| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: blizzard battlenet account gehackt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.11.2012, 16:25
| #1 |
| |  blizzard battlenet account gehackt? Hi, ich nutze seit einigen Jahren das Blizzard-battlenet zwecks spielen von Onlinespielen. Zu meinen aktiven Zeiten in World of Warcraft hatte ich nie Probleme mit Hacks. Nach ungefähr einem Jahr Inaktivität und Einstieg in Diablo 3 habe ich mir meinen alten WoW-Account nochmal angeschaut und musste feststellen, dass dieser aufgrund "auffälliger Aktivitäten" von Blizzard gesperrt wurde. Auch schienen ingame einige Charaktere geplündert worden zu sein. So weit, so gut. Da ich mich nicht mehr für den WoW-Account interessiere, kümmerte ich mich nicht weiter um die ingame-Verluste. Jedoch wollte ich ja Diablo 3 spielen. Also entsperrte ich den battlenet-Account. Eine weitere umfangreichere Anti-Virus-Prüfung hielt ich nicht für notwendig, da ich in der Zwischenzeit (zwischen WoW und Diablo 3) meinen Computer komplett neu aufgesetzt habe (komplett neue Komponenten). Anfangs hatte ich auch keine Probleme. Erst nach einiger Zeit erhielt ich wieder Nachricht von Blizzard, dass mein Account aufgrund "auffälliger Aktivitäten" gesperrt wurde. Ich führte in naiver laienhafter Weise eine Virussuche mit windowseigenen Tools durch, die keine Treffer ergab und entsperrte den Account. Einige Zeit später spitzte sich die Situation so zu, dass der Account direkt nach dem Entsperren (neues Passwort) und kurzzeitiger Benutzung erneut gesperrt wurde. Daher bin ich nun am grübeln, ob sich auf meinem System ein Trojaner oder sonstiges eingeschlichen hat. Grob fahrlässiges Verhalten a la "ich lade mir den Goldcheat xyz herunter" kann ich eigentlich ausschließen, da ich nie solche Dinge benutzt habe. Auch diverse Links in E-Mails habe ich nie angeklickt, geschweige denn meine Daten preisgegeben. Nun habe ich die hier beschriebenen "Einstigsschritte" durchgeführt und hoffe nun hier im Forum Hilfe zu finden. defogger_disable-Log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:23 on 18/11/2012 (root)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 18.11.2012 15:27:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 10,41 Gb Available Physical Memory | 86,75% Memory free 23,99 Gb Paging File | 22,21 Gb Available in Paging File | 92,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 81,30 Gb Total Space | 18,62 Gb Free Space | 22,90% Space Free | Partition Type: NTFS Drive D: | 850,11 Gb Total Space | 449,78 Gb Free Space | 52,91% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: root | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.10 12:46:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.08.03 08:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.03.25 10:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe PRC - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.11 18:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.06.11 12:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.03 22:25:57 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai) SRV - [2012.10.11 02:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2011.05.15 20:25:00 | 004,264,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.06.11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 17:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.08 07:42:38 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2011.08.07 17:47:31 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.05.20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB CD 7E CA A6 FF CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 22:29:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.14 14:41:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.10 21:21:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions [2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.14 14:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions [2012.06.14 14:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions\staged [2011.12.26 19:33:32 | 000,644,152 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.14 14:40:55 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.14 22:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.29 14:03:47 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.10 12:42:13 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead VideoStudio\uvPL.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-OLS36.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 12:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.11.10 12:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.11.10 12:17:52 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT [2012.11.03 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.11.03 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\pdfforge [2012.11.03 21:41:31 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.11.03 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.11.03 21:40:12 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Programs [2012.10.25 11:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP ========== Files - Modified Within 30 Days ========== [2012.11.18 15:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.18 15:25:34 | 1072,291,838 | -HS- | M] () -- C:\hiberfil.sys [2012.11.18 15:23:36 | 000,000,188 | ---- | M] () -- C:\Users\root\defogger_reenable [2012.11.18 15:14:15 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 15:14:15 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 15:11:34 