Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: blizzard battlenet account gehackt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.11.2012, 15:25   #1
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Hi,

ich nutze seit einigen Jahren das Blizzard-battlenet zwecks spielen von Onlinespielen. Zu meinen aktiven Zeiten in World of Warcraft hatte ich nie Probleme mit Hacks. Nach ungefähr einem Jahr Inaktivität und Einstieg in Diablo 3 habe ich mir meinen alten WoW-Account nochmal angeschaut und musste feststellen, dass dieser aufgrund "auffälliger Aktivitäten" von Blizzard gesperrt wurde. Auch schienen ingame einige Charaktere geplündert worden zu sein.
So weit, so gut.
Da ich mich nicht mehr für den WoW-Account interessiere, kümmerte ich mich nicht weiter um die ingame-Verluste. Jedoch wollte ich ja Diablo 3 spielen. Also entsperrte ich den battlenet-Account. Eine weitere umfangreichere Anti-Virus-Prüfung hielt ich nicht für notwendig, da ich in der Zwischenzeit (zwischen WoW und Diablo 3) meinen Computer komplett neu aufgesetzt habe (komplett neue Komponenten).
Anfangs hatte ich auch keine Probleme. Erst nach einiger Zeit erhielt ich wieder Nachricht von Blizzard, dass mein Account aufgrund "auffälliger Aktivitäten" gesperrt wurde. Ich führte in naiver laienhafter Weise eine Virussuche mit windowseigenen Tools durch, die keine Treffer ergab und entsperrte den Account.
Einige Zeit später spitzte sich die Situation so zu, dass der Account direkt nach dem Entsperren (neues Passwort) und kurzzeitiger Benutzung erneut gesperrt wurde. Daher bin ich nun am grübeln, ob sich auf meinem System ein Trojaner oder sonstiges eingeschlichen hat.
Grob fahrlässiges Verhalten a la "ich lade mir den Goldcheat xyz herunter" kann ich eigentlich ausschließen, da ich nie solche Dinge benutzt habe. Auch diverse Links in E-Mails habe ich nie angeklickt, geschweige denn meine Daten preisgegeben.
Nun habe ich die hier beschriebenen "Einstigsschritte" durchgeführt und hoffe nun hier im Forum Hilfe zu finden.

defogger_disable-Log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:23 on 18/11/2012 (root)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
OTL.txt:
Code:
ATTFilter
OTL logfile created on: 18.11.2012 15:27:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,41 Gb Available Physical Memory | 86,75% Memory free
23,99 Gb Paging File | 22,21 Gb Available in Paging File | 92,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,30 Gb Total Space | 18,62 Gb Free Space | 22,90% Space Free | Partition Type: NTFS
Drive D: | 850,11 Gb Total Space | 449,78 Gb Free Space | 52,91% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.10 12:46:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 08:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.03.25 10:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
PRC - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.11 18:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.06.11 12:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.03 22:25:57 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
SRV - [2012.10.11 02:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.05.15 20:25:00 | 004,264,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.06.11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.11 17:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.08 07:42:38 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011.08.07 17:47:31 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.05.20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB CD 7E CA A6 FF CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 22:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.14 14:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.10 21:21:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.14 14:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions
[2012.06.14 14:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions\staged
[2011.12.26 19:33:32 | 000,644,152 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.14 14:40:55 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.14 22:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.29 14:03:47 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.10 12:42:13 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead VideoStudio\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-OLS36.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.10 12:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.11.10 12:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.11.10 12:17:52 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2012.11.03 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.03 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\pdfforge
[2012.11.03 21:41:31 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.11.03 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.11.03 21:40:12 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Programs
[2012.10.25 11:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.18 15:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.18 15:25:34 | 1072,291,838 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 15:23:36 | 000,000,188 | ---- | M] () -- C:\Users\root\defogger_reenable
[2012.11.18 15:14:15 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 15:14:15 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.18 15:11:34 | 001,528,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.18 15:11:34 | 000,664,764 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.18 15:11:34 | 000,624,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.18 15:11:34 | 000,134,932 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.18 15:11:34 | 000,110,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.10.25 09:57:36 | 001,544,704 | ---- | M] () -- C:\Windows\is-OLS36.exe
[2012.10.25 09:57:36 | 000,025,599 | ---- | M] () -- C:\Windows\is-OLS36.msg
[2012.10.25 09:57:36 | 000,000,339 | ---- | M] () -- C:\Windows\is-OLS36.lst
 
