Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschicke Spam Mails

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.01.2013, 14:47   #1
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Liebes Team von Trojaner Board,

von meinem Yahoo Account wurden leider Spam Mails in meinem Namen verschickt. Vor ein paar Wochen hatte ich gerade mit eurer tollen Unterstützung den GVU Trojaner erfolgreich entfernt. Habe ich jetzt etwa erneut einen Virus??? Bitte helft mir...

Hier der Malwarebytes Scan (alles andere findet ihr im Anhang):

Zitat:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bene :: BENE-PC [Administrator]

22.01.2013 16:16:38
mbam-log-2013-01-22 (16-16-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1149031
Laufzeit: 7 Stunde(n), 35 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

(Ende)
DANKE!!!

Alt 23.01.2013, 17:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Hallo,

hast du dein Yahoo-Passwort geändert? Wenn nicht, dann mach das jetzt umgehend! Und beobachte dann ob noch immer SPAM gesendet wird
__________________

__________________

Alt 23.01.2013, 18:21   #3
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Hatte ich vergessen zu erwähnen: Hab ich schon gemacht!
__________________

Alt 23.01.2013, 20:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Ok. Wann? Ist das seit dem wieder vorgekommen mit dem Senden von SPAM?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.01.2013, 20:40   #5
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Die Spam Mails wurden Montag verschickt, Montag habe ich dann auch mein PW geändert. Seitdem ist nichts passiert. Ist denn in meinen Logfiles ein Virus/Trojaner zu erkennen?


Alt 23.01.2013, 20:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Da hab ich ehrlich gesagt noch nicht reingeschaut weil ich das mit dem Passwort erst klären wollte


Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
--> Verschicke Spam Mails

Alt 23.01.2013, 22:03   #7
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Eine der Dateien war zu groß, um diese über "Zitat einfügen" zu posten. Deshalb hatte ich einfach alle Dateien gepackt. War mein Fehler, hab nicht mehr gesehen, dass man Dateien nur packen soll, wenn dies vom Helfer gefordert wird. Poste gleich alles nochmal. Moment...

Alt 23.01.2013, 22:07   #8
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Hier nochmal die Posts vom Anfang. Sorry für die zip-Dateien:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bene :: BENE-PC [Administrator]

22.01.2013 16:16:38
mbam-log-2013-01-22 (16-16-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1149031
Laufzeit: 7 Stunde(n), 35 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
OTL logfile created on: 23.01.2013 12:34:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bene\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,85% Memory free
9,86 Gb Paging File | 7,55 Gb Available in Paging File | 76,61% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127,99 Gb Total Space | 17,09 Gb Free Space | 13,35% Space Free | Partition Type: NTFS
Drive D: | 337,77 Gb Total Space | 33,90 Gb Free Space | 10,04% Space Free | Partition Type: NTFS
 
Computer Name: BENE-PC | User Name: Bene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.23 08:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe
PRC - [2013.01.19 09:23:59 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.01.09 13:41:17 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012.10.17 08:41:18 | 000,582,552 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
PRC - [2011.02.09 15:04:13 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
PRC - [2009.09.25 15:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.08.04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.23 12:22:37 | 000,354,304 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\pythoncom26.dll
MOD - [2013.01.23 12:22:37 | 000,263,168 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\win32com.shell.shell.pyd
MOD - [2013.01.23 12:22:37 | 000,096,256 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\win32api.pyd
MOD - [2013.01.23 12:22:37 | 000,040,448 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\_socket.pyd
MOD - [2013.01.23 12:22:35 | 000,645,120 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\_ssl.pyd
MOD - [2013.01.23 12:22:35 | 000,110,592 | ---- | M] () -- C:\Users\Bene\AppData\Local\Temp\_MEI28963\pywintypes26.dll
MOD - [2013.01.19 09:23:41 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.09 13:41:16 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2009.07.30 17:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.09.19 03:17:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.21 18:57:57 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.19 09:23:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 13:41:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.17 08:41:18 | 000,582,552 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService)
SRV - [2012.09.16 13:13:25 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010.09.08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010.09.08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.06 06:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.08.04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.05.24 15:34:59 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.21 14:26:40 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2012.03.21 14:26:32 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2012.03.21 14:26:30 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.04 12:22:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.12.04 12:22:00 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.04.15 21:21:01 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.25 17:47:48 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.10.07 12:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.25 15:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.09.25 15:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.09.19 05:32:36 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.23 15:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.17 19:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2013.01.01 14:53:13 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF DC 20 69 B5 E3 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {ED63E311-0560-4018-9856-98B10B7F06C7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09FC4750-61E6-4F45-9B4F-75C3678F7BB0}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKCU\..\SearchScopes\{0B12F864-C38E-4FF3-BD58-E0AA40C69335}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{78961E35-9C17-464c-8DDD-21CC0255493F}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{895B8F27-7D21-42EB-8CC2-C4A35E196BE1}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{E0C19C7C-D92A-403D-BE2B-E4A22BBF8E3B}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{ED197DAE-C833-489a-A579-F7A859F283F3}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{ED63E311-0560-4018-9856-98B10B7F06C7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.6.19
FF - prefs.js..extensions.enabledAddons: %7BB5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC%7D:0.3.8
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bene\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.02.09 15:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 09:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 09:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.10 20:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
 