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.18 15:11:34 | 000,664,764 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.18 15:11:34 | 000,624,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.18 15:11:34 | 000,134,932 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.18 15:11:34 | 000,110,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.10.25 09:57:36 | 001,544,704 | ---- | M] () -- C:\Windows\is-OLS36.exe [2012.10.25 09:57:36 | 000,025,599 | ---- | M] () -- C:\Windows\is-OLS36.msg [2012.10.25 09:57:36 | 000,000,339 | ---- | M] () -- C:\Windows\is-OLS36.lst ========== Files Created - No Company Name ========== [2012.11.18 15:23:36 | 000,000,188 | ---- | C] () -- C:\Users\root\defogger_reenable [2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.10.25 11:12:56 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.10.25 09:57:36 | 001,544,704 | ---- | C] () -- C:\Windows\is-OLS36.exe [2012.10.25 09:57:36 | 000,025,599 | ---- | C] () -- C:\Windows\is-OLS36.msg [2012.10.25 09:57:36 | 000,000,339 | ---- | C] () -- C:\Windows\is-OLS36.lst [2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.28 11:18:33 | 000,000,043 | ---- | C] () -- C:\Users\root\gsview32.ini [2012.03.05 12:11:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012.02.15 16:36:06 | 000,000,092 | ---- | C] () -- C:\Users\root\AppData\Local\fusioncache.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.25 09:54:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.05.25 09:54:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.05.08 09:57:45 | 000,000,017 | ---- | C] () -- C:\Users\root\AppData\Local\resmon.resmoncfg [2011.05.07 10:42:02 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.05.07 10:42:02 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.04.30 11:10:18 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.04.30 11:10:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.04.30 11:10:15 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.04.30 11:10:15 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.04.30 11:10:14 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.04.28 11:55:12 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd [2011.04.20 22:48:55 | 001,556,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.20 14:26:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.20 14:05:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.04.20 14:05:47 | 000,033,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.04.28 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DAEMON Tools Lite [2011.04.28 11:52:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Foxit Software [2011.04.28 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\IrfanView [2011.04.30 11:17:28 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\JabRef 2.6 [2011.06.25 12:39:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Juniper Networks [2011.04.20 14:33:13 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Leadertech [2011.07.25 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Miranda [2012.03.28 10:56:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++ [2012.03.28 11:21:04 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OpenCandy [2012.11.03 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\pdfforge [2011.04.20 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Thunderbird [2012.09.21 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.11.2012 15:27:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 10,41 Gb Available Physical Memory | 86,75% Memory free
23,99 Gb Paging File | 22,21 Gb Available in Paging File | 92,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,30 Gb Total Space | 18,62 Gb Free Space | 22,90% Space Free | Partition Type: NTFS
Drive D: | 850,11 Gb Total Space | 449,78 Gb Free Space | 52,91% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E877044-7992-403A-BF95-D6B03A3534EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3C2F57A2-2E29-4596-A611-0E6023C11DCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BAB2597-3274-4B54-9705-760E686D5D34}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{57C37880-46DA-4F85-9628-3AF14EEEA693}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6574C3C7-D289-42CF-927E-31675FAFB3A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72298805-74AD-4148-8ABA-C9449264C248}" = lport=58039 | protocol=6 | dir=in | name=pando media booster |
"{73CAD03B-4B0B-4C57-A36D-D0C681C427BE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7A837898-A84F-41A5-B450-BA1B97D4E538}" = lport=58039 | protocol=17 | dir=in | name=pando media booster |
"{7E825488-D3E3-44FC-AA8D-5EF47EFE5253}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8CB1298B-E3C0-4627-B158-DAB588EA6F29}" = lport=58039 | protocol=6 | dir=in | name=pando media booster |
"{A641069D-D109-4584-A2E2-8530039BAFA6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AFE54035-6B03-4B16-8CB0-91B6044A52E7}" = lport=58039 | protocol=17 | dir=in | name=pando media booster |
