|
Log-Analyse und Auswertung: Verschicke Spam MailsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.01.2013, 14:47 | #1 | |
| Verschicke Spam Mails Liebes Team von Trojaner Board, von meinem Yahoo Account wurden leider Spam Mails in meinem Namen verschickt. Vor ein paar Wochen hatte ich gerade mit eurer tollen Unterstützung den GVU Trojaner erfolgreich entfernt. Habe ich jetzt etwa erneut einen Virus??? Bitte helft mir... Hier der Malwarebytes Scan (alles andere findet ihr im Anhang): Zitat:
|
23.01.2013, 17:08 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam Mails Hallo,
__________________hast du dein Yahoo-Passwort geändert? Wenn nicht, dann mach das jetzt umgehend! Und beobachte dann ob noch immer SPAM gesendet wird
__________________ |
23.01.2013, 18:21 | #3 |
| Verschicke Spam Mails Hatte ich vergessen zu erwähnen: Hab ich schon gemacht!
__________________ |
23.01.2013, 20:36 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam Mails Ok. Wann? Ist das seit dem wieder vorgekommen mit dem Senden von SPAM?
__________________ Logfiles bitte immer in CODE-Tags posten |
23.01.2013, 20:40 | #5 |
| Verschicke Spam Mails Die Spam Mails wurden Montag verschickt, Montag habe ich dann auch mein PW geändert. Seitdem ist nichts passiert. Ist denn in meinen Logfiles ein Virus/Trojaner zu erkennen? |
23.01.2013, 20:50 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam Mails Da hab ich ehrlich gesagt noch nicht reingeschaut weil ich das mit dem Passwort erst klären wollte Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Verschicke Spam Mails |
23.01.2013, 22:03 | #7 |
| Verschicke Spam Mails Eine der Dateien war zu groß, um diese über "Zitat einfügen" zu posten. Deshalb hatte ich einfach alle Dateien gepackt. War mein Fehler, hab nicht mehr gesehen, dass man Dateien nur packen soll, wenn dies vom Helfer gefordert wird. Poste gleich alles nochmal. Moment... |
23.01.2013, 22:07 | #8 |
| Verschicke Spam Mails Hier nochmal die Posts vom Anfang. Sorry für die zip-Dateien: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.22.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bene :: BENE-PC [Administrator] 22.01.2013 16:16:38 mbam-log-2013-01-22 (16-16-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1149031 Laufzeit: 7 Stunde(n), 35 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 23.01.2013 12:34:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bene\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,85% Memory free 9,86 Gb Paging File | 7,55 Gb Available in Paging File | 76,61% Paging File free Paging file location(s): c:\pagefile.sys 6000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 127,99 Gb Total Space | 17,09 Gb Free Space | 13,35% Space Free | Partition Type: NTFS Drive D: | 337,77 Gb Total Space | 33,90 Gb Free Space | 10,04% Space Free | Partition Type: NTFS Computer Name: BENE-PC | User Name: Bene | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.23 08:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe PRC - [2013.01.19 09:23:59 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.01.09 13:41:17 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012.10.17 08:41:18 | 000,582,552 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe PRC - [2011.02.09 15:04:13 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe PRC - [2009.09.25 15:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.08.04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe ========== Modules (No Company Name) ========== MOD - [2013.01.23 12:22:37 | 000,354,304 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\pythoncom26.dll MOD - [2013.01.23 12:22:37 | 000,263,168 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\win32com.shell.shell.pyd MOD - [2013.01.23 12:22:37 | 000,096,256 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\win32api.pyd MOD - [2013.01.23 12:22:37 | 000,040,448 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\_socket.pyd MOD - [2013.01.23 12:22:35 | 000,645,120 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\_ssl.pyd MOD - [2013.01.23 12:22:35 | 000,110,592 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\pywintypes26.dll MOD - [2013.01.19 09:23:41 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.01.09 13:41:16 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2009.07.30 17:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.09.19 03:17:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.21 18:57:57 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.19 09:23:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 13:41:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.17 08:41:18 | 000,582,552 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService) SRV - [2012.09.16 13:13:25 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010.09.08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010.09.08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.05.24 15:34:59 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.21 14:26:40 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64) DRV:64bit: - [2012.03.21 14:26:32 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64) DRV:64bit: - [2012.03.21 14:26:30 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.04 12:22:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.12.04 12:22:00 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.04.15 21:21:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.03.25 17:47:48 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.10.07 12:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.09.25 15:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.09.25 15:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.09.19 05:32:36 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.08.23 15:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.17 19:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2013.01.01 14:53:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF DC 20 69 B5 E3 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {ED63E311-0560-4018-9856-98B10B7F06C7} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{09FC4750-61E6-4F45-9B4F-75C3678F7BB0}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on IE - HKCU\..