[2010.08.03 17:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Extensions
[2010.04.15 21:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.16 19:14:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\ylcxm0ry.default\extensions
[2013.01.10 21:27:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\ylcxm0ry.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.25 14:04:50 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Bene\AppData\Roaming\mozilla\Firefox\Profiles\ylcxm0ry.default\extensions\firefox@tvunetworks.com
[2012.05.17 20:37:52 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.12.08 12:09:42 | 000,141,038 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\firegestures@xuldev.org.xpi
[2012.09.19 08:03:49 | 000,204,580 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\jid0-DY3JlbKAAeLydLoHa0dLJn4735o@jetpack.xpi
[2012.12.01 09:52:22 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\smarterwiki@wikiatic.com.xpi
[2012.03.01 08:54:09 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2013.01.06 09:59:04 | 000,022,121 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2013.01.05 17:40:06 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.11.23 18:16:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.13 10:02:34 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.01.16 19:14:14 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.03.29 04:59:27 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2012.05.17 20:39:48 | 000,001,275 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\comunio.xml
[2010.12.28 14:55:07 | 000,002,317 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\geizhalsat.xml
[2010.12.31 12:29:05 | 000,001,695 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\idealode.xml
[2010.08.03 18:12:40 | 000,001,504 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\imdb.xml
[2012.08.08 16:10:59 | 000,002,043 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\the-free-dictionary.xml
[2012.05.17 20:41:57 | 000,001,688 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\torrentday.xml
[2010.08.03 18:11:45 | 000,004,140 | ---- | M] () -- C:\Users\Bene\AppData\Roaming\mozilla\firefox\profiles\ylcxm0ry.default\searchplugins\youtube.xml
[2013.01.19 09:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 09:23:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.01.19 09:23:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.19 09:23:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.31 17:54:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.03 05:07:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.31 17:54:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.31 17:54:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.31 17:54:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.31 17:54:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.20 18:32:59 | 000,001,362 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        activate.adobe.com
O1 - Hosts: 127.0.0.1        practivate.adobe.com
O1 - Hosts: 127.0.0.1        ereg.adobe.com
O1 - Hosts: 127.0.0.1        activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1        wip3.adobe.com
O1 - Hosts: 127.0.0.1        3dns-3.adobe.com
O1 - Hosts: 127.0.0.1        3dns-2.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1        ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1        activate-sea.adobe.com
O1 - Hosts: 127.0.0.1        wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1        activate-sjc0.adobe.com
O2:64bit: - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DC369F0-D72D-4EEC-83B0-F0D28B253C66}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC7BE9B-8BB7-44E8-AB90-903450273D55}: NameServer = 62.109.123.196 213.191.74.18
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{86906f86-6c32-11e0-814c-6cf0490ead50}\Shell - "" = AutoRun
O33 - MountPoints2\{86906f86-6c32-11e0-814c-6cf0490ead50}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.23 08:33:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe
[2013.01.21 18:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.01.21 18:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.01.20 15:25:37 | 000,000,000 | ---D | C] -- C:\Users\Bene\AppData\Local\iLivid
[2013.01.19 09:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.10 20:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.10 19:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2013.01.09 19:50:05 | 000,000,000 | ---D | C] -- C:\Users\Bene\Desktop\Neuer Ordner
[2013.01.02 19:26:33 | 000,000,000 | ---D | C] -- C:\Users\Bene\AppData\Local\Avg2013
[2013.01.01 15:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013.01.01 12:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.01 12:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.29 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\Bene\AppData\Local\Programs
[2010.08.31 15:54:48 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Users\Bene\AppData\Roaming\MSWINSCK.OCX
[2010.03.25 17:42:36 | 000,388,096 | ---- | C] (Trend Micro Inc.) -- C:\Program Files (x86)\HiJackThis.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.23 12:29:59 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 12:29:59 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.23 12:27:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.23 12:22:55 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Bene.job
[2013.01.23 12:22:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.23 12:22:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.23 12:22:08 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.23 08:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.23 08:34:40 | 000,365,568 | ---- | M] () -- C:\Users\Bene\Desktop\gmer-2.0.18444.exe
[2013.01.23 08:33:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bene\Desktop\OTL.exe
[2013.01.23 08:33:38 | 000,050,477 | ---- | M] () -- C:\Users\Bene\Desktop\Defogger.exe
[2013.01.23 07:22:03 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001UA.job
[2013.01.22 22:04:12 | 004,858,916 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.22 22:04:12 | 001,846,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.22 22:04:12 | 001,436,752 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.22 22:04:12 | 001,280,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.22 22:04:12 | 000,005,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.22 20:52:36 | 004,109,592 | ---- | M] () -- C:\Users\Bene\Desktop\17 The Wings.m4a
[2013.01.22 15:47:41 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.22 15:21:14 | 001,052,195 | ---- | M] () -- C:\Users\Bene\Desktop\2013 başvuru formu partnerler için-1.pdf
[2013.01.21 20:18:04 | 008,656,339 | ---- | M] () -- C:\Users\Bene\Desktop\2-06 Girl from the North Country.m4a
[2013.01.21 20:18:04 | 007,793,368 | ---- | M] () -- C:\Users\Bene\Desktop\07 Automatic Bang!.m4a
[2013.01.21 20:18:02 | 009,130,121 | ---- | M] () -- C:\Users\Bene\Desktop\01 One (Radio Edit).m4a
[2013.01.21 20:18:02 | 007,972,738 | ---- | M] () -- C:\Users\Bene\Desktop\20 Heroes.m4a
[2013.01.21 20:18:02 | 007,896,066 | ---- | M] () -- C:\Users\Bene\Desktop\01 Whatcha Say.m4a
[2013.01.21 11:05:02 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Bene.job
[2013.01.21 10:22:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2058888408-2479665750-2358759828-1001Core.job
[2013.01.16 13:04:01 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Bene.job
[2013.01.14 19:09:52 | 000,048,267 | ---- | M] () -- C:\Users\Bene\Desktop\27971_20130114_094634_Zertifikat (Teilnahme an 1311E0501).pdf
[2013.01.09 14:00:58 | 000,319,838 | ---- | M] () -- C:\Users\Bene\Desktop\br-studienstufe-an-allgemeinbildenden-schulen.pdf
[2013.01.09 13:00:36 | 004,896,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.31 19:17:09 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.12.30 12:52:23 | 000,397,065 | R--- | M] () -- C:\Users\Bene\Desktop\The.Wire.S01-S05.DVDRip.XviD-TD.torrent
[2012.12.29 11:30:23 | 000,000,020 | ---- | M] () -- C:\Users\Bene\defogger_reenable
 