========== Files Created - No Company Name ==========
 
[2012.11.18 15:23:36 | 000,000,188 | ---- | C] () -- C:\Users\root\defogger_reenable
[2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.10.25 11:12:56 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.10.25 09:57:36 | 001,544,704 | ---- | C] () -- C:\Windows\is-OLS36.exe
[2012.10.25 09:57:36 | 000,025,599 | ---- | C] () -- C:\Windows\is-OLS36.msg
[2012.10.25 09:57:36 | 000,000,339 | ---- | C] () -- C:\Windows\is-OLS36.lst
[2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.28 11:18:33 | 000,000,043 | ---- | C] () -- C:\Users\root\gsview32.ini
[2012.03.05 12:11:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012.02.15 16:36:06 | 000,000,092 | ---- | C] () -- C:\Users\root\AppData\Local\fusioncache.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.25 09:54:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.05.25 09:54:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.05.08 09:57:45 | 000,000,017 | ---- | C] () -- C:\Users\root\AppData\Local\resmon.resmoncfg
[2011.05.07 10:42:02 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.05.07 10:42:02 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.04.30 11:10:18 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.30 11:10:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.04.30 11:10:15 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.04.30 11:10:15 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.04.30 11:10:14 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.28 11:55:12 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2011.04.20 22:48:55 | 001,556,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.20 14:26:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.20 14:05:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.20 14:05:47 | 000,033,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.04.28 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DAEMON Tools Lite
[2011.04.28 11:52:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Foxit Software
[2011.04.28 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\IrfanView
[2011.04.30 11:17:28 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\JabRef 2.6
[2011.06.25 12:39:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Juniper Networks
[2011.04.20 14:33:13 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Leadertech
[2011.07.25 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Miranda
[2012.03.28 10:56:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++
[2012.03.28 11:21:04 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OpenCandy
[2012.11.03 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\pdfforge
[2011.04.20 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Thunderbird
[2012.09.21 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 18.11.2012 15:27:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,41 Gb Available Physical Memory | 86,75% Memory free
23,99 Gb Paging File | 22,21 Gb Available in Paging File | 92,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,30 Gb Total Space | 18,62 Gb Free Space | 22,90% Space Free | Partition Type: NTFS
Drive D: | 850,11 Gb Total Space | 449,78 Gb Free Space | 52,91% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E877044-7992-403A-BF95-D6B03A3534EA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3C2F57A2-2E29-4596-A611-0E6023C11DCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4BAB2597-3274-4B54-9705-760E686D5D34}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{57C37880-46DA-4F85-9628-3AF14EEEA693}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{6574C3C7-D289-42CF-927E-31675FAFB3A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72298805-74AD-4148-8ABA-C9449264C248}" = lport=58039 | protocol=6 | dir=in | name=pando media booster | 
"{73CAD03B-4B0B-4C57-A36D-D0C681C427BE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7A837898-A84F-41A5-B450-BA1B97D4E538}" = lport=58039 | protocol=17 | dir=in | name=pando media booster | 
"{7E825488-D3E3-44FC-AA8D-5EF47EFE5253}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{8CB1298B-E3C0-4627-B158-DAB588EA6F29}" = lport=58039 | protocol=6 | dir=in | name=pando media booster | 
"{A641069D-D109-4584-A2E2-8530039BAFA6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AFE54035-6B03-4B16-8CB0-91B6044A52E7}" = lport=58039 | protocol=17 | dir=in | name=pando media booster | 
"{B2E9DE31-F020-4A01-8392-C421B2DACAEB}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDE2C3-1A66-4780-9035-032FDAD7B62D}" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"{05583B9F-E24D-4E80-BB5E-00031A33552D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{06814D62-1289-4293-8B20-20F3DA4752EF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{0B3A4A78-C405-485F-80FC-F1F67012E2D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{1B4A92B1-2CC3-4F55-9452-133A360DD046}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{1B592E70-1CC7-48D1-8974-4BBA2747CECD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{1F66CD89-9F2E-485F-9233-5BDB5F0E03DC}" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"{22DED2DB-13A0-419B-9679-1910B793C4C7}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{29C1DEC0-10C1-4D69-A3B8-8EF34C845F3F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{29C46647-BF3C-4E41-AE5E-B7C118274227}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2C061886-5CF6-4B2A-A389-FE20A431470B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2E7DF13C-9232-4D10-BB46-BD7C04247081}" = protocol=6 | dir=in | app=d:\eden eternal\edeneternal-de\_launcher.exe | 