"{B2E9DE31-F020-4A01-8392-C421B2DACAEB}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDE2C3-1A66-4780-9035-032FDAD7B62D}" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"{05583B9F-E24D-4E80-BB5E-00031A33552D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{06814D62-1289-4293-8B20-20F3DA4752EF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{0B3A4A78-C405-485F-80FC-F1F67012E2D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1B4A92B1-2CC3-4F55-9452-133A360DD046}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{1B592E70-1CC7-48D1-8974-4BBA2747CECD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{1F66CD89-9F2E-485F-9233-5BDB5F0E03DC}" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"{22DED2DB-13A0-419B-9679-1910B793C4C7}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{29C1DEC0-10C1-4D69-A3B8-8EF34C845F3F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{29C46647-BF3C-4E41-AE5E-B7C118274227}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2C061886-5CF6-4B2A-A389-FE20A431470B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E7DF13C-9232-4D10-BB46-BD7C04247081}" = protocol=6 | dir=in | app=d:\eden eternal\edeneternal-de\_launcher.exe |
"{2F91D8E8-24BE-401F-970C-CE1F5475707D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{33EF4AD3-277B-4909-8F0D-D6854575F3F9}" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"{3B3CB717-E33F-471F-8BB7-FA253B81048F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{3C705C7B-614E-4F4C-B867-D6DF210B841F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4BF2C249-51AE-4435-A842-F47CD6EB4E41}" = protocol=17 | dir=in | app=d:\diablo iii public test\diablo iii.exe |
"{4E53186E-2861-4208-91AB-43B1152B8796}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{5407DE87-8B06-4FBE-92FC-342B21122961}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{59A9A084-1730-4D7E-9A46-761058D0367C}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{5C08D93C-0DDD-4F13-A4BC-4672A1279779}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{5E78613C-958F-4EBC-B124-482909DA66C1}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe |
"{61F8F740-1AAD-4952-AE2E-EB1EBE22FF14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{66066B4B-7FB8-4DB0-8133-B32CAA180EEF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{75D800AE-E730-4B9B-A65B-5838EA2E1DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{7643A9CE-D53E-48F3-A4EE-AB8ABF8AAC8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{7A8DA0B7-3519-4915-ABD2-76EFAA52B975}" = protocol=17 | dir=in | app=d:\diablo iii beta\diablo iii.exe |
"{844144BA-3BF8-4F00-AA8A-8E96B319B553}" = protocol=6 | dir=in | app=d:\diablo iii public test\diablo iii.exe |
"{858C9B9D-6279-4890-972F-03377E13F913}" = protocol=6 | dir=in | app=d:\diablo iii beta\diablo iii.exe |
"{86973787-081E-474E-8A0B-18269A552791}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{88DE77C3-E526-4A4E-9447-5044089B65E6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9CCEAED7-D05A-4AA4-A2A0-E28D0DBEF107}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{A47A2994-7735-45C6-83CF-C63665519AF5}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{A84B7190-0DD1-453A-ABB4-B4B683F129AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{B19FA59D-98B9-4899-8DDD-C1A7054A3CE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{B26DC1FB-A66D-4092-935F-70FC1A9FE9B7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{B57100AD-35C1-42CA-B883-703953382F77}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{BAD56F50-FE41-4F5B-9A20-F85E9EBEECF1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB1717D2-F07D-4A48-B376-5E3E9DB469C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0C7F2F5-E64D-4248-8355-6EB1058AB872}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{C74CF0AF-6830-4CDF-A088-EEC48D2C3689}" = dir=in | app=d:\allods online\bin\launcher.exe |
"{C8EB2AFF-320F-488A-9238-1D335FD2E32E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{CA4B9648-BF9F-47DD-B1D2-C73C2C5ADBBF}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{CADE512C-D7CD-4D57-878D-F808CAD399B6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CCB8D149-BBCD-411E-B04F-091D65ACFA22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{CD3BED13-6D5E-455E-B7F3-A0B68E1B0718}" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"{CE3BBA0D-BF21-4CE6-8878-DFEB3F2E2079}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe |
"{DDDF4017-35D9-46F3-86AE-64443C605063}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe |
"{DFF6FA7D-3FBE-4E6B-B033-5278B9ADE526}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0B79BDE-B5D1-430B-879B-C4BE3B2D0B20}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{E43668C2-B0C3-4C37-BEBC-1BD7BA4A87BA}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"{E8A973C1-067A-4E64-8258-89A7D670A905}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{EDA70D13-FFE5-40D0-971A-695A830C8E90}" = protocol=17 | dir=in | app=d:\eden eternal\edeneternal-de\_launcher.exe |
"{EE93238B-2527-429E-BEE8-E1B244EDC502}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"{EFA168D5-CA98-4E41-B6CE-FBB099CD016E}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe |
"{F0A8CDDC-4A0C-463E-97DC-277C6FED5ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{F96BD1B7-A51C-4DD3-9BBE-198206EB5501}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"TCP Query User{01B5EB72-037E-434A-8066-8BC5185D95BE}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{0D679EFD-0E0D-477A-A6D5-86B7CDE54669}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{1353E734-3FDE-4D29-A1A4-FC22C199DB4A}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"TCP Query User{1DC57C60-432E-45E6-9082-2F57ECE24DCC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{2C509511-BCD0-4C82-BBEE-563EF8B716E8}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{2D8A5E07-4EC2-4E00-B9EC-9D823415EDC3}D:\torchlight 2 demo\tl2.runic.launcher.exe" = protocol=6 | dir=in | app=d:\torchlight 2 demo\tl2.runic.launcher.exe |
"TCP Query User{3BD664F6-DDC6-4B4D-8B6B-085C44C77E4F}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"TCP Query User{3E147889-3FE8-4CFE-8706-03E7EF7B6141}C:\program files (x86)\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vlc\vlc.exe |