========== Files Created - No Company Name ==========
 
[2013.01.23 08:34:39 | 000,365,568 | ---- | C] () -- C:\Users\Bene\Desktop\gmer-2.0.18444.exe
[2013.01.23 08:33:37 | 000,050,477 | ---- | C] () -- C:\Users\Bene\Desktop\Defogger.exe
[2013.01.22 21:04:44 | 004,109,592 | ---- | C] () -- C:\Users\Bene\Desktop\17 The Wings.m4a
[2013.01.22 21:04:43 | 008,656,339 | ---- | C] () -- C:\Users\Bene\Desktop\2-06 Girl from the North Country.m4a
[2013.01.22 21:04:43 | 007,793,368 | ---- | C] () -- C:\Users\Bene\Desktop\07 Automatic Bang!.m4a
[2013.01.22 21:04:42 | 009,130,121 | ---- | C] () -- C:\Users\Bene\Desktop\01 One (Radio Edit).m4a
[2013.01.22 21:04:42 | 007,896,066 | ---- | C] () -- C:\Users\Bene\Desktop\01 Whatcha Say.m4a
[2013.01.22 21:04:41 | 007,972,738 | ---- | C] () -- C:\Users\Bene\Desktop\20 Heroes.m4a
[2013.01.20 15:26:35 | 000,001,042 | ---- | C] () -- C:\Users\Bene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2013.01.14 19:09:50 | 000,048,267 | ---- | C] () -- C:\Users\Bene\Desktop\27971_20130114_094634_Zertifikat (Teilnahme an 1311E0501).pdf
[2013.01.09 14:00:58 | 000,319,838 | ---- | C] () -- C:\Users\Bene\Desktop\br-studienstufe-an-allgemeinbildenden-schulen.pdf
[2013.01.09 13:01:34 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Bene.job
[2013.01.09 13:01:22 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Bene.job
[2013.01.09 13:01:13 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Bene.job
[2013.01.08 19:33:14 | 001,052,195 | ---- | C] () -- C:\Users\Bene\Desktop\2013 başvuru formu partnerler için-1.pdf
[2013.01.02 19:29:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.31 19:17:09 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.12.30 12:52:54 | 000,397,065 | R--- | C] () -- C:\Users\Bene\Desktop\The.Wire.S01-S05.DVDRip.XviD-TD.torrent
[2012.12.29 11:30:21 | 000,000,020 | ---- | C] () -- C:\Users\Bene\defogger_reenable
[2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.12.17 12:34:25 | 000,000,288 | ---- | C] () -- C:\Users\Bene\AppData\Roaming\.backup.dm
[2011.09.24 21:29:35 | 000,001,456 | ---- | C] () -- C:\Users\Bene\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.06.28 19:27:49 | 000,019,968 | ---- | C] () -- C:\Users\Bene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.03 19:26:36 | 000,188,479 | ---- | C] () -- C:\Users\Bene\KalaK_Amp.wsz
[2011.01.25 20:06:04 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.03 11:13:45 | 000,007,631 | ---- | C] () -- C:\Users\Bene\AppData\Local\Resmon.ResmonCfg
[2010.04.17 10:47:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.15 20:12:18 | 003,670,016 | -HS- | C] () -- C:\Users\Bene\NTUSER.bak
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.25 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Ahnenblatt
[2011.01.03 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\avidemux
[2012.06.30 19:34:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Canon
[2012.10.26 16:57:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.03.21 12:57:21 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Cornelsen
[2013.01.02 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DAEMON Tools Lite
[2012.08.31 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Dropbox
[2012.08.29 15:00:44 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DVDVideoSoft
[2010.12.20 19:35:12 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.02 11:34:39 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\elsterformular
[2012.09.13 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\fotobuch.de AG
[2013.01.01 15:28:23 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\IrfanView
[2011.01.28 21:45:11 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Leadertech
[2010.04.28 15:19:25 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\OpenOffice.org
[2011.11.04 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Opera
[2011.08.12 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\PlagiarismFinder
[2012.10.31 10:11:41 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Samsung
[2012.09.16 13:33:23 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\SMART Technologies
[2010.11.10 18:56:50 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\SMART Technologies Inc
[2011.07.28 11:43:15 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.25 09:56:46 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\streamripper
[2010.09.10 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\StreamTorrent
[2010.11.17 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Sync App Settings
[2011.08.25 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Systweak
[2010.04.15 21:32:56 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Thunderbird
[2012.04.14 07:36:12 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\TIPP10
[2012.10.26 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\TuneUp Software
[2010.12.04 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\Ubisoft
[2013.01.23 08:16:26 | 000,000,000 | ---D | M] -- C:\Users\Bene\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 23.01.2013 12:34:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bene\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,85% Memory free
9,86 Gb Paging File | 7,55 Gb Available in Paging File | 76,61% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 127,99 Gb Total Space | 17,09 Gb Free Space | 13,35% Space Free | Partition Type: NTFS
Drive D: | 337,77 Gb Total Space | 33,90 Gb Free Space | 10,04% Space Free | Partition Type: NTFS
 