"{2F91D8E8-24BE-401F-970C-CE1F5475707D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{33EF4AD3-277B-4909-8F0D-D6854575F3F9}" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"{3B3CB717-E33F-471F-8BB7-FA253B81048F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{3C705C7B-614E-4F4C-B867-D6DF210B841F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4BF2C249-51AE-4435-A842-F47CD6EB4E41}" = protocol=17 | dir=in | app=d:\diablo iii public test\diablo iii.exe | 
"{4E53186E-2861-4208-91AB-43B1152B8796}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{5407DE87-8B06-4FBE-92FC-342B21122961}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{59A9A084-1730-4D7E-9A46-761058D0367C}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{5C08D93C-0DDD-4F13-A4BC-4672A1279779}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{5E78613C-958F-4EBC-B124-482909DA66C1}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"{61F8F740-1AAD-4952-AE2E-EB1EBE22FF14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{66066B4B-7FB8-4DB0-8133-B32CAA180EEF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{75D800AE-E730-4B9B-A65B-5838EA2E1DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{7643A9CE-D53E-48F3-A4EE-AB8ABF8AAC8C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{7A8DA0B7-3519-4915-ABD2-76EFAA52B975}" = protocol=17 | dir=in | app=d:\diablo iii beta\diablo iii.exe | 
"{844144BA-3BF8-4F00-AA8A-8E96B319B553}" = protocol=6 | dir=in | app=d:\diablo iii public test\diablo iii.exe | 
"{858C9B9D-6279-4890-972F-03377E13F913}" = protocol=6 | dir=in | app=d:\diablo iii beta\diablo iii.exe | 
"{86973787-081E-474E-8A0B-18269A552791}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{88DE77C3-E526-4A4E-9447-5044089B65E6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9CCEAED7-D05A-4AA4-A2A0-E28D0DBEF107}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{A47A2994-7735-45C6-83CF-C63665519AF5}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{A84B7190-0DD1-453A-ABB4-B4B683F129AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{B19FA59D-98B9-4899-8DDD-C1A7054A3CE7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{B26DC1FB-A66D-4092-935F-70FC1A9FE9B7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{B57100AD-35C1-42CA-B883-703953382F77}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{BAD56F50-FE41-4F5B-9A20-F85E9EBEECF1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BB1717D2-F07D-4A48-B376-5E3E9DB469C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C0C7F2F5-E64D-4248-8355-6EB1058AB872}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{C74CF0AF-6830-4CDF-A088-EEC48D2C3689}" = dir=in | app=d:\allods online\bin\launcher.exe | 
"{C8EB2AFF-320F-488A-9238-1D335FD2E32E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{CA4B9648-BF9F-47DD-B1D2-C73C2C5ADBBF}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{CADE512C-D7CD-4D57-878D-F808CAD399B6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CCB8D149-BBCD-411E-B04F-091D65ACFA22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{CD3BED13-6D5E-455E-B7F3-A0B68E1B0718}" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"{CE3BBA0D-BF21-4CE6-8878-DFEB3F2E2079}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe | 
"{DDDF4017-35D9-46F3-86AE-64443C605063}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe | 
"{DFF6FA7D-3FBE-4E6B-B033-5278B9ADE526}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E0B79BDE-B5D1-430B-879B-C4BE3B2D0B20}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{E43668C2-B0C3-4C37-BEBC-1BD7BA4A87BA}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{E8A973C1-067A-4E64-8258-89A7D670A905}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{EDA70D13-FFE5-40D0-971A-695A830C8E90}" = protocol=17 | dir=in | app=d:\eden eternal\edeneternal-de\_launcher.exe | 
"{EE93238B-2527-429E-BEE8-E1B244EDC502}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{EFA168D5-CA98-4E41-B6CE-FBB099CD016E}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{F0A8CDDC-4A0C-463E-97DC-277C6FED5ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{F96BD1B7-A51C-4DD3-9BBE-198206EB5501}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{01B5EB72-037E-434A-8066-8BC5185D95BE}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{0D679EFD-0E0D-477A-A6D5-86B7CDE54669}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{1353E734-3FDE-4D29-A1A4-FC22C199DB4A}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{1DC57C60-432E-45E6-9082-2F57ECE24DCC}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{2C509511-BCD0-4C82-BBEE-563EF8B716E8}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{2D8A5E07-4EC2-4E00-B9EC-9D823415EDC3}D:\torchlight 2 demo\tl2.runic.launcher.exe" = protocol=6 | dir=in | app=d:\torchlight 2 demo\tl2.runic.launcher.exe | 
"TCP Query User{3BD664F6-DDC6-4B4D-8B6B-085C44C77E4F}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"TCP Query User{3E147889-3FE8-4CFE-8706-03E7EF7B6141}C:\program files (x86)\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vlc\vlc.exe | 
"TCP Query User{40F4F1B3-D52E-49AE-A677-F870B4432501}D:\diablo\diablo.exe" = protocol=6 | dir=in | app=d:\diablo\diablo.exe | 
"TCP Query User{444D75BE-7B93-40EF-83CE-EDE508420DE0}D:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=6 | dir=in | app=d:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe | 
"TCP Query User{48110041-3175-4E32-AA4D-5C7625E5CF8B}D:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{600B7639-8581-4DDB-94C3-71FAC260FB57}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{62AF301D-B59F-41E2-9C6B-79528CEF38F3}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{6A4BE218-0982-4873-8EBF-DD8C9110D81B}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{703E11BA-7973-44C5-B82C-5F5AA3A55982}D:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