"TCP Query User{40F4F1B3-D52E-49AE-A677-F870B4432501}D:\diablo\diablo.exe" = protocol=6 | dir=in | app=d:\diablo\diablo.exe |
"TCP Query User{444D75BE-7B93-40EF-83CE-EDE508420DE0}D:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=6 | dir=in | app=d:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe |
"TCP Query User{48110041-3175-4E32-AA4D-5C7625E5CF8B}D:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{600B7639-8581-4DDB-94C3-71FAC260FB57}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{62AF301D-B59F-41E2-9C6B-79528CEF38F3}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{6A4BE218-0982-4873-8EBF-DD8C9110D81B}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{703E11BA-7973-44C5-B82C-5F5AA3A55982}D:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{73B76F70-13F8-4ADD-95E2-3BFB2D28353D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{73D66CFE-9C05-4A14-B572-BCCAFB166B3E}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{7B8274E1-3478-4602-A144-4F9737FCB5AC}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{7BB1DE36-213C-4952-9942-CB6FBDF22302}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{7EB850B6-7260-4A1A-A700-F20CEAA50BC8}D:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{824B9C00-DDF0-4049-A388-D56B1A865F58}D:\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{CA05D592-7636-47EF-8796-683E84ABC5F3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{D13DEF32-AB90-4D6D-823A-B9037B59C5F2}I:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=6 | dir=in | app=i:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe |
"TCP Query User{DC48276F-A54D-4CF3-8F6B-11CDC8693585}D:\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\der herr der ringe online\lotroclient.exe |
"TCP Query User{E91A0BFC-F37E-42A7-8071-C8DFD9780415}D:\cabal online\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=d:\cabal online\launcher\update\estdnheadless.exe |
"UDP Query User{05AC80C3-84C4-4B45-86DD-5EDA9117A067}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{0BA74A16-E8C6-479B-961B-71542A83EB0D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{14742267-AA63-4892-A996-D9119E60E07B}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"UDP Query User{176EF3BD-B365-4882-8E4A-87E7185BED4B}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{21668ABD-F821-452B-BAAA-C5DE44425539}D:\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{6664AFD3-FE79-4045-8DF7-7A8624466CAA}D:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{6916AB8A-1A8F-44FB-8DF1-6B56B7392EAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{7B0B98FA-E7AE-414F-8213-F761A9A0AE59}I:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=17 | dir=in | app=i:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe |
"UDP Query User{7B949F13-18C1-471D-A2BA-B386E32F51D4}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{91929C77-878A-4013-8EF8-820EDDCA0735}D:\torchlight 2 demo\tl2.runic.launcher.exe" = protocol=17 | dir=in | app=d:\torchlight 2 demo\tl2.runic.launcher.exe |
"UDP Query User{985F78A1-2723-4E3D-881A-066D3E947260}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{A9282282-A71C-4141-A046-8082DC5B658C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{A92FFA84-74F1-4006-9301-779B1F0C0769}D:\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\der herr der ringe online\lotroclient.exe |
"UDP Query User{C6995166-67AC-44B2-B870-0BDB786CB2BC}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"UDP Query User{CBF2E282-CEF3-45AC-9908-088A6FF45AC8}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{CDD7A806-9D4D-41F7-ABF9-345264795DA7}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{D0D0BFB5-860C-4213-BC5C-51A7B752A2DD}D:\diablo\diablo.exe" = protocol=17 | dir=in | app=d:\diablo\diablo.exe |
"UDP Query User{DECA04B9-0810-4C49-987B-6A958EE47221}D:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{E1F989BE-91C2-49E4-AC76-A12B758D75AC}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E911F3D3-A468-4A17-95B3-CD3F177F4B6B}D:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=17 | dir=in | app=d:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe |
"UDP Query User{EDBA01B7-CDB4-4B49-9736-823727BB3C32}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{F0817E9F-18F6-4590-A746-7A2752BF28DE}D:\cabal online\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=d:\cabal online\launcher\update\estdnheadless.exe |
"UDP Query User{F2D8A889-4FFC-4408-A088-69411E31D2D8}C:\program files (x86)\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vlc\vlc.exe |
"UDP Query User{F6E96C7F-D395-41C0-9AD3-9CA54C031874}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{F7B273CA-5AD5-4A5E-B534-4CB0109E2C9F}D:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C80684A-043A-AEF7-66F4-FAB54CD29FC0}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{44B4F244-5B4D-856E-B3A6-E8DDBDC7F127}" = AMD Fuel
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"R for Windows 2.15.1_is1" = R for Windows 2.15.1
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.3
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = AMD VISION Engine Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AFD5A54E-E9A1-413D-8AA2-C9EDB6782400}" = LibreOffice 3.6
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Akamai" = Akamai NetSession Interface Service
"AP Tuner 3.08" = AP Tuner 3.08
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Battle.net" = Battle.net
"CABAL Online_is1" = CABAL Online