Computer Name: BENE-PC | User Name: Bene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
"C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AFCD845-A6C2-426C-BAF4-6CEE5E61BF53}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C4BBA63-C433-4212-920A-30E70ADA126C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{110A2C6B-188F-4263-9E73-3D11F7C18094}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{11234E49-7144-44FF-98BE-502822DB5CA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16FCB80D-11D6-46A9-9794-13A95482A9A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2104AD9D-6EC9-4D11-9B27-87EAA6190FC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F098FA2-75F0-415C-9A76-4A69BF1A7882}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3095C219-A239-4C8B-B452-135CBD3CA49F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33293A79-F27B-4FAC-BDDB-4307CF29A2C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B9118EB-AF1D-41DB-AB7A-BB18C352C804}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3E4CC361-3137-41AE-86CF-17677E3B8DAA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3EAFBDCA-88E6-4E17-B086-0834211906B2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4510E8F6-A093-48EC-8542-23A6C1E724E2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4EC3BA22-2AD9-4DFB-8781-E45F2340B43E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{509F79C0-4B28-4B9B-9073-FA94B2D50D05}" = rport=445 | protocol=6 | dir=out | app=system | 
"{65D33695-C616-4CC3-B859-1A9D60E3C2D5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6E01F6BC-6615-49F9-9F1D-C557E77C591F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76972F96-B701-4707-828A-D2EEFFF7F4BC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{798A577F-7653-4A3A-968A-1216E976ED7A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{858D98CB-329E-476E-B2CA-4CA7514E0E53}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{987E087A-3F11-45E7-82E2-D44417447509}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9C047623-A6C2-4B70-8911-2387521FC7B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3A2434C-B3E7-4AA3-A4A7-7FE5216EAD7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AC38A2A7-0A47-4C2B-802D-AFADB5E275B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B8663D6B-6146-4B92-BC30-1EA4536B3550}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B8E3CEE9-60BC-4E93-B3E3-E5D213962678}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9C1799C-85B0-4479-9CE8-DE088AA1E28D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CFB9227A-8904-447C-B379-EEC84F853725}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D6DE5FD2-2883-47BE-9D91-062360EA9E1A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E349385D-69F7-4A16-B85E-CB114FDE471D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E461420B-197A-4F78-8414-B609164D796B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F20C666F-7B00-4583-A7D2-62777BBF9130}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2BF856A-0634-442C-9451-DF695BAF327E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0154113F-98CA-4C3C-A952-09FA731050DD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"{07AD35BF-5DF6-467E-8513-6C032A14CA28}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{09384943-C967-474D-88D0-6E85D6F86BBE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0A74F7BC-9206-4751-ADD3-D446EC92D5A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0F9BBFAB-4EA1-4790-81AA-CEC930D8FA55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10900726-28A9-4A9C-87FB-E120932BD7D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{12058908-A29D-4BB9-B4A6-37E7B93F6124}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe | 
"{12E9DBB0-0F6A-4964-8DEB-D352EC384F3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{146A391E-F6A6-4BC7-86D3-6518E7285C07}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe | 
"{17F01A1A-2413-4E36-B2D9-5C385AD32816}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{18BD4D54-1BF4-4EFF-A2CB-3998FCFE1BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{19A1A3A8-6DEE-4A28-9168-9D44851FDCB0}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{1AA1379F-3CA4-4D63-88FB-FB311CC96F2F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1F000C96-11C6-4E33-9EE0-6420EC9779D4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{2296147F-C3F7-447A-931B-503E0504C28B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{29A76C6C-F87D-4498-8707-C4780CF004A7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2BA211D1-6493-4872-9ED0-D0E1055EE180}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{2D093579-5CF6-4371-8466-BEC1AAAB13DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2D64331F-6D0F-4841-8584-E081E9E8D5AF}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{2FEFC434-44D6-48BA-B664-A4459CC4D6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{33E0AEF5-A4E9-40BD-910F-56310A869485}" = protocol=6 | dir=in | app=e:\alicesetup.exe | 
"{37A5E771-C8D2-4B40-9C9B-2C707C1E35D6}" = protocol=17 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | 
"{3817DCE6-EC3D-4AA6-B717-2769E87AF47D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{3CBA40EF-BAB9-4F9A-8740-7A0A1153279C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{41E8CB64-1CB8-4A3E-94B7-72A972EA8951}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{45D33496-1F74-452A-805A-B61EB91B606E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{473D03B8-6E6D-46FD-970F-2A2B39AAC50D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{4C98D011-D297-4C10-B9CD-BCC76219970D}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe | 