"TCP Query User{73B76F70-13F8-4ADD-95E2-3BFB2D28353D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{73D66CFE-9C05-4A14-B572-BCCAFB166B3E}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{7B8274E1-3478-4602-A144-4F9737FCB5AC}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{7BB1DE36-213C-4952-9942-CB6FBDF22302}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe | 
"TCP Query User{7EB850B6-7260-4A1A-A700-F20CEAA50BC8}D:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{824B9C00-DDF0-4049-A388-D56B1A865F58}D:\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe | 
"TCP Query User{CA05D592-7636-47EF-8796-683E84ABC5F3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{D13DEF32-AB90-4D6D-823A-B9037B59C5F2}I:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=6 | dir=in | app=i:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe | 
"TCP Query User{DC48276F-A54D-4CF3-8F6B-11CDC8693585}D:\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\der herr der ringe online\lotroclient.exe | 
"TCP Query User{E91A0BFC-F37E-42A7-8071-C8DFD9780415}D:\cabal online\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=d:\cabal online\launcher\update\estdnheadless.exe | 
"UDP Query User{05AC80C3-84C4-4B45-86DD-5EDA9117A067}D:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{0BA74A16-E8C6-479B-961B-71542A83EB0D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{14742267-AA63-4892-A996-D9119E60E07B}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"UDP Query User{176EF3BD-B365-4882-8E4A-87E7185BED4B}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe | 
"UDP Query User{21668ABD-F821-452B-BAAA-C5DE44425539}D:\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{6664AFD3-FE79-4045-8DF7-7A8624466CAA}D:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{6916AB8A-1A8F-44FB-8DF1-6B56B7392EAF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{7B0B98FA-E7AE-414F-8213-F761A9A0AE59}I:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe" = protocol=17 | dir=in | app=i:\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe | 
"UDP Query User{7B949F13-18C1-471D-A2BA-B386E32F51D4}D:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{91929C77-878A-4013-8EF8-820EDDCA0735}D:\torchlight 2 demo\tl2.runic.launcher.exe" = protocol=17 | dir=in | app=d:\torchlight 2 demo\tl2.runic.launcher.exe | 
"UDP Query User{985F78A1-2723-4E3D-881A-066D3E947260}D:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{A9282282-A71C-4141-A046-8082DC5B658C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{A92FFA84-74F1-4006-9301-779B1F0C0769}D:\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\der herr der ringe online\lotroclient.exe | 
"UDP Query User{C6995166-67AC-44B2-B870-0BDB786CB2BC}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{CBF2E282-CEF3-45AC-9908-088A6FF45AC8}D:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{CDD7A806-9D4D-41F7-ABF9-345264795DA7}D:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{D0D0BFB5-860C-4213-BC5C-51A7B752A2DD}D:\diablo\diablo.exe" = protocol=17 | dir=in | app=d:\diablo\diablo.exe | 
"UDP Query User{DECA04B9-0810-4C49-987B-6A958EE47221}D:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{E1F989BE-91C2-49E4-AC76-A12B758D75AC}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{E911F3D3-A468-4A17-95B3-CD3F177F4B6B}D:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe" = protocol=17 | dir=in | app=d:\downloads\runes_of_magic_4_0_1_2430_eu_full.exe | 
"UDP Query User{EDBA01B7-CDB4-4B49-9736-823727BB3C32}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{F0817E9F-18F6-4590-A746-7A2752BF28DE}D:\cabal online\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=d:\cabal online\launcher\update\estdnheadless.exe | 
"UDP Query User{F2D8A889-4FFC-4408-A088-69411E31D2D8}C:\program files (x86)\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vlc\vlc.exe | 
"UDP Query User{F6E96C7F-D395-41C0-9AD3-9CA54C031874}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{F7B273CA-5AD5-4A5E-B534-4CB0109E2C9F}D:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C80684A-043A-AEF7-66F4-FAB54CD29FC0}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{44B4F244-5B4D-856E-B3A6-E8DDBDC7F127}" = AMD Fuel
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{867DE0DC-A93F-41EA-9654-A212514FA946}" = Oracle VM VirtualBox 4.2.4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"R for Windows 2.15.1_is1" = R for Windows 2.15.1
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.3
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = AMD VISION Engine Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AFD5A54E-E9A1-413D-8AA2-C9EDB6782400}" = LibreOffice 3.6
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Akamai" = Akamai NetSession Interface Service
"AP Tuner 3.08" = AP Tuner 3.08
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Battle.net" = Battle.net
"CABAL Online_is1" = CABAL Online
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EdenEternal-DE" = EdenEternal-DE
"Foxit Reader" = Foxit Reader
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.10.1
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 16.0 (x86 de)" = Mozilla Thunderbird 16.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Notepad++" = Notepad++
"Office14.STANDARD" = Microsoft Office Standard 2010
"PDF Blender" = PDF Blender
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"winscp3_is1" = WinSCP 4.3.4
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.10.2012 15:12:14 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 09.10.2012 04:19:06 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 11.10.2012 10:53:23 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm Diablo III.exe, Version 1.0.4.11327 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f20    Startzeit: 01cda7c0147ceeeb    Endzeit: 0    Anwendungspfad: D:\Diablo
 III\Diablo III.exe    Berichts-ID: 56e9d8f8-13b3-11e2-9ee3-000d882a7b9d  
 
