|
Plagegeister aller Art und deren Bekämpfung: Virus/ Malware oder Trojaner? erstellt datein auf externer HDDWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.05.2013, 11:40 | #1 |
| Virus/ Malware oder Trojaner? erstellt datein auf externer HDD Hallo, ich glaube ich habe einen Virus/ Trojaner oder etwas anderes. Seit gestern erstellen sich in kürzester Zeit 1000-2000 datein die in etwas so aussehen 4435_4323453485 auf meiner externen HDD. Ich konnte sie löschen und dann war ruhe. Heute haben sich wieder welche erstellt. Mein Bitdefender 2013 Plus findet aber nichts. Spybot hat auch nichts gefunden. Warum findet Bitdefender nicht spätestens in dem moment etwas, sobald diese datein erstellt werden? Hat jemand eine Idee was ich noch machen kann oder was das sein kann? Mfg OTL inhalt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2013 12:19:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\just4fun\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 69,39% Memory free 15,98 Gb Paging File | 12,90 Gb Available in Paging File | 80,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 77,78 Gb Total Space | 34,66 Gb Free Space | 44,56% Space Free | Partition Type: NTFS Drive D: | 154,76 Gb Total Space | 29,59 Gb Free Space | 19,12% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 35,66 Gb Free Space | 15,31% Space Free | Partition Type: NTFS Computer Name: JUST4FUN-PC | User Name: just4fun | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.22 12:18:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\just4fun\Desktop\OTL.exe PRC - [2013.04.04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.04.01 12:12:56 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.03.05 21:34:04 | 001,293,824 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\iron.exe PRC - [2012.09.13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe ========== Modules (No Company Name) ========== MOD - [2013.02.24 07:53:32 | 000,130,048 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libegl.dll MOD - [2013.02.24 07:41:48 | 000,736,768 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libglesv2.dll MOD - [2013.01.11 20:28:20 | 001,149,440 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll MOD - [2012.09.13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll MOD - [2012.09.13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll MOD - [2012.09.13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MOD - [2012.09.13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MOD - [2012.09.13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.04.29 17:45:30 | 001,646,792 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV:64bit: - [2013.03.30 09:45:23 | 000,068,856 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2012.09.28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.17 09:49:10 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 15:10:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.04.01 12:12:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.03.26 18:23:32 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3) SRV - [2013.03.15 13:01:11 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service) SRV - [2013.02.28 18:45:16 | 000,161,384 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.10.01 21:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.10.01 21:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.10 09:46:35 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013.04.29 17:45:33 | 000,718,840 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2013.04.29 17:45:31 | 000,593,144 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.30 09:45:23 | 000,147,232 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt) DRV:64bit: - [2013.01.30 19:46:16 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox) DRV:64bit: - [2012.11.09 16:33:30 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.11.09 16:33:30 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.11.02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2012.10.31 13:13:18 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2012.10.25 18:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.09.28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.09.21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.09.21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.09.17 16:05:10 | 000,123,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.05 14:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.11.14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC CB 05 79 EC EC CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 09:11:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 09:11:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.18 09:11:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.18 09:11:51 | 000,000,000 | ---D | M] [2013.03.17 10:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\just4fun\AppData\Roaming\mozilla\Extensions [2013.05.13 19:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\just4fun\AppData\Roaming\mozilla\Firefox\Profiles\tv4812br.default\extensions [2013.05.12 23:56:03 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\just4fun\AppData\Roaming\mozilla\firefox\profiles\tv4812br.