"{4F792CC3-1A3A-414A-B7D4-1DF672753BC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51003424-229C-4664-9B5A-6237322D9BD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{51E6E2A5-3E21-4F93-9828-152E2EA4F36C}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{55DF8F9F-2DD3-425B-8164-F35B95BEC065}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{5C9C9EBE-F9C8-40E2-B972-FCE85A49F3C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{60B106CC-60BD-43E4-9705-6C4C308B924D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{633EF74A-4B33-49FA-B008-A9457E2F827E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63A31D00-D2F6-4B94-80DD-99B57FC208CB}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{67F6FE7D-7240-4B51-8E36-ED0B4A684292}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6B452E67-C11A-4D06-A818-C0411A01C48B}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"{6C5711FC-0ECF-4B23-A7AA-AF0413BA7410}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{6C5A3C64-1033-4362-9985-97CD370F748F}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"{70315441-4063-45CD-9C0C-A3F187EA6185}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{740E7053-990D-4763-9950-0CF8EB76F1E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{743DE810-FC17-43FF-9069-1A1E4BA33C57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7B213084-906C-4050-A612-84E7140E0648}" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"{7DD79606-F11E-42C2-8284-28421F105D69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{84033421-9EA5-4C39-8795-2A1127D651C3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8489A0D4-593B-48E4-AC48-FD5C7CFC6E96}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"{85D39ED4-6BDF-4350-9775-BF8211C293AF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{8C029300-CE15-4036-8EE6-81E0AF9975E4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{8C64E472-A5E4-4F46-9AF2-329A91340E69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{908070B5-9163-4463-B721-49B60D9A8B83}" = protocol=58 | dir=in | app=system | 
"{90A5074C-DF15-444B-9868-C56B237B1A16}" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"{99BC6303-8D41-4520-B0C4-ED8606E60375}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{9C66A541-8884-45B7-9DE2-3215162B98AC}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"{9DCD9F76-46F1-4A00-B3DC-2144B8D83747}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9EFF6BCA-226F-44B6-B290-EA2BCD60590E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{A3BBDB28-4F21-42DC-A60D-316A4A16DCB9}" = protocol=6 | dir=out | app=system | 
"{A3E7187E-B034-4E7E-8342-915FF2177883}" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"{A8E28D94-D18A-4AA6-9C8A-F8D3EB30B0A0}" = dir=in | app=c:\users\bene\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{AB0639C6-D4D2-4782-A7E6-F82559AB305D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"{AEDC4147-27DF-4EFE-8658-0553715A27C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B1F114D9-6749-43EC-9BE9-C76ECF722C34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B9E2CCB0-D70A-404D-8956-A766C46D1AFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA1D4679-9F58-4E31-A677-CE40B6A84885}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{BF486187-EC9A-4B9D-A961-0F2410B16EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{C27C9CD9-B086-470A-8BCA-6D4BCAAA0066}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{C6C3660E-A22A-4562-B4B6-1172A5689E8E}" = protocol=6 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | 
"{C978121B-8086-4DB0-BD8E-B99A11DC70F9}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe | 
"{D17DA6B4-971C-4AB6-B66F-A3BE97A8E39C}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe | 
"{D2F6E057-DFC9-4562-986A-AE653A2A9ED6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D37085D8-0D25-4D0E-8BF6-42BE12F7CE4B}" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"{D75EB00F-9768-4E4C-9AB3-43083D377188}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe | 
"{D9A6FDF0-0C1A-40BD-AE8F-EE0D7E22256F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DBA582D7-776A-4D0F-893F-459703E13CF9}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"{E4BD3B17-7A65-4F8F-BEAF-0AF83D4D20DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E50EC6BC-6C77-4BE7-B44B-D1117CAD4BC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E8A4EC31-0153-417C-80B8-B272E22AFC0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E97FE20E-A49A-4280-90E0-DD949095E017}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{EB7F6FEC-36B2-48D2-A0A4-1A659283F71C}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"{ECDF3EC7-D6BD-41C9-BEA0-0C00B6A74CE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2D3D916-734C-43EE-BD25-4CFC26D43495}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"{F5AAD8C9-3863-4A08-A2A4-13F408108B1C}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe | 
"{F8A52E4B-A0B6-4560-B7C4-7DA4E3EA9F35}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe | 
"{F984478E-4A56-4603-BAB2-373DE321C8CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{FB6492E0-AB67-48D8-8B10-1B92E881E96F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{FBA11FAE-AF1E-4240-BB7B-1D4A6D306721}" = protocol=17 | dir=in | app=e:\alicesetup.exe | 
"{FC95596F-0F2D-4B28-B514-DBCA9AC8EFF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FCE4E2C9-05A1-4AB5-ACE6-A20E1D271E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"TCP Query User{11137FE6-063B-44C2-A3B4-BFE0FB7F4300}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"TCP Query User{1AD82EC3-FE0D-4B8E-A999-7662994A1499}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{1BE2B5C4-B2C3-4C52-A81C-A8AF13244F35}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{1FA3BEF2-3619-4728-B624-E650CBFABF54}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{3929C904-04E6-481D-85C0-245FA7DDD957}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{4922841C-3EFB-4FB8-9335-A26ED83E281A}C:\program files (x86)\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | 
"TCP Query User{4DF31695-C7C2-4401-B5C9-670FFC8445F1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{555C3EA9-BD0D-4BC1-8F44-2FF02121472D}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{556628F7-71F9-4339-B0C3-6D73591869B1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{91B23A24-FB2C-4C3D-A435-E0AE5F6458B3}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{95B24415-5638-4119-9245-89B1FD6642F2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{9DFDAA12-2210-4C48-8631-9854B17EB237}C:\users\bene\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9F9AD9E6-84C6-4910-885C-D3A0B1BF0F38}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{A5084ECD-78BD-4509-80CA-53DE1D61C7E7}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{A98A3B5D-1C68-4EF9-A9ED-4C0BBED70AD6}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{D174D1D8-D6F8-423A-AA7E-AAF6450C1204}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{D843B4D3-5F51-4723-A7C7-E5E2E994191E}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{EC4725F9-CDEE-43E8-8CAB-573E08DEBE0A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{F85D8056-0EA6-4C5E-B4EB-9DC5E4887EBF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{01D36DD1-840C-4670-9D93-14408D1CC43C}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{02194056-7F43-4526-BD6A-E57BE743211D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{14EA8528-3238-4C41-8C52-2284D5F98A5D}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{3E5EDDF5-4EAA-41D6-8412-A73C48B130C2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{41343117-962E-41DE-B993-08EA151B4049}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{6C1647F5-3662-4A5D-99D9-1D2DEFCE15A0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{79118D6C-885B-449F-A77E-EC3679BBCF34}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{7F9C1879-020B-4DD6-AE99-2D3CA651BE64}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{9626D592-5861-4D8B-9439-40154A53F146}C:\program files (x86)\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseekns\slsk.exe | 