Error - 14.10.2012 16:26:48 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 19.10.2012 06:17:09 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 25.10.2012 04:41:22 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 25.10.2012 05:51:00 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm cdbxpp.exe, Version 4.4.2.3442 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1274    Startzeit:
 01cdb28ec8651a28    Endzeit: 60000    Anwendungspfad: C:\Program Files\CDBurnerXP\cdbxpp.exe

Berichts-ID:
   
 
Error - 29.10.2012 07:52:14 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 31.10.2012 04:08:02 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm Diablo III.exe, Version 1.0.5.12811 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: cc4    Startzeit: 01cdb73ec2a19924    Endzeit: 15    Anwendungspfad: 
D:\Diablo III\Diablo III.exe    Berichts-ID: 0774a636-2332-11e2-8147-000d882a7b9d  
 
Error - 10.11.2012 06:48:24 | Computer Name = home | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.1\Tcl\bin64\tk85.dll"
 in Zeile 9.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
[ System Events ]
Error - 10.11.2012 06:12:13 | Computer Name = home | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.1296.0     Aktualisierungsquelle: 
%%851     Aktualisierungsphase: %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.8904.0&avdelta=1.139.1296.0&asdelta=1.139.1296.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 10.11.2012 07:19:31 | Computer Name = home | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10.11.2012 07:48:00 | Computer Name = home | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10.11.2012 07:53:16 | Computer Name = home | Source = ipnathlp | ID = 31004
Description = 
 
Error - 10.11.2012 07:53:47 | Computer Name = home | Source = ipnathlp | ID = 31004
Description = 
 
Error - 18.11.2012 10:07:07 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.11.2012 10:07:45 | Computer Name = home | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Akamai erreicht.
 
Error - 18.11.2012 10:25:45 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.11.2012 10:25:49 | Computer Name = home | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 18.11.2012 10:26:28 | Computer Name = home | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Akamai erreicht.
 
 
< End of report >
         
Ich hoffe, dass ich alle Regeln wenigstens ansatzweise richtig befolgt habe. Vielen Dank im Voraus.

LG
primorten

Alt 21.11.2012, 09:33   #2
schrauber
/// the machine
/// TB-Ausbilder
 

blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Hi,

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 24.11.2012, 15:57   #3
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Vielen Dank für die schnelle Antwort. Leider habe ich erst heute wieder die Möglichkeit, um mich weiter mit dem Problem zu befassen.

Den Scan konnte ich leider nicht vollständig durchführen, da das Programm während des Scannens (nach knapp 3 Minuten) abstürzt bzw. mit einer Windows 7-typischen Fehlermeldung beendet wird ("avast! Antirootkit funktioniert nicht mehr" - mit der Option online nach einer Lösung zu suchen oder das Programm zu beenden).
Das Problem tritt bei Wiederholung immer wieder auf. Im DOS-Fenster ist bei Abbruch folgendes zu sehen (mit vorangestellter Uhrzeit):

AVAST engine defs: 12112400
Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10004 Size: 953869MB BusType: 11
Disk 0 MBR read successfully
Disk 0 MBR scan
Disk 0 Windows 7 default MBR code
Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 83253 MB offset 206848
Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 870514 MB offset 170708992
Disk 0 scanning C:\Windows\system32\drivers
Service scanning
Service MSICDSetup E:\CDriver64.sys **LOCKED** 21 (Zeile ist farblich "gelb" unterlegt)
Modules scanning
Disk 0 trace - called modules:
ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
1 nt!IofcallDriver -> \Device\Harddisk0\DRo[0xfffffa800aafd790]
3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T... (Zeile außerhalb des Fensters)
AVAST engine scan C:\Windows
AVAST engine scan C:\Windows\system32
Scanning: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications... (Zeile außerhalb des Fensters)