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EdenEternal-DE" = EdenEternal-DE
"Foxit Reader" = Foxit Reader
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.10.1
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 16.0 (x86 de)" = Mozilla Thunderbird 16.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"Office14.STANDARD" = Microsoft Office Standard 2010
"PDF Blender" = PDF Blender
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"winscp3_is1" = WinSCP 4.3.4
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2012 15:12:14 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 09.10.2012 04:19:06 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 11.10.2012 10:53:23 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm Diablo III.exe, Version 1.0.4.11327 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f20 Startzeit: 01cda7c0147ceeeb Endzeit: 0 Anwendungspfad: D:\Diablo
III\Diablo III.exe Berichts-ID: 56e9d8f8-13b3-11e2-9ee3-000d882a7b9d
Error - 14.10.2012 16:26:48 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 19.10.2012 06:17:09 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 25.10.2012 04:41:22 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 25.10.2012 05:51:00 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm cdbxpp.exe, Version 4.4.2.3442 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1274 Startzeit:
01cdb28ec8651a28 Endzeit: 60000 Anwendungspfad: C:\Program Files\CDBurnerXP\cdbxpp.exe
Berichts-ID:
Error - 29.10.2012 07:52:14 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 31.10.2012 04:08:02 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm Diablo III.exe, Version 1.0.5.12811 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: cc4 Startzeit: 01cdb73ec2a19924 Endzeit: 15 Anwendungspfad:
D:\Diablo III\Diablo III.exe Berichts-ID: 0774a636-2332-11e2-8147-000d882a7b9d
Error - 10.11.2012 06:48:24 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
[ System Events ]
Error - 10.11.2012 06:12:13 | Computer Name = home | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.139.1296.0 Aktualisierungsquelle:
%%851 Aktualisierungsphase: %%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.8904.0&avdelta=1.139.1296.0&asdelta=1.139.1296.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 1.1.8904.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 10.11.2012 07:19:31 | Computer Name = home | Source = ipnathlp | ID = 31004
Description =
Error - 10.11.2012 07:48:00 | Computer Name = home | Source = ipnathlp | ID = 31004
Description =
Error - 10.11.2012 07:53:16 | Computer Name = home | Source = ipnathlp | ID = 31004
Description =
Error - 10.11.2012 07:53:47 | Computer Name = home | Source = ipnathlp | ID = 31004
Description =
Error - 18.11.2012 10:07:07 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.11.2012 10:07:45 | Computer Name = home | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Akamai erreicht.
Error - 18.11.2012 10:25:45 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.11.2012 10:25:49 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.11.2012 10:26:28 | Computer Name = home | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Akamai erreicht.
< End of report >
LG primorten |
|
21.11.2012, 10:33
| #2 |
| /// the machine /// TB-Ausbilder    | blizzard battlenet account gehackt? Hi,
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ |
|
24.11.2012, 16:57
| #3 |
| | blizzard battlenet account gehackt? Vielen Dank für die schnelle Antwort. Leider habe ich erst heute wieder die Möglichkeit, um mich weiter mit dem Problem zu befassen.
__________________Den Scan konnte ich leider nicht vollständig durchführen, da das Programm während des Scannens (nach knapp 3 Minuten) abstürzt bzw. mit einer Windows 7-typischen Fehlermeldung beendet wird ("avast! Antirootkit funktioniert nicht mehr" - mit der Option online nach einer Lösung zu suchen oder das Programm zu beenden). Das Problem tritt bei Wiederholung immer wieder auf. Im DOS-Fenster ist bei Abbruch folgendes zu sehen (mit vorangestellter Uhrzeit): AVAST engine defs: 12112400 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10004 Size: 953869MB BusType: 11 Disk 0 MBR read successfully Disk 0 MBR scan Disk 0 Windows 7 default MBR code Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 83253 MB offset 206848 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 870514 MB offset 170708992 Disk 0 scanning C:\Windows\system32\drivers Service scanning Service MSICDSetup E:\CDriver64.sys **LOCKED** 21 (Zeile ist farblich "gelb" unterlegt) Modules scanning Disk 0 trace - called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 1 nt!IofcallDriver -> \Device\Harddisk0\DRo[0xfffffa800aafd790] 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T... (Zeile außerhalb des Fensters) AVAST engine scan C:\Windows AVAST engine scan C:\Windows\system32 Scanning: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications... (Zeile außerhalb des Fensters) Gruß, primorten |
|
24.11.2012, 17:29
| #4 | |
| /// the machine /// TB-Ausbilder | blizzard battlenet account gehackt? Hi, Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.11.2012, 17:59
| #5 |
| | blizzard battlenet account gehackt? Hi und danke für die superschnelle Rückmeldung. Der Inhalt der C:\Combofix.txt lautet wie folgt: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-24.01 - root 24.11.2012 17:43:09.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.12286.9761 [GMT 1:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-24 bis 2012-11-24 ))))))))))))))))))))))))))))))
.