"UDP Query User{9C366134-E842-4D7F-8C98-745915390798}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{A1DF2D92-3327-469E-BEC6-F09B8E3D12ED}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"UDP Query User{A29DC7C5-9654-4F44-9705-6A3F2FFBAD02}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{C1C4D5D5-CE9E-42EA-90A5-17F60B762A66}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{CD4287EB-0910-4F35-93BA-9876854B1DC8}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{D240C1C8-09A4-4435-AC89-B19C1328684F}C:\users\bene\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\bene\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{DADB59C9-D4F1-4712-81BB-1018094B74F6}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{F37C5C6E-C590-4593-8E91-036A3EB73AF2}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{F501DBDC-1876-4447-8B1F-E9058EF39C0E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F5844998-EA19-41BF-A22E-DEE0D0F377F4}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1BCA0DE2-FAEE-9504-C411-422263E16E68}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{22591D78-46F8-41E4-9E89-323B8C0A16AF}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F482C75-174D-42EB-A2CF-B00A1F354F7B}" = WD SmartWare
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{857A474F-2485-BC1B-168C-BD396012C30E}" = ATI Catalyst Install Manager
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{10E1FFEC-1091-3B36-C1BA-D8C3FE0F9BE2}" = CCC Help Spanish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14182112-52B4-2FF5-D85A-3C0AD2AFA712}" = Catalyst Control Center HydraVision Full
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2487D1AE-A0E0-CFFB-E7EA-D3475174FDC0}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38313574-4523-6196-9B42-2C34B4E8A0C7}" = Catalyst Control Center Graphics Previews Common
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D1B7263-3DC3-7D19-96EF-2BA1C5FC56A9}" = Catalyst Control Center Graphics Light
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{43B8F718-87DC-8867-E6A9-1D51624D5D07}" = Catalyst Control Center Graphics Full Existing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5C3C89CB-A719-46C5-80C7-2E2237AD3692}" = SMART German Language Pack
"{5D18C879-953D-AA38-7F6B-CBB50BD385DE}" = CCC Help Portuguese
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7E941E63-08D9-09C5-FEEC-E5F2781A085E}" = Catalyst Control Center Localization All
"{812830C1-9ABA-6B0E-FB4F-324783FB4557}" = CCC Help French
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D4B716A-0ABE-4238-9090-D208E5F57A5E}" = SMART Product Update
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5E54C43-0A4E-7F92-6D85-2195704A937B}" = Catalyst Control Center Core Implementation
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB0AA5D7-D5F0-7B4E-C3B5-D6304DBB2631}" = ccc-core-static
"{C0233C48-0C28-6CC5-2EDD-C6EB387C49CB}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAAE8672-FE2F-2B7C-6CF4-6068B491D5BC}" = CCC Help English
"{CCC401C6-AA00-3A36-B71C-C1ECDE5B3DF2}" = CCC Help German
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E7490029-E728-F928-B5E8-9B27FBDB6E46}" = Catalyst Control Center Graphics Full New
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDA3AF83-4C36-4D9C-89C4-A5C71E2CF997}_is1" = ComunioCalci 1.5.1
"{FF357FB1-41AA-4C8A-BAC3-0B309E9798D2}" = GooReader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Allway Sync_is1" = Allway Sync version 10.5.8
"At the Cutting Edge_is1" = At the Cutting Edge
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DPP" = Canon Utilities Digital Photo Professional 3.10
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Free YouTube Download_is1" = Free YouTube Download 2.9
"iLivid" = iLivid
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Klett Software Sicher ins Abitur" = Klett Software Sicher ins Abitur
"Lehrer-Software Notting Hill Gate 3B" = Lehrer-Software Notting Hill Gate 3B
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"Opera 12.00.1467" = Opera 12.00
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"QUICKfind" = QUICKfind server v1.1
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.4.0
"Soulseek2" = SoulSeek 157 NS 13e
"StarCraft II" = StarCraft II
"Steam App 570" = Dota 2
"Streamripper" = Streamripper (Remove only)
"Tesseract-OCR" = Tesseract-OCR - open source OCR engine
"TIPP10_is1" = TIPP10 Version 2.1.0
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FLV Player" = FLV Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.01.2013 11:28:45 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 22.01.2013 11:28:45 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 22.01.2013 11:28:45 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 22.01.2013 16:08:21 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 22.01.2013 16:08:21 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 22.01.2013 16:08:21 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 22.01.2013 17:04:09 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 22.01.2013 17:04:09 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 22.01.2013 17:04:09 | Computer Name = Bene-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 22.01.2013 19:19:04 | Computer Name = Bene-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 21.01.2013 13:58:10 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 21.01.2013 13:58:10 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.01.2013 03:44:14 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 22.01.2013 03:44:16 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805315.
 