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.17 09:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.17 09:49:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.01.12 10:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll [2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll O1 HOSTS File: ([2013.05.22 09:29:32 | 000,448,030 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 order.tune-up.com O1 - Hosts: 127.0.0.1 tune-up.com O1 - Hosts: 127.0.0.1 tune-up.com/order O1 - Hosts: 127.0.0.1 registertuneup.com O1 - Hosts: 127.0.0.1 download.tune-up.de O1 - Hosts: 127.0.0.1 download.tune-up.com O1 - Hosts: 127.0.0.1 secure.tune-up.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15383 more lines... O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\just4fun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6810D8D0-C2C5-4E0F-9603-421A2EE16639}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk /r \??\H:) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 12:18:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\just4fun\Desktop\OTL.exe [2013.05.22 11:42:29 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Malwarebytes [2013.05.22 11:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.22 11:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.22 11:42:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.22 11:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.22 08:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.05.22 08:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.21 23:48:39 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\Adobe Creative Suite 6 Master Collection CS6 Win & Mac OS X Keygen by Team X-FORCE [2013.05.19 18:49:25 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\schatzi-urlaub [2013.05.19 16:09:43 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\MusicBee [2013.05.19 16:09:28 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee [2013.05.19 16:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee [2013.05.19 16:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBee [2013.05.19 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\MusicBrainz [2013.05.19 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Local\cache [2013.05.18 19:42:43 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Local\Logitech® Webcam-Software [2013.05.18 19:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.05.18 19:39:02 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Leadertech [2013.05.18 19:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.05.18 19:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2013.05.18 13:26:15 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Auslogics [2013.05.18 12:37:27 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Apple Computer [2013.05.18 12:28:43 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\TuneUp Software [2013.05.18 12:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.05.18 12:27:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.05.18 12:27:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.05.18 09:41:27 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Documents\Vuze Downloads [2013.05.18 09:20:38 | 000,000,000 | ---D | C] -- C:\Users\just4fun\.swt [2013.05.18 09:20:13 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Azureus [2013.05.18 09:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze [2013.05.18 09:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.18 09:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.05.18 09:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.05.18 09:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.05.18 09:10:52 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Local\Apple [2013.05.18 09:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.05.18 09:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.05.17 09:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.16 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Documents\4A Games [2013.05.16 15:40:01 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Local\4A Games [2013.05.16 00:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.05.16 00:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.05.12 19:48:44 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\MKGWMMOBZ [2013.05.10 10:57:21 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\TIPP10 Professional [2013.05.10 10:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10 Professional [2013.05.10 10:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tipp10 Professional [2013.05.10 10:44:35 | 000,000,000 | R--D | C] -- C:\Sandbox [2013.05.10 10:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2013.05.10 10:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2013.05.10 10:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2013.05.10 10:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects [2013.05.10 09:46:35 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013.05.09 17:25:59 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Nitro PDF [2013.05.09 17:22:28 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV [2013.05.09 17:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MakeMKV [2013.05.09 17:18:52 