\SearchScopes\{0B12F864-C38E-4FF3-BD58-E0AA40C69335}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{78961E35-9C17-464c-8DDD-21CC0255493F}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKCU\..\SearchScopes\{895B8F27-7D21-42EB-8CC2-C4A35E196BE1}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{E0C19C7C-D92A-403D-BE2B-E4A22BBF8E3B}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{ED197DAE-C833-489a-A579-F7A859F283F3}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\..\SearchScopes\{ED63E311-0560-4018-9856-98B10B7F06C7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0 FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5 FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.6.19 FF - prefs.js..extensions.enabledAddons: %7BB5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC%7D:0.3.8 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1 FF - prefs.js..extensions.enabledItems: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.5.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.02.09 15:04:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 09:23:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 09:23:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.10 20:07:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2010.08.03 17:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Extensions [2010.04.15 21:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.16 19:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\ylcxm0ry.default\extensions [2013.01.10 21:27:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\ylcxm0ry.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.09.25 14:04:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\ylcxm0ry.default\extensions\firefox@tvunetworks.com [2012.05.17 20:37:52 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\add-to-searchbox@maltekraus.de.xpi [2012.12.08 12:09:42 | 000,141,038 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\firegestures@xuldev.org.xpi [2012.09.19 08:03:49 | 000,204,580 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\jid0-DY3JlbKAAeLydLoHa0dLJn4735o@jetpack.xpi [2012.12.01 09:52:22 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\smarterwiki@wikiatic.com.xpi [2012.03.01 08:54:09 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2013.01.06 09:59:04 | 000,022,121 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi [2013.01.05 17:40:06 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.11.23 18:16:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.13 10:02:34 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.01.16 19:14:14 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.03.29 04:59:27 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2012.05.17 20:39:48 | 000,001,275 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\comunio.xml [2010.12.28 14:55:07 | 000,002,317 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\geizhalsat.xml [2010.12.31 12:29:05 | 000,001,695 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\idealode.xml [2010.08.03 18:12:40 | 000,001,504 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\imdb.xml [2012.08.08 16:10:59 | 000,002,043 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\the-free-dictionary.xml [2012.05.17 20:41:57 | 000,001,688 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\torrentday.xml [2010.08.03 18:11:45 | 000,004,140 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\youtube.xml [2013.01.19 09:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 09:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013.01.19 09:23:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.19 09:23:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.07.31 17:54:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 05:07:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.31 17:54:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.31 17:54:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.31 17:54:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.31 17:54:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.20 18:32:59 | 000,001,362 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O2:64bit: - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DC369F0-D72D-4EEC-83B0-F0D28B253C66}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC7BE9B-8BB7-44E8-AB90-903450273D55}: NameServer = 62.109.123.196 213.191.74.18 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{86906f86-6c32-11e0-814c-6cf0490ead50}\Shell - "" = AutoRun O33 - MountPoints2\{86906f86-6c32-11e0-814c-6cf0490ead50}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 08:33:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe [2013.01.21 18:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.01.21 18:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.01.20 15:25:37 | 000,000,000 | ---D | C] -- C:\Users\Bene\AppData\Local\iLivid [2013.01.19 09:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.10 20:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.10 19:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper [2013.01.09 19:50:05 | 000,000,000 | ---D | C] -- C:\Users\Bene\Desktop\Neuer Ordner [2013.01.02 19:26:33 | 000,000,000 | ---D | C] -- C:\Users\Bene\AppData\Local\Avg2013 [2013.01.01 15:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2013.01.01 12:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.01 12:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.12.29 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\Bene\AppData\Local\Programs [2010.08.31 15:54:48 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Users\Bene\AppData\Roaming\MSWINSCK.OCX [2010.03.25 17:42:36 | 000,388,096 | ---- | C] (Trend Micro Inc.) -- C:\Program Files (x86)\HiJackThis.exe ========== Files - Modified Within 30 Days ========== [2013.01.23 12:29:59 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 12:29:59 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 12:27:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.23 12:22:55 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Bene.job [2013.01.23 12:22:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.23 12:22:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.23 12:22:08 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 08:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.23 08:34:40 | 000,365,568 | ---- | M] () -- C:\Users\Bene\Desktop\gmer-2.0.18444.exe [2013.01.23 08:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe [2013.01.23 08:33:38 | 000,050,477 | ---- | M] () -- C:\Users\Bene\Desktop\Defogger.exe [2013.01.23 07:22:03 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job [2013.01.22 22:04:12 | 004,858,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.22 22:04:12 | 001,846,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.22 22:04:12 | 001,436,752 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.22 22:04:12 | 001,280,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.22 22:04:12 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.22 20:52:36 | 004,109,592 | ---- | M] () -- C:\Users\Bene\Desktop\17 The Wings.m4a [2013.01.22 15:47:41 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.01.22 15:21:14 | 001,052,195 | ---- | M] () -- C:\Users\Bene\Desktop\2013 başvuru formu partnerler için-1.pdf [2013.01.21 20:18:04 | 008,656,339 | ---- | M] () -- C:\Users\Bene\Desktop\2-06 Girl from the North Country.m4a [2013.01.21 20:18:04 | 007,793,368 | ---- | M] () -- C:\Users\Bene\Desktop\07 Automatic Bang!.m4a [2013.01.21 20:18:02 | 009,130,121 | ---- | M] () -- C:\Users\Bene\Desktop\01 One (Radio Edit).m4a [2013.01.21 20:18:02 | 007,972,738 | ---- | M] () -- C:\Users\Bene\Desktop\20 Heroes.m4a [2013.01.21 20:18:02 | 007,896,066 | ---- | M] () -- C:\Users\Bene\Desktop\01 Whatcha Say.m4a [2013.01.21 11:05:02 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Bene.job [2013.01.21 10:22:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job [2013.01.16 13:04:01 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Bene.job [2013.01.14 19:09:52 | 000,048,267 | ---- | M] () -- C:\Users\Bene\Desktop\27971_20130114_094634_Zertifikat (Teilnahme an 1311E0501).pdf [2013.01.09 14:00:58 | 000,319,838 | ---- | M] () -- C:\Users\Bene\Desktop\br-studienstufe-an-allgemeinbildenden-schulen.pdf [2013.01.09 13:00:36 | 004,896,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.31 19:17:09 | 000,002,120 | ---- | M] () -- C:\scu.dat [2012.12.30 12:52:23 | 000,397,065 | R--- | M] () -- C:\Users\Bene\Desktop\The.Wire.S01-S05.DVDRip.XviD-TD.torrent [2012.12.29 11:30:23 | 000,000,020 | ---- | M] () -- C:\Users\Bene\defogger_reenable ========== Files Created - No Company Name ========== [2013.01.23 08:34:39 | 000,365,568 | ---- | C] () -- C:\Users\Bene\Desktop\gmer-2.0.18444.exe [2013.01.23 08:33:37 | 000,050,477 | ---- | C] () -- C:\Users\Bene\Desktop\Defogger.exe [2013.01.22 21:04:44 | 004,109,592 | ---- | C] () -- C:\Users\Bene\Desktop\17 The Wings.m4a [2013.01.22 21:04:43 | 008,656,339 | ---- | C] () -- C:\Users\Bene\Desktop\2-06 Girl from the North Country.m4a [2013.01.22 21:04:43 | 007,793,368 | ---- | C] () -- C:\Users\Bene\Desktop\07 Automatic Bang!.m4a [2013.01.22 21:04:42 | 009,130,121 | ---- | C] () -- C:\Users\Bene\Desktop\01 One (Radio Edit).m4a [2013.01.22 21:04:42 | 007,896,066 | ---- | C] () -- C:\Users\Bene\Desktop\01 Whatcha Say.m4a [2013.01.22 21:04:41 | 007,972,738 | ---- | C] () -- C:\Users\Bene\Desktop\20 Heroes.m4a [2013.01.20 15:26:35 | 000,001,042 | ---- | C] () -- C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk [2013.01.14 19:09:50 | 000,048,267 | ---- | C] () -- C:\Users\Bene\Desktop\27971_20130114_094634_Zertifikat (Teilnahme an 1311E0501).pdf [2013.01.09 14:00:58 | 000,319,838 | ---- | C] () -- C:\Users\Bene\Desktop\br-studienstufe-an-allgemeinbildenden-schulen.pdf [2013.01.09 13:01:34 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Bene.job [2013.01.09 13:01:22 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Bene.job [2013.01.09 13:01:13 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Bene.job [2013.01.08 19:33:14 | 001,052,195 | ---- | C] () -- C:\Users\Bene\Desktop\2013 