Gruß,
primorten
__________________

Alt 24.11.2012, 16:29   #4
schrauber
/// the machine
/// TB-Ausbilder
 

blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.11.2012, 16:59   #5
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Hi und danke für die superschnelle Rückmeldung.
Der Inhalt der C:\Combofix.txt lautet wie folgt:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-24.01 - root 24.11.2012  17:43:09.1.6 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.12286.9761 [GMT 1:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-24 bis 2012-11-24  ))))))))))))))))))))))))))))))
.
.
2012-11-24 16:37 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4D16C22-D8AD-413F-8619-0CD5EA6C67E3}\mpengine.dll
2012-11-24 16:19 . 2012-11-24 16:19	--------	d-----w-	c:\users\Martin\AppData\Local\Google
2012-11-24 16:17 . 2012-11-24 16:19	--------	d-----w-	c:\users\root\AppData\Local\Google
2012-11-24 16:17 . 2012-11-24 16:18	--------	d-----w-	c:\program files (x86)\Google
2012-11-24 16:17 . 2012-10-30 22:51	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-11-24 16:17 . 2012-10-30 22:51	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-11-24 16:17 . 2012-10-15 16:59	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-11-24 16:17 . 2012-10-30 22:51	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-11-24 16:17 . 2012-10-30 22:51	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-11-24 16:17 . 2012-10-30 22:51	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-11-24 16:17 . 2012-10-30 22:50	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-11-24 16:16 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2012-11-24 16:16 . 2012-10-30 22:50	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-11-24 16:16 . 2012-11-24 16:16	--------	d-----w-	c:\programdata\AVAST Software
2012-11-24 16:16 . 2012-11-24 16:16	--------	d-----w-	c:\program files\AVAST Software
2012-11-18 17:58 . 2012-11-18 17:58	--------	d-----w-	c:\users\root\AppData\Local\Macromedia
2012-11-18 17:58 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-18 17:58 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-18 17:58 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-18 17:58 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-18 17:58 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-18 17:58 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-18 17:58 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-18 17:58 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-18 17:58 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-11-18 17:35 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-18 17:35 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 17:35 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 17:35 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-18 17:29 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-18 17:29 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-18 17:29 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-18 17:29 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-18 17:29 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-18 17:29 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-18 17:29 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-18 17:25 . 2012-09-25 22:47	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-18 17:25 . 2012-09-25 22:46	95744	----a-w-	c:\windows\system32\synceng.dll
2012-11-10 11:53 . 2012-10-26 18:01	237400	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-11-10 11:48 . 2012-10-26 17:59	119640	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-11-10 11:48 . 2012-11-10 11:48	--------	d-----w-	c:\program files\Oracle
2012-11-10 11:17 . 2012-11-10 11:17	--------	d-----w-	C:\$WINDOWS.~BT
2012-11-03 20:44 . 2012-11-03 20:44	--------	d-----w-	c:\users\Martin\AppData\Roaming\pdfforge
2012-11-03 20:41 . 2012-11-03 20:41	--------	d-----w-	c:\users\root\AppData\Roaming\pdfforge
2012-11-03 20:41 . 2012-10-12 06:34	100864	----a-w-	c:\windows\system32\pdfcmon.dll
2012-11-03 20:41 . 2012-05-05 10:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-11-03 20:41 . 2012-05-05 10:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-11-03 20:41 . 2012-05-05 10:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-11-03 20:41 . 1998-07-06 17:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2012-11-03 20:41 . 1998-07-06 17:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-11-03 20:41 . 1998-07-06 17:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-11-03 20:41 . 2012-11-03 20:41	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-11-03 20:40 . 2012-11-03 20:40	--------	d-----w-	c:\users\root\AppData\Local\Programs
2012-10-26 18:00 . 2012-10-26 18:00	131416	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2012-10-26 17:59 . 2012-10-26 17:59	203608	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2012-10-26 17:59 . 2012-10-26 17:59	146264	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 17:29 . 2011-04-20 21:10	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-18 14:16 . 2012-04-03 07:35	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-18 14:16 . 2011-05-24 10:36	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-19 08:46 . 2011-04-20 13:33	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-09-24 21:16 . 2012-10-19 09:26	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 08:35 . 2012-06-14 13:41	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-17 08:35 . 2011-04-28 11:09	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-19 09:29	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-19 09:29	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-19 09:29	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-19 09:29	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-19 09:29	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-19 09:29	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-16 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"UVS10 Preload"="c:\program files (x86)\Ulead VideoStudio\uvPL.exe" [2006-08-10 36864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 aswSnx;aswSnx; [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-07 270912]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
S3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*Deregistered* - aswMBR
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 16:17]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 16:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\jk36kmcf.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\02\12\0a\1c(?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-24  17:51:30
ComboFix-quarantined-files.txt  2012-11-24 16:51
.
Vor Suchlauf: 8 Verzeichnis(se), 18.967.732.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 27.147.247.616 Bytes frei
.
- - End Of File - - 37FAF898869DCB15971B2377AC7CA24E
         
--- --- ---


Gruß,
primorten


Alt 24.11.2012, 20:01   #6
schrauber
/// the machine
/// TB-Ausbilder
 

blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Guddi, hast Du die PW geändert für den Account? Noch Probleme?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Und ein frisches OTL log bitte.
__________________
--> blizzard battlenet account gehackt?

Alt 26.11.2012, 08:17   #7
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Hi,
leider habe ich aus arbeitstechnischen Gründen erst wieder am kommenden Wochenende die Möglichkeit mit der Problemlösung fortzufahren. Darum nicht wundern, wenn die nächsten Tage noch keine Antwort kommt. Bin aber auf jeden Fall noch dran.

Gruß,
primorten

Alt 26.11.2012, 09:20   #8
schrauber
/// the machine
/// TB-Ausbilder
 

blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.12.2012, 20:13   #9
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Hi,
ich habe den Account reaktiviert (neues pw) und auch das zugehörige E-Mail-Passwort erneuert. Und bis jetzt gibts keine Probleme.

Der (erste) ESET-scan brachte keine Funde. Dementsprechend gab es auch keine Exportfuntkion. Da mich dies im ersten Moment ein wenig verwirrte, führte ich noch einen zweiten Scan durch (diesmal mit zusätzlichen aktivierter Option "Scan for potentially unsafe applications" in den erweiterten Einstellungen. Dabei wurden jedoch 6 Einträge gefunden.