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\schatz musik [2013.05.09 17:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo [2013.05.08 20:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd [2013.05.08 20:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2013.05.06 07:41:23 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\settings [2013.05.05 21:04:36 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\Mp3tag [2013.05.05 21:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2013.05.04 12:05:15 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\addons [2013.05.03 07:35:43 | 000,000,000 | ---D | C] -- C:\Downloads [2013.05.03 07:35:26 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\BitComet [2013.04.30 20:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.29 18:49:59 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\Bilder [2013.04.29 17:45:33 | 000,718,840 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2013.04.29 17:45:31 | 000,593,144 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys [2013.04.29 11:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.26 14:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\winamp [2013.04.25 10:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.25 10:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.25 07:49:31 | 000,000,000 | ---D | C] -- C:\Users\just4fun\Desktop\Neuer Ordner [2013.04.24 17:49:15 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\TERA [2013.04.22 12:47:08 | 000,000,000 | ---D | C] -- C:\Users\just4fun\AppData\Roaming\vlc ========== Files - Modified Within 30 Days ========== [2013.05.22 12:20:01 | 000,377,856 | ---- | M] () -- C:\Users\just4fun\Desktop\gmer_2.1.19163.exe [2013.05.22 12:18:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\just4fun\Desktop\OTL.exe [2013.05.22 11:42:20 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.22 11:40:59 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini [2013.05.22 11:40:54 | 000,027,136 | ---- | M] () -- C:\Windows\SysNative\bddel.exe [2013.05.22 11:40:53 | 000,000,244 | ---- | M] () -- C:\Windows\SysNative\bddel.dat [2013.05.22 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 11:03:59 | 000,031,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 11:03:59 | 000,031,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 10:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 09:29:32 | 000,448,030 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.22 09:28:01 | 000,448,030 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130522-092932.backup [2013.05.21 15:10:10 | 000,001,484 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.05.21 10:23:45 | 000,071,514 | ---- | M] () -- C:\Users\just4fun\Desktop\Deckblatt-xxxxxx.pdf [2013.05.21 09:55:35 | 000,126,504 | ---- | M] () -- C:\Users\just4fun\Desktop\Lebenslauf-xxxxxx.pdf [2013.05.21 09:41:04 | 000,248,579 | ---- | M] () -- C:\Users\just4fun\Desktop\Rechnung_36971.pdf [2013.05.21 09:33:45 | 000,001,117 | ---- | M] () -- C:\Users\just4fun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2013.05.19 16:09:37 | 000,001,016 | ---- | M] () -- C:\Users\just4fun\Desktop\MusicBee.lnk [2013.05.19 15:27:21 | 031,119,548 | ---- | M] () -- C:\Users\just4fun\Desktop\Carlprit - Fiesta.flac [2013.05.18 21:41:13 | 000,228,227 | ---- | M] () -- C:\Users\just4fun\Desktop\Dota-2-Noob.jpg [2013.05.18 12:24:21 | 000,001,030 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130522-092801.backup [2013.05.18 09:19:23 | 000,000,000 | ---- | M] () -- C:\END [2013.05.17 10:28:55 | 000,218,814 | ---- | M] () -- C:\Users\just4fun\Desktop\Anschreiben-xxxxxxxxxr.pdf [2013.05.15 14:27:57 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.15 14:27:57 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.15 14:27:57 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.15 14:27:57 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.15 14:27:57 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 14:22:47 | 000,318,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.10 11:13:10 | 000,001,081 | ---- | M] () -- C:\Users\just4fun\Desktop\TIPP10 Professional.lnk [2013.05.10 09:46:35 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013.05.09 17:22:38 | 000,001,000 | ---- | M] () -- C:\Users\just4fun\Desktop\MakeMKV.lnk [2013.04.29 17:45:33 | 000,718,840 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys [2013.04.29 17:45:31 | 000,593,144 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys ========== Files Created - No Company Name ========== [2013.05.22 12:20:01 | 000,377,856 | ---- | C] () -- C:\Users\just4fun\Desktop\gmer_2.1.19163.exe [2013.05.22 11:42:20 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.22 11:40:54 | 000,027,136 | ---- | C] () -- C:\Windows\SysNative\bddel.exe [2013.05.22 11:40:53 | 000,000,244 | ---- | C] () -- C:\Windows\SysNative\bddel.dat [2013.05.22 11:40:50 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini [2013.05.21 09:41:04 | 000,248,579 | ---- | C] () -- C:\Users\just4fun\Desktop\Rechnung_36971.pdf [2013.05.21 09:33:45 | 000,001,117 | ---- | C] () -- C:\Users\just4fun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2013.05.19 16:09:29 | 000,001,016 | ---- | C] () -- C:\Users\just4fun\Desktop\MusicBee.lnk [2013.05.19 15:15:50 | 031,119,548 | ---- | C] () -- C:\Users\just4fun\Desktop\Carlprit - Fiesta.flac [2013.05.18 21:41:13 | 000,228,227 | ---- | C] () -- C:\Users\just4fun\Desktop\Dota-2-Noob.jpg [2013.05.18 09:20:21 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk [2013.05.18 09:19:23 | 000,000,000 | ---- | C] () -- C:\END [2013.05.18 09:10:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.05.16 12:11:29 | 000,218,814 | ---- | C] () -- C:\Users\just4fun\Desktop\Anschreiben-T.Fiedler.pdf [2013.05.16 12:04:12 | 000,295,998 | ---- | C] () -- C:\Users\just4fun\Desktop\Foto-xxxxxxxxx.jpg [2013.05.10 15:45:03 | 000,071,514 | ---- | C] () -- C:\Users\just4fun\Desktop\Deckblatt-xxxxxxxxxx.pdf [2013.05.10 15:44:13 | 000,126,504 | ---- | C] () -- C:\Users\just4fun\Desktop\Lebenslauf-xxxxxxxxxx.pdf [2013.05.10 10:56:44 | 000,001,081 | ---- | C] () -- C:\Users\just4fun\Desktop\TIPP10 Professional.lnk [2013.05.10 10:34:38 | 000,001,484 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013.05.09 17:22:38 | 000,001,000 | ---- | C] () -- C:\Users\just4fun\Desktop\MakeMKV.lnk [2013.05.09 17:10:53 | 000,000,919 | ---- | C] () -- C:\Users\just4fun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk [2013.05.09 11:36:25 | 000,983,869 | ---- | C] () -- C:\Users\just4fun\Desktop\Zeugnisse-xxxxxxxxxx.pdf [2013.04.13 10:30:58 | 000,625,152 | ---- | C] () -- C:\Windows\SysWow64\mp3tsshx.dll [2013.03.15 20:36:05 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.15 20:35:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.24 08:24:02 | 000,415,556 | ---- | C] () -- C:\ProgramData\1359008488.bdinstall.bin [2013.01.10 10:31:23 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.08 08:55:40 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2013.01.08 08:55:40 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2013.01.08 08:55:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.07 22:22:40 | 000,000,197 | ---- | C] () -- C:\Users\just4fun\AppData\Roaming\burnaware.ini [2013.01.07 18:08:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.01.07 17:34:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.01.07 17:34:07 | 000,030,068 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.09.28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.09.21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.09.21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.09.21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.18 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Auslogics [2013.05.22 00:15:12 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Azureus [2013.05.13 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\BitComet [2013.01.24 08:23:02 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Bitdefender [2013.01.29 14:52:05 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\BlamGames [2013.05.14 08:32:05 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\DAEMON Tools Lite [2013.04.15 18:06:33 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Downloaded Installations [2013.01.07 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\FileOpen [2013.05.06 07:39:47 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\FileZilla [2013.05.22 11:33:57 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\foobar2000 [2013.05.18 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Leadertech [2013.02.08 15:02:01 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\LucasArts [2013.05.19 15:27:23 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Mp3tag [2013.05.19 16:39:08 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\MusicBee [2013.05.19 15:39:58 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\MusicBrainz [2013.01.07 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Nitro [2013.05.21 09:55:35 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Nitro PDF [2013.02.26 09:30:39 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Nokia [2013.02.26 09:30:39 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Nokia Suite [2013.05.22 00:15:12 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Notepad++ [2013.01.09 18:47:14 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Origin [2013.01.29 14:52:44 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Orneon [2013.02.26 09:04:12 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\PC Suite [2013.04.05 14:54:17 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\PlayFirst [2013.01.24 08:21:50 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\QuickScan [2013.03.05 17:06:35 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\RuneStonesQuest [2013.01.09 21:06:37 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\SharePod [2013.02.27 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Steinberg [2013.01.10 10:19:42 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\Subversion [2013.02.25 20:39:01 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\TeamViewer [2013.04.24 17:49:15 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\TERA [2013.05.10 11:12:52 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\TIPP10 Professional [2013.03.05 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\TS3Client [2013.05.18 12:28:43 