başvuru formu partnerler için-1.pdf [2013.01.02 19:29:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.31 19:17:09 | 000,002,120 | ---- | C] () -- C:\scu.dat [2012.12.30 12:52:54 | 000,397,065 | R--- | C] () -- C:\Users\Bene\Desktop\The.Wire.S01-S05.DVDRip.XviD-TD.torrent [2012.12.29 11:30:21 | 000,000,020 | ---- | C] () -- C:\Users\Bene\defogger_reenable [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.12.17 12:34:25 | 000,000,288 | ---- | C] () -- C:\Users\Bene\AppData\Roaming\.backup.dm [2011.09.24 21:29:35 | 000,001,456 | ---- | C] () -- C:\Users\Bene\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.06.28 19:27:49 | 000,019,968 | ---- | C] () -- C:\Users\Bene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.03 19:26:36 | 000,188,479 | ---- | C] () -- C:\Users\Bene\KalaK_Amp.wsz [2011.01.25 20:06:04 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.03 11:13:45 | 000,007,631 | ---- | C] () -- C:\Users\Bene\AppData\Local\Resmon.ResmonCfg [2010.04.17 10:47:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.15 20:12:18 | 003,670,016 | -HS- | C] () -- C:\Users\Bene\NTUSER.bak ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.25 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Ahnenblatt [2011.01.03 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\avidemux [2012.06.30 19:34:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Canon [2012.10.26 16:57:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.03.21 12:57:21 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Cornelsen [2013.01.02 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DAEMON Tools Lite [2012.08.31 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Dropbox [2012.08.29 15:00:44 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DVDVideoSoft [2010.12.20 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.02 11:34:39 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\elsterformular [2012.09.13 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\fotobuch.de AG [2013.01.01 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\IrfanView [2011.01.28 21:45:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Leadertech [2010.04.28 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\OpenOffice.org [2011.11.04 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Opera [2011.08.12 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\PlagiarismFinder [2012.10.31 10:11:41 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Samsung [2012.09.16 13:33:23 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\SMART Technologies [2010.11.10 18:56:50 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\SMART Technologies Inc [2011.07.28 11:43:15 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.25 09:56:46 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\streamripper [2010.09.10 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\StreamTorrent [2010.11.17 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Sync App Settings [2011.08.25 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Systweak [2010.04.15 21:32:56 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Thunderbird [2012.04.14 07:36:12 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\TIPP10 [2012.10.26 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\TuneUp Software [2010.12.04 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Ubisoft [2013.01.23 08:16:26 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.01.2013 12:34:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bene\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,85% Memory free 9,86 Gb Paging File | 7,55 Gb Available in Paging File | 76,61% Paging File free Paging file location(s): c:\pagefile.sys 6000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 127,99 Gb Total Space | 17,09 Gb Free Space | 13,35% Space Free | Partition Type: NTFS Drive D: | 337,77 Gb Total Space | 33,90 Gb Free Space | 10,04% Space Free | Partition Type: NTFS Computer Name: BENE-PC | User Name: Bene | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe "C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AFCD845-A6C2-426C-BAF4-6CEE5E61BF53}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0C4BBA63-C433-4212-920A-30E70ADA126C}" = rport=10243 | protocol=6 | dir=out | app=system | "{110A2C6B-188F-4263-9E73-3D11F7C18094}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{11234E49-7144-44FF-98BE-502822DB5CA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{16FCB80D-11D6-46A9-9794-13A95482A9A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2104AD9D-6EC9-4D11-9B27-87EAA6190FC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2F098FA2-75F0-415C-9A76-4A69BF1A7882}" = lport=139 | protocol=6 | dir=in | app=system | "{3095C219-A239-4C8B-B452-135CBD3CA49F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{33293A79-F27B-4FAC-BDDB-4307CF29A2C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3B9118EB-AF1D-41DB-AB7A-BB18C352C804}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3E4CC361-3137-41AE-86CF-17677E3B8DAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{3EAFBDCA-88E6-4E17-B086-0834211906B2}" = lport=10243 | protocol=6 | dir=in | app=system | "{4510E8F6-A093-48EC-8542-23A6C1E724E2}" = rport=138 | protocol=17 | dir=out | app=system | "{4EC3BA22-2AD9-4DFB-8781-E45F2340B43E}" = lport=137 | protocol=17 | dir=in | app=system | "{509F79C0-4B28-4B9B-9073-FA94B2D50D05}" = rport=445 | protocol=6 | dir=out | app=system | "{65D33695-C616-4CC3-B859-1A9D60E3C2D5}" = lport=445 | protocol=6 | dir=in | app=system | "{6E01F6BC-6615-49F9-9F1D-C557E77C591F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{76972F96-B701-4707-828A-D2EEFFF7F4BC}" = lport=138 | protocol=17 | dir=in | app=system | "{798A577F-7653-4A3A-968A-1216E976ED7A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{858D98CB-329E-476E-B2CA-4CA7514E0E53}" = lport=2869 | protocol=6 | dir=in | app=system | "{987E087A-3F11-45E7-82E2-D44417447509}" = rport=139 | protocol=6 | dir=out | app=system | "{9C047623-A6C2-4B70-8911-2387521FC7B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A3A2434C-B3E7-4AA3-A4A7-7FE5216EAD7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AC38A2A7-0A47-4C2B-802D-AFADB5E275B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B8663D6B-6146-4B92-BC30-1EA4536B3550}" = rport=137 | protocol=17 | dir=out | app=system | "{B8E3CEE9-60BC-4E93-B3E3-E5D213962678}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B9C1799C-85B0-4479-9CE8-DE088AA1E28D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CFB9227A-8904-447C-B379-EEC84F853725}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D6DE5FD2-2883-47BE-9D91-062360EA9E1A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E349385D-69F7-4A16-B85E-CB114FDE471D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E461420B-197A-4F78-8414-B609164D796B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F20C666F-7B00-4583-A7D2-62777BBF9130}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F2BF856A-0634-442C-9451-DF695BAF327E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0154113F-98CA-4C3C-A952-09FA731050DD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "{07AD35BF-5DF6-467E-8513-6C032A14CA28}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{09384943-C967-474D-88D0-6E85D6F86BBE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0A74F7BC-9206-4751-ADD3-D446EC92D5A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{0F9BBFAB-4EA1-4790-81AA-CEC930D8FA55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{10900726-28A9-4A9C-87FB-E120932BD7D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{12058908-A29D-4BB9-B4A6-37E7B93F6124}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe | "{12E9DBB0-0F6A-4964-8DEB-D352EC384F3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{146A391E-F6A6-4BC7-86D3-6518E7285C07}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe | "{17F01A1A-2413-4E36-B2D9-5C385AD32816}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{18BD4D54-1BF4-4EFF-A2CB-3998FCFE1BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "{19A1A3A8-6DEE-4A28-9168-9D44851FDCB0}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "{1AA1379F-3CA4-4D63-88FB-FB311CC96F2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1F000C96-11C6-4E33-9EE0-6420EC9779D4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{2296147F-C3F7-447A-931B-503E0504C28B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "{29A76C6C-F87D-4498-8707-C4780CF004A7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{2BA211D1-6493-4872-9ED0-D0E1055EE180}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{2D093579-5CF6-4371-8466-BEC1AAAB13DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2D64331F-6D0F-4841-8584-E081E9E8D5AF}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "{2FEFC434-44D6-48BA-B664-A4459CC4D6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{33E0AEF5-A4E9-40BD-910F-56310A869485}" = protocol=6 | dir=in | app=e:\alicesetup.exe | "{37A5E771-C8D2-4B40-9C9B-2C707C1E35D6}" = protocol=17 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | "{3817DCE6-EC3D-4AA6-B717-2769E87AF47D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{3CBA40EF-BAB9-4F9A-8740-7A0A1153279C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{41E8CB64-1CB8-4A3E-94B7-72A972EA8951}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{45D33496-1F74-452A-805A-B61EB91B606E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{473D03B8-6E6D-46FD-970F-2A2B39AAC50D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{4C98D011-D297-4C10-B9CD-BCC76219970D}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe | "{4F792CC3-1A3A-414A-B7D4-1DF672753BC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{51003424-229C-4664-9B5A-6237322D9BD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{51E6E2A5-3E21-4F93-9828-152E2EA4F36C}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{55DF8F9F-2DD3-425B-8164-F35B95BEC065}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{5C9C9EBE-F9C8-40E2-B972-FCE85A49F3C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{60B106CC-60BD-43E4-9705-6C4C308B924D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{633EF74A-4B33-49FA-B008-A9457E2F827E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{63A31D00-D2F6-4B94-80DD-99B57FC208CB}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "{67F6FE7D-7240-4B51-8E36-ED0B4A684292}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6B452E67-C11A-4D06-A818-C0411A01C48B}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{6C5711FC-0ECF-4B23-A7AA-AF0413BA7410}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "{6C5A3C64-1033-4362-9985-97CD370F748F}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "{70315441-4063-45CD-9C0C-A3F187EA6185}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{740E7053-990D-4763-9950-0CF8EB76F1E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{743DE810-FC17-43FF-9069-1A1E4BA33C57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{7B213084-906C-4050-A612-84E7140E0648}" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "{7DD79606-F11E-42C2-8284-28421F105D69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{84033421-9EA5-4C39-8795-2A1127D651C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8489A0D4-593B-48E4-AC48-FD5C7CFC6E96}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "{85D39ED4-6BDF-4350-9775-BF8211C293AF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{8C029300-CE15-4036-8EE6-81E0AF9975E4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{8C64E472-A5E4-4F46-9AF2-329A91340E69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{908070B5-9163-4463-B721-49B60D9A8B83}" = protocol=58 | dir=in | app=system | "{90A5074C-DF15-444B-9868-C56B237B1A16}" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "{99BC6303-8D41-4520-B0C4-ED8606E60375}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{9C66A541-8884-45B7-9DE2-3215162B98AC}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "{9DCD9F76-46F1-4A00-B3DC-2144B8D83747}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9EFF6BCA-226F-44B6-B290-EA2BCD60590E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{A3BBDB28-4F21-42DC-A60D-316A4A16DCB9}" = protocol=6 | dir=out | app=system | "{A3E7187E-B034-4E7E-8342-915FF2177883}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "{A8E28D94-D18A-4AA6-9C8A-F8D3EB30B0A0}" = dir=in | app=c:\users\bene\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{AB0639C6-D4D2-4782-A7E6-F82559AB305D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "{AEDC4147-27DF-4EFE-8658-0553715A27C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{B1F114D9-6749-43EC-9BE9-C76ECF722C34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B9E2CCB0-D70A-404D-8956-A766C46D1AFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BA1D4679-9F58-4E31-A677-CE40B6A84885}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{BF486187-EC9A-4B9D-A961-0F2410B16EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{C27C9CD9-B086-470A-8BCA-6D4BCAAA0066}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{C6C3660E-A22A-4562-B4B6-1172A5689E8E}" = protocol=6 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | "{C978121B-8086-4DB0-BD8E-B99A11DC70F9}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe | "{D17DA6B4-971C-4AB6-B66F-A3BE97A8E39C}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe | "{D2F6E057-DFC9-4562-986A-AE653A2A9ED6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D37085D8-0D25-4D0E-8BF6-42BE12F7CE4B}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "{D75EB00F-9768-4E4C-9AB3-43083D377188}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe | "{D9A6FDF0-0C1A-40BD-AE8F-EE0D7E22256F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DBA582D7-776A-4D0F-893F-459703E13CF9}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "{E4BD3B17-7A65-4F8F-BEAF-0AF83D4D20DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E50EC6BC-6C77-4BE7-B44B-D1117CAD4BC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E8A4EC31-0153-417C-80B8-B272E22AFC0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E97FE20E-A49A-4280-90E0-DD949095E017}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{EB7F6FEC-36B2-48D2-A0A4-1A659283F71C}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "{ECDF3EC7-D6BD-41C9-BEA0-0C00B6A74CE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F2D3D916-734C-43EE-BD25-4CFC26D43495}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "{F5AAD8C9-3863-4A08-A2A4-13F408108B1C}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe | "{F8A52E4B-A0B6-4560-B7C4-7DA4E3EA9F35}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe | "{F984478E-4A56-4603-BAB2-373DE321C8CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{FB6492E0-AB67-48D8-8B10-1B92E881E96F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{FBA11FAE-AF1E-4240-BB7B-1D4A6D306721}" = protocol=17 | dir=in | app=e:\alicesetup.exe | "{FC95596F-0F2D-4B28-B514-DBCA9AC8EFF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FCE4E2C9-05A1-4AB5-ACE6-A20E1D271E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "TCP Query User{11137FE6-063B-44C2-A3B4-BFE0FB7F4300}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "TCP Query User{1AD82EC3-FE0D-4B8E-A999-7662994A1499}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{1BE2B5C4-B2C3-4C52-A81C-A8AF13244F35}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{1FA3BEF2-3619-4728-B624-E650CBFABF54}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{3929C904-04E6-481D-85C0-245FA7DDD957}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{4922841C-3EFB-4FB8-9335-A26ED83E281A}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | "TCP Query User{4DF31695-C7C2-4401-B5C9-670FFC8445F1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{555C3EA9-BD0D-4BC1-8F44-2FF02121472D}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "TCP Query User{556628F7-71F9-4339-B0C3-6D73591869B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{91B23A24-FB2C-4C3D-A435-E0AE5F6458B3}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "TCP Query User{95B24415-5638-4119-9245-89B1FD6642F2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{9DFDAA12-2210-4C48-8631-9854B17EB237}C:\users\bene\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | "TCP Query