Error - 22.01.2013 09:47:13 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 22.01.2013 09:47:17 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805315.
 
Error - 23.01.2013 03:18:04 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.01.2013 03:18:08 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805315.
 
Error - 23.01.2013 07:22:26 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "AVGIDSAgent" ist von folgendem Dienst abhängig: AVGIDSDriver.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 23.01.2013 07:22:30 | Computer Name = Bene-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVG WatchDog" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%-536805315.
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-23 14:31:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Bene\AppData\Local\Temp\kxldqpow.sys


---- Threads - GMER 2.0 ----

Thread    [2536:2768]                                                                                                        0000000077332e25
Thread    [2536:5588]                                                                                                        0000000077333e45
Thread    [2536:3656]                                                                                                        0000000077333e45
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3156:3232]                                     000007fefbb42a7c
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2160]                 000007fef8910000
Library  ? (*** suspicious ***) @  [2536]                                                                                    0000000000400000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3156]                 000007fef1bb0000
Library  ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [6068]         000007fefd490000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xB0 0xB6 0xB4 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x99 0x35 0x93 0xC1 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xBD 0x4B 0xD6 0x37 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xF8 0x35 0x81 0x34 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xB0 0xB6 0xB4 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x99 0x35 0x93 0xC1 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xBD 0x4B 0xD6 0x37 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xF8 0x35 0x81 0x34 ...

---- EOF - GMER 2.0 ----
         

Alt 23.01.2013, 22:09   #9
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



ok?

Geändert von benebene (23.01.2013 um 22:12 Uhr) Grund: Beitrag doppelt gepostet

Alt 23.01.2013, 22:33   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Code:
ATTFilter
O1 - Hosts: 127.0.0.1        activate.adobe.com
O1 - Hosts: 127.0.0.1        practivate.adobe.com
O1 - Hosts: 127.0.0.1        ereg.adobe.com
O1 - Hosts: 127.0.0.1        activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1        wip3.adobe.com
O1 - Hosts: 127.0.0.1        3dns-3.adobe.com
O1 - Hosts: 127.0.0.1        3dns-2.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1        ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1        activate-sea.adobe.com
O1 - Hosts: 127.0.0.1        wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1        activate-sjc0.adobe.com
         
Ausrede dafür?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.01.2013, 18:39   #11
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Ooops, das war dann wohl mein Neffe... könnte das ein Trojaner/Virus sein?

Alt 24.01.2013, 22:11   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Ja. Denn mit so gut wie jeder gecrackten Software handelt man sich zu 99% Schädlinge ein.

Die Einträge die wir da sehen, ermöglichen es der gecrackten Software sich den Adobe-Aktivierungservern zu entziehen. Wenn dein Rechner diese Einträge hat, kann es mit Adobe NICHT mehr kommunizieren, und genau das macht nur bei gecrackter Adobe-Software (zB CS5 in deinem Log) Sinn

Zitat:
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.01.2013, 06:39   #13
benebene
 
Verschicke Spam Mails - Standard

Verschicke Spam Mails



Ok, danke für den Support!

Antwort

Themen zu Verschicke Spam Mails
account, administrator, anhang, anti-malware, autostart, board, erneut, explorer, gen, helft, mail, mails, malwarebytes, namen, scan, service, spam, speicher, trojaner, trojaner board, version, virus, virus?, virus??, yahoo



Ähnliche Themen: Verschicke Spam Mails


  1. PC versendet Spam Mails
    Log-Analyse und Auswertung - 05.11.2015 (9)
  2. regelmäßige Spam-E-Mails
    Überwachung, Datenschutz und Spam - 25.12.2014 (6)
  3. Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 30.10.2014 (1)
  4. Mailer Daemon Mails von GMX-Konto - Spam oder sendet Outlook selbstständig Mails?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (8)
  5. Windows 7 -- Mail delivery failed obwohl ich keine Mails verschicke
    Log-Analyse und Auswertung - 01.11.2013 (11)
  6. Spam Mails von mir selbst? (GMX)
    Log-Analyse und Auswertung - 29.10.2013 (5)
  7. Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (11)
  8. Verschicke Spam-Emails
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (13)
  9. Netzbetreiber sagt ich verschicke Schadware/Spam
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (6)
  10. Verschicke Spam-Mails an meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (6)
  11. Ich verschicke per MSN Email spam Nachrichten
    Log-Analyse und Auswertung - 23.08.2010 (14)
  12. verschicke spam mit msn und er stürzt immer ab
    Log-Analyse und Auswertung - 04.05.2010 (22)
  13. verschicke ich spam?
    Überwachung, Datenschutz und Spam - 19.06.2007 (7)
  14. Spam-Mails
    Überwachung, Datenschutz und Spam - 07.11.2006 (5)
  15. Spam Mails
    Überwachung, Datenschutz und Spam - 17.04.2005 (3)
  16. Ärger mit T-Online, weil ich angeblich Spam-Mails verschicke.
    Plagegeister aller Art und deren Bekämpfung - 14.11.2003 (3)

Zum Thema Verschicke Spam Mails - Liebes Team von Trojaner Board, von meinem Yahoo Account wurden leider Spam Mails in meinem Namen verschickt. Vor ein paar Wochen hatte ich gerade mit eurer tollen Unterstützung den GVU - Verschicke Spam Mails...
Archiv
Du betrachtest: Verschicke Spam Mails auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.