.
2012-11-24 16:37 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4D16C22-D8AD-413F-8619-0CD5EA6C67E3}\mpengine.dll
2012-11-24 16:19 . 2012-11-24 16:19 -------- d-----w- c:\users\Martin\AppData\Local\Google
2012-11-24 16:17 . 2012-11-24 16:19 -------- d-----w- c:\users\root\AppData\Local\Google
2012-11-24 16:17 . 2012-11-24 16:18 -------- d-----w- c:\program files (x86)\Google
2012-11-24 16:17 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-24 16:17 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-24 16:17 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-24 16:17 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-24 16:17 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-24 16:17 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-24 16:17 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-24 16:16 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-24 16:16 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-24 16:16 . 2012-11-24 16:16 -------- d-----w- c:\programdata\AVAST Software
2012-11-24 16:16 . 2012-11-24 16:16 -------- d-----w- c:\program files\AVAST Software
2012-11-18 17:58 . 2012-11-18 17:58 -------- d-----w- c:\users\root\AppData\Local\Macromedia
2012-11-18 17:58 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-18 17:58 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-18 17:58 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-18 17:58 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-18 17:58 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-18 17:58 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-18 17:58 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-18 17:58 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-18 17:58 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-18 17:35 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-18 17:35 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 17:35 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 17:35 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-18 17:29 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-18 17:29 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-18 17:29 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 17:29 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 17:29 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-18 17:29 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-18 17:29 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 17:25 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-18 17:25 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-10 11:53 . 2012-10-26 18:01 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-11-10 11:48 . 2012-10-26 17:59 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-11-10 11:48 . 2012-11-10 11:48 -------- d-----w- c:\program files\Oracle
2012-11-10 11:17 . 2012-11-10 11:17 -------- d-----w- C:\$WINDOWS.~BT
2012-11-03 20:44 . 2012-11-03 20:44 -------- d-----w- c:\users\Martin\AppData\Roaming\pdfforge
2012-11-03 20:41 . 2012-11-03 20:41 -------- d-----w- c:\users\root\AppData\Roaming\pdfforge
2012-11-03 20:41 . 2012-10-12 06:34 100864 ----a-w- c:\windows\system32\pdfcmon.dll
2012-11-03 20:41 . 2012-05-05 10:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-11-03 20:41 . 2012-05-05 10:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-11-03 20:41 . 2012-05-05 10:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-11-03 20:41 . 1998-07-06 17:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-11-03 20:41 . 1998-07-06 17:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-11-03 20:41 . 1998-07-06 17:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-11-03 20:41 . 2012-11-03 20:41 -------- d-----w- c:\program files (x86)\PDFCreator
2012-11-03 20:40 . 2012-11-03 20:40 -------- d-----w- c:\users\root\AppData\Local\Programs
2012-10-26 18:00 . 2012-10-26 18:00 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 17:59 . 2012-10-26 17:59 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-10-26 17:59 . 2012-10-26 17:59 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 17:29 . 2011-04-20 21:10 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-18 14:16 . 2012-04-03 07:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-18 14:16 . 2011-05-24 10:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-19 08:46 . 2011-04-20 13:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-24 21:16 . 2012-10-19 09:26 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 08:35 . 2012-06-14 13:41 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-17 08:35 . 2011-04-28 11:09 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-19 09:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-19 09:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-19 09:29 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-19 09:29 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-19 09:29 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-19 09:29 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-16 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"UVS10 Preload"="c:\program files (x86)\Ulead VideoStudio\uvPL.exe" [2006-08-10 36864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 aswSnx;aswSnx; [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-07 270912]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
S3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*Deregistered* - aswMBR
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 16:17]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 16:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\jk36kmcf.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\02\12\0a\1c(?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-24 17:51:30
ComboFix-quarantined-files.txt 2012-11-24 16:51
.
Vor Suchlauf: 8 Verzeichnis(se), 18.967.732.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 27.147.247.616 Bytes frei
.
- - End Of File - - 37FAF898869DCB15971B2377AC7CA24E
Gruß, primorten |
|
24.11.2012, 21:01
| #6 |
| /// the machine /// TB-Ausbilder | blizzard battlenet account gehackt? Guddi, hast Du die PW geändert für den Account? Noch Probleme? ESET Online Scanner
Und ein frisches OTL log bitte.