User{9F9AD9E6-84C6-4910-885C-D3A0B1BF0F38}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{A5084ECD-78BD-4509-80CA-53DE1D61C7E7}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "TCP Query User{A98A3B5D-1C68-4EF9-A9ED-4C0BBED70AD6}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{D174D1D8-D6F8-423A-AA7E-AAF6450C1204}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | "TCP Query User{D843B4D3-5F51-4723-A7C7-E5E2E994191E}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{EC4725F9-CDEE-43E8-8CAB-573E08DEBE0A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{F85D8056-0EA6-4C5E-B4EB-9DC5E4887EBF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{01D36DD1-840C-4670-9D93-14408D1CC43C}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{02194056-7F43-4526-BD6A-E57BE743211D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{14EA8528-3238-4C41-8C52-2284D5F98A5D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{3E5EDDF5-4EAA-41D6-8412-A73C48B130C2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{41343117-962E-41DE-B993-08EA151B4049}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "UDP Query User{6C1647F5-3662-4A5D-99D9-1D2DEFCE15A0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{79118D6C-885B-449F-A77E-EC3679BBCF34}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | "UDP Query User{7F9C1879-020B-4DD6-AE99-2D3CA651BE64}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{9626D592-5861-4D8B-9439-40154A53F146}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | "UDP Query User{9C366134-E842-4D7F-8C98-745915390798}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{A1DF2D92-3327-469E-BEC6-F09B8E3D12ED}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{A29DC7C5-9654-4F44-9705-6A3F2FFBAD02}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{C1C4D5D5-CE9E-42EA-90A5-17F60B762A66}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{CD4287EB-0910-4F35-93BA-9876854B1DC8}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | "UDP Query User{D240C1C8-09A4-4435-AC89-B19C1328684F}C:\users\bene\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | "UDP Query User{DADB59C9-D4F1-4712-81BB-1018094B74F6}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{F37C5C6E-C590-4593-8E91-036A3EB73AF2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{F501DBDC-1876-4447-8B1F-E9058EF39C0E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{F5844998-EA19-41BF-A22E-DEE0D0F377F4}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1BCA0DE2-FAEE-9504-C411-422263E16E68}" = ccc-utility64 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{22591D78-46F8-41E4-9E89-323B8C0A16AF}" = AVG 2012 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6F482C75-174D-42EB-A2CF-B00A1F354F7B}" = WD SmartWare "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{857A474F-2485-BC1B-168C-BD396012C30E}" = ATI Catalyst Install Manager "{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013 "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012 "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) "AVG" = AVG 2013 "CCleaner" = CCleaner "Defraggler" = Defraggler "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{10E1FFEC-1091-3B36-C1BA-D8C3FE0F9BE2}" = CCC Help Spanish "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{14182112-52B4-2FF5-D85A-3C0AD2AFA712}" = Catalyst Control Center HydraVision Full "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2 "{2487D1AE-A0E0-CFFB-E7EA-D3475174FDC0}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38313574-4523-6196-9B42-2C34B4E8A0C7}" = Catalyst Control Center Graphics Previews Common "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D1B7263-3DC3-7D19-96EF-2BA1C5FC56A9}" = Catalyst Control Center Graphics Light "{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German) "{43B8F718-87DC-8867-E6A9-1D51624D5D07}" = Catalyst Control Center Graphics Full Existing "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility "{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack "{5D18C879-953D-AA38-7F6B-CBB50BD385DE}" = CCC Help Portuguese "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive "{7E941E63-08D9-09C5-FEEC-E5F2781A085E}" = Catalyst Control Center Localization All "{812830C1-9ABA-6B0E-FB4F-324783FB4557}" = CCC Help French "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D4B716A-0ABE-4238-9090-D208E5F57A5E}" = SMART Product Update "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5E54C43-0A4E-7F92-6D85-2195704A937B}" = Catalyst Control Center Core Implementation "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BB0AA5D7-D5F0-7B4E-C3B5-D6304DBB2631}" = ccc-core-static "{C0233C48-0C28-6CC5-2EDD-C6EB387C49CB}" = CCC Help Italian "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CAAE8672-FE2F-2B7C-6CF4-6068B491D5BC}" = CCC Help English "{CCC401C6-AA00-3A36-B71C-C1ECDE5B3DF2}" = CCC Help German "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E7490029-E728-F928-B5E8-9B27FBDB6E46}" = Catalyst Control Center Graphics Full New "{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FDA3AF83-4C36-4D9C-89C4-A5C71E2CF997}_is1" = ComunioCalci 1.5.1 "{FF357FB1-41AA-4C8A-BAC3-0B309E9798D2}" = GooReader "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Allway Sync_is1" = Allway Sync version 10.5.8 "At the Cutting Edge_is1" = At the Cutting Edge "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CDex" = CDex - Open Source Digital Audio CD Extractor "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DPP" = Canon Utilities Digital Photo Professional 3.10 "ElsterFormular 13.2.0.8623p" = ElsterFormular "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "Free YouTube Download_is1" = Free YouTube Download 2.9 "iLivid" = iLivid "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "Klett Software Sicher ins Abitur" = Klett Software Sicher ins Abitur "Lehrer-Software Notting Hill Gate 3B" = Lehrer-Software Notting Hill Gate 3B "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition "Opera 12.00.1467" = Opera 12.00 "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "QUICKfind" = QUICKfind server v1.1 "RealPlayer 12.0" = RealPlayer "SopCast" = SopCast 3.4.0 "Soulseek2" = SoulSeek 157 NS 13e "StarCraft II" = StarCraft II "Steam App 570" = Dota 2 "Streamripper" = Streamripper (Remove only) "Tesseract-OCR" = Tesseract-OCR - open source OCR engine "TIPP10_is1" = TIPP10 Version 2.1.0 "TVUPlayer" = TVUPlayer 2.5.3.1 "uTorrent" = µTorrent "Veetle TV" = Veetle TV "VLC media player" = VLC media player 1.1.11 "Warcraft III" = Warcraft III "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "FLV Player" = FLV Player "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.01.2013 11:28:45 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.01.2013 11:28:45 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.01.2013 11:28:45 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 22.01.2013 16:08:21 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.01.2013 16:08:21 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.01.2013 16:08:21 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 22.01.2013 17:04:09 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.01.2013 17:04:09 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 22.01.2013 17:04:09 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 22.01.2013 19:19:04 | Computer Name = Bene-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 21.01.2013 13:58:10 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 21.01.2013 13:58:10 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.01.2013 03:44:14 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error - 22.01.2013 03:44:16 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error - 22.01.2013 09:47:13 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error - 22.01.2013 09:47:17 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error - 23.01.2013 03:18:04 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error - 23.01.2013 03:18:08 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. Error - 23.01.2013 07:22:26 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003 Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver. Dieser Dienst ist eventuell nicht installiert. Error - 23.01.2013 07:22:30 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024 Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler beendet: %%-536805315. < End of report > Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-23 14:31:22 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38 465,76GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Bene\AppData\Local\Temp\kxldqpow.sys ---- Threads - GMER 2.0 ---- Thread [2536:2768] 0000000077332e25 Thread [2536:5588] 0000000077333e45 Thread [2536:3656] 0000000077333e45 Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3156:3232] 000007fefbb42a7c ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2160] 000007fef8910000 Library ? (*** suspicious ***) @ [2536] 0000000000400000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3156] 000007fef1bb0000 Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [6068] 000007fefd490000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xB6 0xB4 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x35 0x93 0xC1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x4B 0xD6 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0x35 0x81 0x34 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xB6 0xB4 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x99 0x35 0x93 0xC1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x4B 0xD6 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xF8 0x35 0x81 0x34 ... ---- EOF - GMER 2.0 ---- |
23.01.2013, 22:09 | #9 |
| Verschicke Spam Mails ok? Geändert von benebene (23.01.2013 um 22:12 Uhr) Grund: Beitrag doppelt gepostet |
23.01.2013, 22:33 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam MailsCode:
ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
__________________ Logfiles bitte immer in CODE-Tags posten |
24.01.2013, 18:39 | #11 |
| Verschicke Spam Mails Ooops, das war dann wohl mein Neffe... könnte das ein Trojaner/Virus sein? |
24.01.2013, 22:11 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verschicke Spam Mails Ja. Denn mit so gut wie jeder gecrackten Software handelt man sich zu 99% Schädlinge ein. Die Einträge die wir da sehen, ermöglichen es der gecrackten Software sich den Adobe-Aktivierungservern zu entziehen. Wenn dein Rechner diese Einträge hat, kann es mit Adobe NICHT mehr kommunizieren, und genau das macht nur bei gecrackter Adobe-Software (zB CS5 in deinem Log) Sinn Zitat:
Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2013, 06:39 | #13 |
| Verschicke Spam Mails Ok, danke für den Support! |
Themen zu Verschicke Spam Mails |
account, administrator, anhang, anti-malware, autostart, board, erneut, explorer, gen, helft, mail, mails, malwarebytes, namen, scan, service, spam, speicher, trojaner, trojaner board, version, virus, virus?, virus??, yahoo |