4EEC-B381-56D700FCED3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE5BD0C6-A8AF-43E4-866B-9296EBC3F039}" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{00D6218C-08A0-425F-B63A-2C1EEFB45817}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{2E951A0F-C116-48AC-9147-7274CDA3B768}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{6B843C03-B602-4E01-A5FA-6E85953B2B63}C:\program files\smith micro\poser pro 2012 deutsch\poserpro.exe" = protocol=6 | dir=in | app=c:\program files\smith micro\poser pro 2012 deutsch\poserpro.exe |
"TCP Query User{A3944746-2B15-4A6E-8989-B6D567B810CD}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{A43DC72B-9911-456D-BABC-FE7A3C311F85}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{D808A338-F9B2-4ACC-A7A5-EF90A13986FA}C:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E0CBFF15-8600-4E2B-BFA3-A6CA9C99E313}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{1E67FA81-B876-49AE-8979-600AB746CF7B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{235A3181-AAA6-4D8A-8CEB-7D802A57E73E}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{4863DBBA-ACB6-42B3-8B88-3CBB94D193D0}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{4E359BEA-D662-4EFA-A43E-02C1F32C0E41}C:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5461F73B-9407-4404-89A2-3EC6EA54F257}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{5E269DBD-0CEC-4113-A054-C43D947FBC96}C:\program files\smith micro\poser pro 2012 deutsch\poserpro.exe" = protocol=17 | dir=in | app=c:\program files\smith micro\poser pro 2012 deutsch\poserpro.exe |
"UDP Query User{EC4220E2-54BD-4BDC-A109-D72D8827AEFC}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{32A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für die Prozessorerkennung
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FAE490AEFDF644913EBD01E5B57F56FAED0E459E" = Windows-Treiberpaket - Ricoh R5U870 (UVC) (09/04/2007 6.1006.211.0)
"FreeCommander_is1" = FreeCommander 2009.02b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-glassfish-mod-3.1.2.23.2" = GlassFish Server Open Source Edition 3.1.2.2
"nbi-nb-base-7.2.0.0.201207301726" = NetBeans IDE 7.2
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Poser Pro 2012 Deutsch_is1" = Poser Pro 2012 Deutsch
"Poser Pro_is1" = PoserContent2012
"TeamViewer 6" = TeamViewer 6
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.4
"XMind_is1" = XMind 2012 (v3.3.1)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2520309146-1266688456-3349112998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.02.2013 12:30:18 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smith
micro\poser pro 2012 deutsch\FFRender64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.02.2013 02:28:11 | Computer Name = Adam-PC | Source = ESENT | ID = 215
Description = WinMail (3184) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 02.03.2013 14:45:15 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smith
micro\poser pro 2012 deutsch\FFRender64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.03.2013 13:32:54 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smith
micro\poser pro 2012 deutsch\FFRender64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.03.2013 15:39:06 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smith
micro\poser pro 2012 deutsch\FFRender64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.03.2013 16:10:06 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smith
micro\poser pro 2012 deutsch\FFRender64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.03.2013 15:49:03 | Computer Name = Adam-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften
Prozesses: 0xde4 Startzeit der fehlerhaften Anwendung: 0x01ce23b5c8b49ff8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: e223c449-9004-11e2-b1ad-001e3d89a5ab
Error - 05.04.2013 13:39:44 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smith
micro\poser pro 2012 deutsch\FFRender64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.04.2013 13:55:22 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smith
micro\poser pro 2012 deutsch\FFRender64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.04.2013 15:41:27 | Computer Name = Adam-PC | Source = Application Hang | ID = 1002
Description = Programm netbeans.exe, Version 7.2.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1204 Startzeit:
01ce3490c395532a Endzeit: 109 Anwendungspfad: C:\Program Files\NetBeans 7.2\bin\netbeans.exe
Berichts-ID:
494d03d6-a084-11e2-8e2a-001e3d89a5ab
[ System Events ]
Error - 29.01.2013 13:56:59 | Computer Name = Adam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.
Error - 29.01.2013 13:56:59 | Computer Name = Adam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.
Error - 30.01.2013 02:33:25 | Computer Name = Adam-PC | Source = DCOM | ID = 10016
Description =
Error - 31.01.2013 02:38:26 | Computer Name = Adam-PC | Source = DCOM | ID = 10016
Description =
Error - 01.02.2013 02:13:11 | Computer Name = Adam-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 01.02.2013 02:32:51 | Computer Name = Adam-PC | Source = DCOM | ID = 10016
Description =
Error - 01.02.2013 13:49:13 | Computer Name = Adam-PC | Source = DCOM | ID = 10016
Description =
Error - 01.02.2013 17:20:17 | Computer Name = Adam-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?02.?2013 um 22:19:23 unerwartet heruntergefahren.
Error - 01.02.2013 17:20:20 | Computer Name = Adam-PC | Source = BugCheck | ID = 1001
Description =
Error - 01.02.2013 17:20:38 | Computer Name = Adam-PC | Source = DCOM | ID = 10016
Description =
< End of report >
--- --- ---
11.04.2013, 18:58
Cracks und Keygens
Linear-Darstellung