__________________ --> blizzard battlenet account gehackt? |
|
26.11.2012, 09:17
| #7 |
| | blizzard battlenet account gehackt? Hi, leider habe ich aus arbeitstechnischen Gründen erst wieder am kommenden Wochenende die Möglichkeit mit der Problemlösung fortzufahren. Darum nicht wundern, wenn die nächsten Tage noch keine Antwort kommt. Bin aber auf jeden Fall noch dran. Gruß, primorten |
|
26.11.2012, 10:20
| #8 |
| /// the machine /// TB-Ausbilder | blizzard battlenet account gehackt? ok 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.12.2012, 21:13
| #9 |
| | blizzard battlenet account gehackt? Hi, ich habe den Account reaktiviert (neues pw) und auch das zugehörige E-Mail-Passwort erneuert. Und bis jetzt gibts keine Probleme. Der (erste) ESET-scan brachte keine Funde. Dementsprechend gab es auch keine Exportfuntkion. Da mich dies im ersten Moment ein wenig verwirrte, führte ich noch einen zweiten Scan durch (diesmal mit zusätzlichen aktivierter Option "Scan for potentially unsafe applications" in den erweiterten Einstellungen. Dabei wurden jedoch 6 Einträge gefunden. ESET.txt: Code:
ATTFilter C:\Program Files (x86)\Vuze\bunndle.zip a variant of Win32/Bunndle application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle application
D:\Downloads\cdbxp_setup_4.3.8.2523.exe Win32/OpenCandy application
D:\Downloads\DTLite4413-0173.exe Win32/OpenCandy application
D:\Downloads\winamp561_full_emusic-7plus_de-de.exe Win32/OpenCandy application
OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.12.2012 20:59:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 9,58 Gb Available Physical Memory | 79,88% Memory free 23,99 Gb Paging File | 21,62 Gb Available in Paging File | 90,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 81,30 Gb Total Space | 24,94 Gb Free Space | 30,68% Space Free | Partition Type: NTFS Drive D: | 850,11 Gb Total Space | 447,74 Gb Free Space | 52,67% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: root | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.10 12:46:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe PRC - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.08.03 08:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe PRC - [2010.03.25 10:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe PRC - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.11 18:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.06.11 12:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.18 16:23:26 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.11 02:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2011.05.15 20:25:00 | 004,264,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.11 17:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.08 07:42:38 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2011.08.07 17:47:31 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.05.20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB CD 7E CA A6 FF CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.24 17:17:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 22:29:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.14 14:41:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.10 21:21:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions [2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.01 16:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions [2012.12.01 16:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions\staged [2012.11.18 18:58:15 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.01 16:31:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.14 22:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.01 16:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2012.12.01 16:48:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.11.24 17:17:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.29 14:03:47 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2012.11.24 17:47:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead VideoStudio\uvPL.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.01 16:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.11.24 17:51:32 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.24 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\temp [2012.11.24 17:41:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.24 17:41:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.24 17:41:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.24 17:41:05 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.24 17:41:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.24 17:40:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.24 17:21:04 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.24 17:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.11.24 17:17:22 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Google [2012.11.24 17:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.11.24 17:17:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.11.24 17:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.11.24 17:17:19 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.11.24 17:17:15 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.11.24 17:17:14 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.11.24 17:17:13 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.11.24 17:17:11 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.11.24 17:17:10 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.11.24 17:16:55 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.11.24 17:16:54 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.11.24 17:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.11.24 17:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.11.18 18:58:48 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Macromedia [2012.11.10 12:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.11.10 12:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.11.10 12:17:52 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT [2012.11.03 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.11.03 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\pdfforge [2012.11.03 21:41:31 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.11.03 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.11.03 21:40:12 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2012.12.01 20:57:32 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.01 20:27:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.01 18:35:47 | 001,547,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.01 18:35:47 | 000,679,306 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.01 18:35:47 | 000,624,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.01 