ESET.txt:
Code:
ATTFilter
C:\Program Files (x86)\Vuze\bunndle.zip	a variant of Win32/Bunndle application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll	a variant of Win32/Bunndle application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll	a variant of Win32/Bunndle application
D:\Downloads\cdbxp_setup_4.3.8.2523.exe	Win32/OpenCandy application
D:\Downloads\DTLite4413-0173.exe	Win32/OpenCandy application
D:\Downloads\winamp561_full_emusic-7plus_de-de.exe	Win32/OpenCandy application
         
OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.12.2012 20:59:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 9,58 Gb Available Physical Memory | 79,88% Memory free
23,99 Gb Paging File | 21,62 Gb Available in Paging File | 90,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 81,30 Gb Total Space | 24,94 Gb Free Space | 30,68% Space Free | Partition Type: NTFS
Drive D: | 850,11 Gb Total Space | 447,74 Gb Free Space | 52,67% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.10 12:46:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010.11.20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 08:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.03.25 10:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
PRC - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.11 18:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.06.11 12:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.11.18 16:23:26 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.11 02:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.08 08:15:22 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.05.15 20:25:00 | 004,264,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.28 14:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.09.29 02:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.26 19:00:50 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.11 17:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.08 07:42:38 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011.08.07 17:47:31 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.05.20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB CD 7E CA A6 FF CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B2B27DF-598A-499C-8F64-D889A40D9276}&mid=c61f6d3aafa247d098b7d144cece926e-344f3d187ab200581adb071c46f35236f0562427&lang=de&ds=od011&pr=sa&d=2012-03-29 15:03:51&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.24 17:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 22:29:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.14 14:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.10 21:21:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions
[2011.04.20 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.01 16:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions
[2012.12.01 16:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\root\AppData\Roaming\mozilla\Firefox\Profiles\jk36kmcf.default\extensions\staged
[2012.11.18 18:58:15 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.01 16:31:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\root\AppData\Roaming\mozilla\firefox\profiles\jk36kmcf.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.14 22:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.01 16:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2012.12.01 16:48:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.11.24 17:17:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.10.11 02:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.17 20:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.29 14:03:47 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2012.11.24 17:47:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead VideoStudio\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ssl.cms.hu-berlin.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.01 16:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 17:51:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.24 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\temp
[2012.11.24 17:41:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.24 17:41:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.24 17:41:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.24 17:41:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.24 17:41:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.24 17:40:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.24 17:21:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.24 17:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.24 17:17:22 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Google
[2012.11.24 17:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.11.24 17:17:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.11.24 17:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.24 17:17:19 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.11.24 17:17:15 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.11.24 17:17:14 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.11.24 17:17:13 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.11.24 17:17:11 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.11.24 17:17:10 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.11.24 17:16:55 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.11.24 17:16:54 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.11.24 17:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.24 17:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.18 18:58:48 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Macromedia
[2012.11.10 12:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012.11.10 12:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.11.10 12:17:52 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012.11.03 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.03 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\pdfforge
[2012.11.03 21:41:31 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.11.03 21:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.11.03 21:40:12 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.01 20:57:32 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.01 20:27:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.01 18:35:47 | 001,547,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.01 18:35:47 | 000,679,306 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.01 18:35:47 | 000,624,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.01 18:35:47 | 000,139,450 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.01 18:35:47 | 000,110,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.01 15:50:48 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 15:50:48 | 000,016,912 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 15:42:23 | 000,000,431 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.12.01 15:41:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.01 15:41:25 | 1072,291,838 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.24 17:47:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.24 17:22:19 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.11.24 17:17:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.24 15:55:05 | 000,000,188 | ---- | M] () -- C:\Users\root\defogger_reenable
[2012.11.18 18:54:14 | 000,480,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.11.10 12:19:05 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
 
========== Files Created - No Company Name ==========
 
[2012.11.24 17:41:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.24 17:41:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.24 17:41:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.24 17:41:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.24 17:41:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.24 17:17:27 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.24 17:17:26 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.24 17:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.11.24 15:55:04 | 000,000,188 | ---- | C] () -- C:\Users\root\defogger_reenable
[2012.11.18 18:35:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.18 18:29:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.11.10 12:17:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.06.11 17:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 17:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.10 15:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.28 11:18:33 | 000,000,043 | ---- | C] () -- C:\Users\root\gsview32.ini
[2012.03.05 12:11:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2012.02.15 16:36:06 | 000,000,092 | ---- | C] () -- C:\Users\root\AppData\Local\fusioncache.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.25 09:54:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.05.25 09:54:56 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.05.08 09:57:45 | 000,000,017 | ---- | C] () -- C:\Users\root\AppData\Local\resmon.resmoncfg
[2011.05.07 10:42:02 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.05.07 10:42:02 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.04.30 11:10:18 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.30 11:10:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.04.30 11:10:15 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.04.30 11:10:15 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.04.30 11:10:14 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.28 11:55:12 | 000,000,600 | ---- | C] () -- C:\Users\root\AppData\Roaming\winscp.rnd
[2011.04.20 22:48:55 | 001,556,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.20 14:26:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.20 14:05:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.20 14:05:47 | 000,033,683 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.04.28 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DAEMON Tools Lite
[2011.04.28 11:52:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Foxit Software
[2011.04.28 12:19:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\IrfanView
[2011.04.30 11:17:28 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\JabRef 2.6
[2011.06.25 12:39:39 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Juniper Networks
[2011.04.20 14:33:13 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Leadertech
[2011.07.25 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Miranda
[2012.03.28 10:56:45 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Notepad++
[2012.03.28 11:21:04 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OpenCandy
[2012.11.03 21:41:33 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\pdfforge
[2011.04.20 23:01:15 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Thunderbird
[2012.09.21 16:11:03 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys

< End of report >
         
--- --- ---


Gruß,
primorten

Alt 02.12.2012, 13:50   #10
schrauber
/// the machine
/// TB-Ausbilder
 

blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Sonst noch Probleme bevor wir aufräumen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.12.2012, 17:36   #11
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Im Moment funktioniert der Account noch und mir sind keine weiteren Probleme aufgefallen. Ich hätte dann nur noch eine Frage zur präventiven Verwendung von Antivirus-/Firewall/sonstiger Freeware, die den windowseigenen Varianten vorzuziehen sind.

Gruß,
primorten

Alt 03.12.2012, 07:29   #12
schrauber
/// the machine
/// TB-Ausbilder
 

blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Windows-Taste+R > Combofix /Uninstall > Enter

OTL öffnen > Button Bereinigung drücken


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


__________________
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.12.2012, 15:55   #13
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Soeben wurde mein Account wieder gesperrt. Dies geschah, als ich soeben versuchte mich von meinem Arbeitsrechner aus einzuloggen (zumindest ist die Benachrichtigungs-E-Mail zur selben Zeit eingetroffen). Möglicherweise wurden die Sperrungen also durch das Einloggen von diesem Computer hervorgerufen.
Die Anweisungen zur Bereinigung meines Heimrechners kann ich leider erst in ein paar Tagen durchführen (hoffentlich schaff ich es diese Woche). Ich melde mich aber auf jeden Fall, wenn ich die Möglichkeit dazu habe/hatte.

Gruß,
primorten

Alt 06.12.2012, 18:32   #14
schrauber
/// the machine
/// TB-Ausbilder
 

blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



mit dem Arbeitsrechner zockt man nicht
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.12.2012, 14:15   #15
primorten
 
blizzard battlenet account gehackt? - Standard

blizzard battlenet account gehackt?



Zitat:
Zitat von schrauber Beitrag anzeigen
mit dem Arbeitsrechner zockt man nicht
Wollte ja nur fix im Forum vorbeischauen. Als ob ich auf Arbeit Zeit zum zocken hätte :-D

So...die Bereinigung hab ich durchgeführt und hoffe, dass damit alle eventuellen Gefahren vorerst beseitigt sind.

Zum Thema Firewall wollte ich noch fragen, ob die windowsinterne Variante ausreichend ist, oder ob man sich mi z.b. ZoneAlarm eine "gute?" Anti-Virus+Firewall-Lösung anschaffen sollte und ob man sich bei dem Dschungel an Meldungen dann nicht eher noch angreifbarer macht. Sonst würde ich mich wohl für die Windows Firewall+Avast Antivirus entscheiden.

Gruß
primorten

Antwort

Themen zu blizzard battlenet account gehackt?
akamai, application/pdf:, audiograbber, autorun, avg secure search, battle.net, bho, cid, computer, document, error, fehler, firefox, flash player, google, home, install.exe, launch, logfile, mozilla, neu aufgesetzt, neue komponenten, pando media booster, plug-in, realtek, registry, required, richtlinie, rundll, scan, secure search, security, senden, software, spielen, svchost.exe, system, teamspeak, tracker, trojaner



Ähnliche Themen: blizzard battlenet account gehackt?


  1. FB Account gehackt.
    Smartphone, Tablet & Handy Security - 20.10.2015 (8)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. WoW Account gehackt
    Log-Analyse und Auswertung - 08.10.2014 (5)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. GMX Account gehackt
    Log-Analyse und Auswertung - 07.01.2014 (9)
  6. GMX Account gehackt!
    Log-Analyse und Auswertung - 08.08.2012 (0)
  7. GMX-Account gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  8. Account gehackt!
    Log-Analyse und Auswertung - 08.08.2011 (19)
  9. Blizzard account verändert ?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (14)
  10. Account gehackt
    Log-Analyse und Auswertung - 30.03.2010 (13)
  11. WoW Account 2 mal gehackt
    Log-Analyse und Auswertung - 05.02.2010 (0)
  12. Blizzard warnt vor Account-Diebstählen in World of Warcraft
    Nachrichten - 03.02.2010 (0)
  13. wow-account gehackt
    Log-Analyse und Auswertung - 14.12.2009 (5)
  14. WoW - Account gehackt und nun
    Log-Analyse und Auswertung - 01.09.2009 (27)
  15. MSN account gehackt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2009 (4)
  16. Account gehackt
    Log-Analyse und Auswertung - 24.06.2008 (1)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema blizzard battlenet account gehackt? - Hi, ich nutze seit einigen Jahren das Blizzard-battlenet zwecks spielen von Onlinespielen. Zu meinen aktiven Zeiten in World of Warcraft hatte ich nie Probleme mit Hacks. Nach ungefähr einem Jahr - blizzard battlenet account gehackt?...
Archiv
Du betrachtest: blizzard battlenet account gehackt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.