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\TuneUp Software [2013.02.27 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\just4fun\AppData\Roaming\VST3 Presets ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D9E6828A @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:C69EAC3C < End of report > Extras inhalt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 12:19:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\just4fun\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 69,39% Memory free 15,98 Gb Paging File | 12,90 Gb Available in Paging File | 80,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 77,78 Gb Total Space | 34,66 Gb Free Space | 44,56% Space Free | Partition Type: NTFS Drive D: | 154,76 Gb Total Space | 29,59 Gb Free Space | 19,12% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 35,66 Gb Free Space | 15,31% Space Free | Partition Type: NTFS Computer Name: JUST4FUN-PC | User Name: just4fun | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D91B8BA-0FDD-467A-98A9-FFB6F397826B}" = lport=137 | protocol=17 | dir=in | app=system | "{26349CDD-5988-40F6-BAB8-B0572E7F9DEC}" = rport=445 | protocol=6 | dir=out | app=system | "{27AF7922-C400-4A11-AD3B-45D679C2E91C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2B1C2B66-2D7D-4E59-8454-000E538EE947}" = rport=139 | protocol=6 | dir=out | app=system | "{370C8730-7A3C-469A-9AD8-2FD3FA9B41F3}" = lport=138 | protocol=17 | dir=in | app=system | "{41575067-8540-46BD-BCCD-9DAE9354F5BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{470D05DE-1EF9-4982-AEDB-E585CA746EA6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4BA07590-3FF3-494A-89CE-AED216CED8FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4EDEF951-9958-4FA2-A647-0EBBC09CEE4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{58211A86-6E66-4F95-9D3A-0781C594AAB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6107E552-20C2-4BD8-B8C8-954E5156B45B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{677E0BBE-8296-434B-AAFE-A143ADB9A3B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6B82FAB2-7E01-47F9-80B7-5B9E13F9895F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{76CE9AF6-8915-417A-86F3-1E8D2E2049DD}" = rport=137 | protocol=17 | dir=out | app=system | "{797B3592-B531-4274-B7A4-5F2DD3562B9E}" = lport=10243 | protocol=6 | dir=in | app=system | "{800C91FF-0D6B-42C0-96DB-92B501A3303B}" = lport=139 | protocol=6 | dir=in | app=system | "{99CDF2AD-9F9C-446A-A709-79BC5174A056}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{A3CD9710-6D11-4EF0-918A-C0CE455840E6}" = rport=10243 | protocol=6 | dir=out | app=system | "{B28A209E-B053-4461-AE67-CFD7F5311EBB}" = lport=445 | protocol=6 | dir=in | app=system | "{BAD0C80C-E9F8-430E-BC5D-21D0877BA563}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BAD22A7C-D417-4D01-8077-5596337AA9BC}" = rport=138 | protocol=17 | dir=out | app=system | "{D9E0457D-DA30-4546-9788-B37D58D0DE5F}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0284067A-261F-4D45-8638-7057F35AA248}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe | "{0C634AE5-D2BE-42C3-8D56-9745B673A0AB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{17A2866A-0B0E-4E59-A773-4DCA8E445A1E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{17F64C50-0F7A-4C4F-AF34-1C19EFC35EEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1D6057F6-F9C6-4641-9159-4696D245464D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{203AC271-759E-4464-A669-F9278AC88A3D}" = protocol=17 | dir=in | app=d:\ut2004\system\ut2004.exe | "{2111DF7D-2590-4234-9AD7-8127E68D393D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{21FD957F-6281-4FCE-A1FD-4A29C971A964}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{25A98718-436E-476E-B06A-DF22BCA97F7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{25ACA1A7-F623-404C-8C3A-DF87F8CD5D4F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{2744B70E-88E1-439A-AE83-A25C16489503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2A061577-6059-493C-ABCD-7274E9F6A444}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{311C6593-00A5-46AC-9CF5-70FDEF94102C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{32358B92-5078-40C2-B479-DE9CF5A1C3E4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{325F0E67-5E37-4B49-ACCD-5D4582CD6498}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{43B8E939-D2DD-48AB-BB64-B15AC1A484FC}" = protocol=6 | dir=in | app=c:\users\just4fun\appdata\local\temp\gw2.exe | "{44304F92-2C10-49F4-BF02-0912B6D19A6E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{46B99DCC-833E-432F-BEA3-4DA8C49EF2D4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{49FD1E5F-C23D-423B-829A-9C403A9A31F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4EF0E04F-BA52-4E19-BA43-142304D21390}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{50010214-4EBD-4EA6-9DE1-2365DEA905FF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{569AD283-6F28-4CD3-97A0-859162C59E0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5B8D2482-6AEB-4E9F-8178-76734450E47D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5BF19FB7-1E1F-4BD9-A764-15A135139A4B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{5C2F9562-6813-42E7-84DF-5C3A8411C761}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | "{61AE735B-33FB-4691-9F1D-1067A1879BAA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{61F9F66F-F06B-4141-9DBC-9B8CB4127913}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{62B1333E-D80B-4C0D-A01A-5A26ADFCF104}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{630CBC72-D58D-4CB3-BBE5-4E0CF1A6691E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | "{6586728A-6E0F-4E33-B801-CB13C89258F5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{67DEF174-BAD8-408E-9573-7220E0DAC552}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{67EB9B97-F8AF-493C-8FF1-5AE642F9B74C}" = protocol=6 | dir=in | app=d:\ut2004\system\ut2004.exe | "{67FA475B-A953-43C3-B685-92CDC0644204}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{69D8EB9B-CCCD-476B-B1C8-7B26B3F61EC0}" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "{6F33DAAB-C924-4187-8BC1-02C52B384AF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7B10A02C-D96C-4172-82EA-26FB33D37A24}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{7D457F50-7B7A-47E9-B04C-7A3972B6106A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | "{8251B242-AF4A-4570-AF3A-A740F1663C42}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{83D4FC83-D001-4CE1-98DC-DF915ADC8CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{86B86F32-57B4-4884-844F-82B54AFD5F91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DFAAF7B-EECF-4B6A-9630-5323A0002BAD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | "{9198504B-D347-4E85-8F08-D0EB4DF10A3C}" = dir=out | app=%programfiles% (x86)\smart projects\isobuster\isobuster.exe | "{96F8EED0-E86A-4718-8B4E-AE5796CEA1ED}" = protocol=6 | dir=in | app=d:\origin\games\battlefield 3\bf3.exe | "{9EC9040F-AE02-4609-9A8C-A0F1709DC5CB}" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "{A097764C-BD8C-4DB2-B9F7-B815C47D1D96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{A36DFB6B-8C2F-4E5E-85DE-5F9570EDCDC8}" = dir=in | app=%programfiles% (x86)\smart projects\isobuster\isobuster.exe | "{A634258C-7234-4402-AF60-B6737D738ECA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{B23E5B10-CE2A-4270-AA99-595A4C8C3952}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B4A01B67-CDCA-4D2B-8B62-B5A265DC935D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B677B316-E5DE-4381-A787-B4D8F434C7FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B83DD991-C97A-4A11-92F6-F8905BA79ECF}" = protocol=17 | dir=in | app=d:\origin\games\battlefield 3\bf3.exe | "{D0424FF5-6584-4FA7-B15E-048829AF29A2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{D1B61837-7F14-4FEE-96D1-A793CF404026}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D7D459ED-F708-41EC-BFAF-39611A3A7D62}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{D8613017-0D76-4347-8F6E-E5672B116395}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DDDBD7EB-4AD2-4FBE-8719-EC9A55A209F9}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{E451881F-3B40-4C17-AEF0-6881515E9AE1}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{E4C0CC1B-1915-4D58-8B88-3C08C4017474}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E80B8F4D-C5D9-4EBA-8E81-853DCAC4A47A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{EA217EF7-54A6-412E-96FC-C604C453A930}" = protocol=6 | dir=out | app=system | "{EBE40A9B-F23D-4BBE-B816-A4FFD2F19446}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead\left4dead.exe | "{EE871448-D54E-4851-8532-C48031C6D3DA}" = protocol=17 | dir=in | app=c:\users\just4fun\appdata\local\temp\gw2.exe | "{F598F69B-B31F-42D5-9F38-3C705FFEDE06}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F6BBF23F-B0E2-490D-9349-7482C3FF2904}" = dir=in | name=youtubecdn | "{FC9B87BF-0906-4BE1-ACF4-F25CFF89ED73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{092FC91C-B1AB-4226-9BDD-49ACF243D3C2}F:\jd-files\office 2013 home kmsmicro.v3.10\office 2013 home kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe" = protocol=6 | dir=in | app=f:\jd-files\office 2013 home kmsmicro.v3.10\office 2013 home kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe | "TCP Query User{0A45E774-C23D-4CCC-A83F-F0AE526AA184}F:\jdownloader\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=f:\jdownloader\jdownloader 2\jdownloader 2.exe | "TCP Query User{0AF2D173-5805-49B2-A676-6F9BECF83DC7}F:\jd-files\mopp13vlmadact\microsoft.office.professional.plus.2013.vl.activation.only.german-madmax\qemu\qemu.exe" = protocol=6 | dir=in | app=f:\jd-files\mopp13vlmadact\microsoft.office.professional.plus.2013.vl.activation.only.german-madmax\qemu\qemu.exe | "TCP Query User{1523D651-BDB9-4A3B-B313-078D787BD688}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "TCP Query User{19170E86-FFD0-468E-817D-429237FF3E5D}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe | "TCP Query User{33D1E385-8236-487A-80B5-567D1F881D36}C:\users\just4fun\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\just4fun\appdata\local\akamai\netsession_win.exe | "TCP Query User{51B05761-41CE-4156-A345-A50BF3100600}H:\jdownloader\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=h:\jdownloader\jdownloader 2\jdownloader 2.exe | "TCP Query User{66C03E6E-1BB3-40A2-B279-52327E9DCE8F}D:\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=d:\neverwinter_nw.1.20130416a.6.exe | "TCP Query User{9CBEC380-EE72-4A80-A2FB-B025B2D5F6B0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{A20D88E9-C7EB-4CF9-9757-79CF9B70ABC1}C:\users\just4fun\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\just4fun\appdata\local\temp\gw2.exe | "TCP Query User{A25D5373-3B13-4F98-99B2-7E9C6B516E65}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "TCP Query User{A36540D7-67D7-4053-9C6B-9FBB49A5FBDC}D:\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\tera\tera-launcher.exe | "TCP Query User{B01F650B-E91B-4356-99B3-10B2C4AC7594}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{B73F0CF5-87ED-4D88-BD74-120BBE6235E3}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "TCP Query User{BE454B55-3B98-4A82-B9CD-CD4FC1C34ECD}D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=d:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe | "TCP Query User{DD36D058-AEA1-4536-B289-442A013ECCD4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{0599355D-5878-4934-8D7D-4B1FB59B9AD7}C:\users\just4fun\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\just4fun\appdata\local\akamai\netsession_win.exe | "UDP Query User{1AC34843-9AB6-41EB-BDFB-43440D41987C}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe | "UDP Query User{1B909270-6FD5-4EFA-9A96-B518990FA3CF}C:\programdata\battle.net\agent\agent.1637\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "UDP Query User{2C619A51-5C78-4B9B-A6D6-21276082F41E}F:\jdownloader\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=f:\jdownloader\jdownloader 2\jdownloader 2.exe | "UDP Query User{5744A9C2-E717-442D-9246-8CDB1224BD51}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "UDP Query User{8458D534-4553-4198-8375-3E6A39F6B346}H:\jdownloader\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=h:\jdownloader\jdownloader 2\jdownloader 2.exe | "UDP Query User{A1C5CCD3-BF60-4D05-A457-43AAD125F044}D:\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\tera\tera-launcher.exe | "UDP Query User{A79AF17B-7274-4E6C-8ABF-F568A557F23A}F:\jd-files\mopp13vlmadact\microsoft.office.professional.plus.2013.vl.activation.only.german-madmax\qemu\qemu.exe" = protocol=17 | dir=in | app=f:\jd-files\mopp13vlmadact\microsoft.office.professional.plus.2013.vl.activation.only.german-madmax\qemu\qemu.exe | "UDP Query User{C7345312-FD48-46C1-8E6B-7BF3B0251B99}C:\users\just4fun\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\just4fun\appdata\local\temp\gw2.exe | "UDP Query User{D46D992E-C113-4DC9-9DB2-94B4F4C96D21}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{D976CA05-B90D-4095-9BFA-78652C3E8B8D}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe | "UDP Query User{DCF91F04-F69C-49FA-A8E4-6ADCE94EA458}F:\jd-files\office 2013 home kmsmicro.v3.10\office 2013 home kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe" = protocol=17 | dir=in | app=f:\jd-files\office 2013 home kmsmicro.v3.10\office 2013 home kmsmicro.v3.10\kmsmicro v3.10\qemu\qemu.exe | "UDP Query User{E14B3677-60B3-4199-B2D0-CE3385F9D490}D:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=d:\neverwinter\cryptic studios\neverwinter\live\gameclient.exe | "UDP Query User{F337C7FA-16A9-435D-BE63-AE20E2D7A789}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{F5C78F2E-7EFD-4B54-A9FE-3AFF899C4686}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{F98EB8E1-39D0-4091-A299-B806B50DD25A}D:\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=d:\neverwinter_nw.1.20130416a.6.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft-Maus- und Tastatur-Center "{47220B83-D895-4262-9227-E5D8FA7F7384}" = Nitro Reader 3 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013 "{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013 "{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013 "{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013 "{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013 "{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013 "{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français "{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano "{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013 "{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013 "{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013 "{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013 "{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013 "{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013 "{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013 "{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013 "{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013 "{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "8461-7759-5462-8226" = Vuze "Bitdefender" = Bitdefender Antivirus Plus 2013 "CCleaner" = CCleaner "MediaInfo" = MediaInfo 0.7.62 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "Sandboxie" = Sandboxie 3.76 (64-bit) "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{32CD1164-7F51-4AA6-B268-25049C70FE0E}_is1" = Metro Last Light Update 1.0.0.2 "{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian "{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy "{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean "{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution "{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese "{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese "{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter "{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish "{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version 25.0.1400.0 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software "{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish "{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German "{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English "{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech "{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common "{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASIO4ALL" = ASIO4ALL "AudioRealism Bass Line 2_is1" = ABL 2.5.2 "Battlelog Web Plugins" = Battlelog Web Plugins "BurnAware Free_is1" = BurnAware Free 5.5 "dreamboxEDIT" = dreamboxEDIT -- The one and only settings editor for your Dreambox "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "ESN Sonar-0.70.4" = ESN Sonar "FL Studio 10" = FL Studio 10 "foobar2000" = foobar2000 v1.2.6 "Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.0 "Guild Wars 2" = Guild Wars 2 "IL Download Manager" = IL Download Manager "IsoBuster_is1" = IsoBuster 3.1 "MakeMKV" = MakeMKV v1.8.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "mIRC" = mIRC "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.55a "MusicBee" = MusicBee 2.0 "Nokia Suite" = Nokia Suite "Notepad++" = Notepad++ "Origin" = Origin "PSP VintageWarmer2 2.5.2 64bit" = PSP VintageWarmer2 2.5.2 64bit "PunkBusterSvc" = PunkBuster Services "Steam App 440" = Team Fortress 2 "Steam App 500" = Left 4 Dead "Steam App 570" = Dota 2 "Steam App 730" = Counter-Strike: Global Offensive "TIPP10 Professional_is1" = TIPP10 Professional Version 2.1.0 "TWV0cm9MYXN0TGlnaHQ=_is1" = Metro: Last Light (c) Deep Silver version 1 "UT2004" = Unreal Tournament 2004 "VLC media player" = VLC media player 2.0.6 "World of Warcraft" = World of Warcraft "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.05.2013 08:20:08 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 19.05.2013 12:24:01 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 20.05.2013 02:33:11 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 20.05.2013 03:47:36 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 20.05.2013 07:00:20 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 20.05.2013 11:39:33 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 03:33:24 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 21.05.2013 09:10:02 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 22.05.2013 02:38:21 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = Error - 22.05.2013 04:56:55 | Computer Name = just4fun-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 21.05.2013 18:14:59 | Computer Name = just4fun-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "HD-PSU2" den Befehl "chkdsk" aus. Error - 21.05.2013 18:14:59 | Computer Name = just4fun-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "HD-PSU2" den Befehl "chkdsk" aus. Error - 21.05.2013 18:14:59 | Computer Name = just4fun-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "HD-PSU2" den Befehl "chkdsk" aus. Error - 22.05.2013 02:39:17 | Computer Name = just4fun-PC | Source = WMPNetworkSvc | ID = 866287 Description = Error - 22.05.2013 02:46:51 | Computer Name = just4fun-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error - 22.05.2013 02:46:51 | Computer Name = just4fun-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.05.2013 04:58:57 | Computer Name = just4fun-PC | Source = WMPNetworkSvc | ID = 866287 Description = Error - 22.05.2013 05:45:09 | Computer Name = just4fun-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "HD-PSU2" den Befehl "chkdsk" aus. Error - 22.05.2013 05:45:09 | Computer Name = just4fun-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "HD-PSU2" den Befehl "chkdsk" aus. Error - 22.05.2013 05:51:31 | Computer Name = just4fun-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "HD-PSU2" den Befehl "chkdsk" aus. < End of report > GMER inhalt: kommt gleich |
22.05.2013, 12:22 | #2 | |
/// TB-Ausbilder | Virus/ Malware oder Trojaner? erstellt datein auf externer HDDZitat:
Supportstopp Lesestoff: Damit ist das Thema beendet. Cracks und Keygens Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert. Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
__________________ |
22.05.2013, 12:42 | #3 |
| Virus/ Malware oder Trojaner? erstellt datein auf externer HDD Ich besitze diese Software nicht und ich habe auch nichts per Hand eingetragen.
__________________Ich weiß also nicht, wie dieser Inhalt dort hinein kommt. Es wäre super, wenn mir trotzdem geholfen wird. Im Anhang ist die GMER log. Mfg |
Themen zu Virus/ Malware oder Trojaner? erstellt datein auf externer HDD |
akamai, battle.net, bho, browser, converter, driver genius, error, firefox, flash player, helper, homepage, iexplore.exe, install.exe, keygen, launch, logfile, mac os, mac os x, malware, mausklick, mozilla, mp3, object, office 2013, plug-in, realtek, registry, scan, security, software, svchost.exe, teamspeak, trojaner, windows |