18:35:47 | 000,139,450 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.01 18:35:47 | 000,110,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.01 15:50:48 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.01 15:50:48 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.01 15:42:23 | 000,000,431 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.12.01 15:41:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.01 15:41:25 | 1072,291,838 | -HS- | M] () -- C:\hiberfil.sys [2012.11.24 17:47:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.24 17:22:19 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.11.24 17:17:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.11.24 15:55:05 | 000,000,188 | ---- | M] () -- C:\Users\root\defogger_reenable [2012.11.18 18:54:14 | 000,480,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml ========== Files Created - No Company Name ========== [2012.11.24 17:41:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.24 17:41:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.24 17:41:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.24 17:41:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.24 17:41:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.24 17:17:27 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.24 17:17:26 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.24 17:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.11.24 15:55:04 | 000,000,188 | ---- | C] () -- C:\Users\root\defogger_reenable [2012.11.18 18:35:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.18 18:29:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.28 11:18:33 | 000,000,043 | ---- | C] () -- C:\Users\root\gsview32.ini [2012.03.05 12:11:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2012.02.15 16:36:06 | 000,000,092 | ---- | C] () -- C:\Users\root\AppData\Local\fusioncache.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.25 09:54:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.05.25 09:54:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.05.08 09:57:45 | 000,000,017 | ---- | C] () -- C:\Users\root\AppData\Local\resmon.resmoncfg [2011.05.07 10:42:02 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.05.07 10:42:02 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.04.30 11:10:18 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.04.30 11:10:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.04.30 11:10:15 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.04.30 11:10:15 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.04.30 11:10:14 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.04.28 11:55:12 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd [2011.04.20 22:48:55 | 001,556,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.20 14:26:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.20 14:05:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.04.20 14:05:47 | 000,033,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.04.28 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DAEMON Tools Lite [2011.04.28 11:52:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Foxit Software [2011.04.28 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\IrfanView [2011.04.30 11:17:28 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\JabRef 2.6 [2011.06.25 12:39:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Juniper Networks [2011.04.20 14:33:13 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Leadertech [2011.07.25 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Miranda [2012.03.28 10:56:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++ [2012.03.28 11:21:04 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OpenCandy [2012.11.03 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\pdfforge [2011.04.20 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Thunderbird [2012.09.21 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys < End of report > Gruß, primorten |
|
02.12.2012, 14:50
| #10 |
| /// the machine /// TB-Ausbilder | blizzard battlenet account gehackt? Sonst noch Probleme bevor wir aufräumen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.12.2012, 18:36
| #11 |
| | blizzard battlenet account gehackt? Im Moment funktioniert der Account noch und mir sind keine weiteren Probleme aufgefallen. Ich hätte dann nur noch eine Frage zur präventiven Verwendung von Antivirus-/Firewall/sonstiger Freeware, die den windowseigenen Varianten vorzuziehen sind. Gruß, primorten |
|
03.12.2012, 08:29
| #12 |
| /// the machine /// TB-Ausbilder | blizzard battlenet account gehackt? Windows-Taste+R > Combofix /Uninstall > Enter OTL öffnen > Button Bereinigung drücken Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. __________________
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.12.2012, 16:55
| #13 |
| | blizzard battlenet account gehackt? Soeben wurde mein Account wieder gesperrt. Dies geschah, als ich soeben versuchte mich von meinem Arbeitsrechner aus einzuloggen (zumindest ist die Benachrichtigungs-E-Mail zur selben Zeit eingetroffen). Möglicherweise wurden die Sperrungen also durch das Einloggen von diesem Computer hervorgerufen. Die Anweisungen zur Bereinigung meines Heimrechners kann ich leider erst in ein paar Tagen durchführen (hoffentlich schaff ich es diese Woche). Ich melde mich aber auf jeden Fall, wenn ich die Möglichkeit dazu habe/hatte. Gruß, primorten |
|
06.12.2012, 19:32
| #14 |
| /// the machine /// TB-Ausbilder | blizzard battlenet account gehackt? mit dem Arbeitsrechner zockt man nicht 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.12.2012, 15:15
| #15 | |
| | blizzard battlenet account gehackt?Zitat:
So...die Bereinigung hab ich durchgeführt und hoffe, dass damit alle eventuellen Gefahren vorerst beseitigt sind. Zum Thema Firewall wollte ich noch fragen, ob die windowsinterne Variante ausreichend ist, oder ob man sich mi z.b. ZoneAlarm eine "gute?" Anti-Virus+Firewall-Lösung anschaffen sollte und ob man sich bei dem Dschungel an Meldungen dann nicht eher noch angreifbarer macht. Sonst würde ich mich wohl für die Windows Firewall+Avast Antivirus entscheiden. Gruß primorten |
|
| Themen zu blizzard battlenet account gehackt? |
| akamai, application/pdf:, audiograbber, autorun, avg secure search, battle.net, bho, cid, computer, document, error, fehler, firefox, flash player, google, home, install.exe, launch, logfile, mozilla, neu aufgesetzt, neue komponenten, pando media booster, plug-in, realtek, registry, required, richtlinie, rundll, scan, secure search, security, senden, software, spielen, svchost.exe, system, teamspeak, tracker, trojaner |
Linear-Darstellung
