| |
| |||||||
Überwachung, Datenschutz und Spam: Dauerhafte "Mail Delivery System"-MailsWindows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
10.03.2013, 13:31
| #1 |
 |  Dauerhafte "Mail Delivery System"-Mails Moin, ich kriege seit einiger Zeit regelmäßig Mails auf mein Mailkonto die besagen, dass eine von mir verschickte Mail nicht zugestellt werden konnte, bzw dass der Adressent nicht existiert. Die Mails sehen genauso aus wie die "echten" Mail Delivery System-Mails, insofern gehe ich davon aus, dass ich mir 'nen Trojaner oder sowas eingefangen habe, der automatisch Spam-Mails verschickt. Eigentlich wollte ich mit BB-Code 'nen Spoiler mit der Mail einfügen, aber irgendwie funktioniert das nicht? Es ist jedenfalls freenet-Mail-Konto. Ich habe zwei Systeme, mit denen ich auf dieses Konto zugreife, ein Tower und ein Netbook, beide Windows 7 (Rechner 64 Bit, Netbook 32 Bit). Die Logfiles sind alle vom Tower-System. OTL.txt: OTL logfile created on: 10.03.2013 12:19:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free 11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe PRC - [2013.03.06 13:12:24 | 001,752,576 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.09 11:15:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\VPN Client\cvpnd.exe PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2013.03.06 13:11:54 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Last.fm\listener.dll MOD - [2013.03.06 13:11:50 | 000,757,248 | ---- | M] () -- C:\Program Files (x86)\Last.fm\unicorn.dll MOD - [2013.03.06 13:11:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Last.fm\logger.dll MOD - [2013.03.05 13:25:40 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Last.fm\lastfm.dll MOD - [2013.01.18 11:49:56 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll MOD - [2013.01.18 11:39:50 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\phonon.dll MOD - [2012.12.13 00:13:36 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlccore.dll MOD - [2012.12.13 00:13:32 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll MOD - [2012.12.13 00:12:58 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlc.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.02.27 21:43:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.05.08 16:51:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 16:51:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.09.14 16:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009.09.14 16:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008.11.25 10:45:40 | 000,153,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.08 16:51:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:51:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.02 11:27:37 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.04.02 11:27:37 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.28 20:11:19 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.10.22 02:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.05.05 16:10:44 | 001,119,072 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 92 EE 48 94 E6 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.28 20:18:23 | 000,000,000 | ---D | M] [2012.03.31 19:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions [2012.03.08 16:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.08 16:54:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Adblock Plus = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Simple Adblock = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo\1.0.6_0\ CHR - Extension: Better Pop Up Blocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ CHR - Extension: YouTube Unblocker = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.3.2_0\ CHR - Extension: Google Mail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{016E9268-C477-43E7-981C-F9CE181897CB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3E39A52-7EBC-43A2-A399-0CA0B3A30664}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.11.21 18:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell - "" = AutoRun O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0aa66bda-49e3-11e1-b894-1c6f6584924d}\Shell\install\command - "" = F:\Setup.exe O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell - "" = AutoRun O33 - MountPoints2\{1dadad8d-58ba-11e1-be3e-1c6f6584924d}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{45efd60b-4937-11e1-ba46-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006.02.27 16:17:52 | 001,662,976 | R--- | M] (Bethesda Softworks) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.10 12:19:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.09 15:20:57 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut [2013.03.09 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut [2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter [2013.03.09 14:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter [2013.03.06 22:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.06 22:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.06 20:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm [2013.02.21 23:30:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.21 23:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.11 18:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2013.02.11 18:57:32 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll [2013.02.11 18:57:32 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll [2013.02.11 18:57:32 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll [2013.02.11 18:57:32 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll [2013.02.11 18:57:32 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll [2013.02.11 18:57:32 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll [2013.02.11 18:57:32 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll [2013.02.11 18:57:32 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll [2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack [2013.02.11 18:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter ========== Files - Modified Within 30 Days ========== [2013.03.10 12:19:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe [2013.03.10 12:18:53 | 000,000,000 | ---- | M] () -- C:\Users\Alex\defogger_reenable [2013.03.10 12:17:45 | 000,050,477 | ---- | M] () -- C:\Users\Alex\Desktop\Defogger.exe [2013.03.10 11:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001UA.job [2013.03.10 11:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 10:23:41 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 10:15:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.10 10:15:43 | 534,945,791 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 11:26:07 | 004,706,746 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 11:26:07 | 001,909,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 11:26:07 | 001,400,238 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 11:26:07 | 001,242,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 11:26:07 | 000,007,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.21 23:52:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3457506275-3499392296-1292500948-1001Core.job [2013.02.16 15:40:10 | 000,001,051 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.15 21:03:24 | 000,034,213 | ---- | M] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf [2013.02.14 09:39:14 | 000,349,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.10 12:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Alex\defogger_reenable [2013.03.10 12:17:44 | 000,050,477 | ---- | C] () -- C:\Users\Alex\Desktop\Defogger.exe [2013.02.16 15:40:10 | 000,001,051 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.15 21:03:24 | 000,034,213 | ---- | C] () -- C:\Users\Alex\Desktop\Stundenplan Bine.pdf [2013.02.11 18:57:32 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx [2013.02.11 18:57:31 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.10.09 18:17:11 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.09.12 20:18:28 | 000,000,384 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.05.31 13:03:38 | 000,191,488 | ---- | C] () -- C:\Users\Alex\Part1.par [2012.05.09 11:24:01 | 000,000,054 | ---- | C] () -- C:\Users\Alex\pc-client.properties [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.12 20:25:50 | 000,007,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.29 15:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Canneverbe Limited [2012.01.29 12:02:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite [2012.05.06 12:15:34 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dev-Cpp [2013.03.10 10:18:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox [2012.04.21 10:59:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Epson [2013.02.11 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FreeAudioPack [2013.01.02 23:53:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ [2012.12.04 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\LibreOffice [2013.03.09 15:20:57 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\mp3DirectCut [2012.02.15 16:54:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org [2012.12.21 12:18:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUp Software [2012.05.01 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Unigraphics Solutions ========== Purity Check ========== < End of report > Extras.txt: OTL Extras logfile created on: 10.03.2013 12:19:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,61% Memory free 11,99 Gb Paging File | 10,18 Gb Available in Paging File | 84,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 70,81 Gb Free Space | 48,37% Space Free | Partition Type: NTFS Drive D: | 785,03 Gb Total Space | 604,09 Gb Free Space | 76,95% Space Free | Partition Type: NTFS Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: RAPTORJESUS | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .reg [@ = regfile] -- regedit.exe "%1" ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035C8E57-7E34-451E-96BA-077739A97701}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{10279BEE-426E-433C-A39E-E1A5E77F1F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{11CC1D5B-CE96-4D45-BB83-5B46F76C132D}" = lport=138 | protocol=17 | dir=in | app=system | "{19141097-B7C2-40EC-8AC1-4E442532E396}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1D13254D-6A55-4271-B665-F50070A57108}" = rport=10243 | protocol=6 | dir=out | app=system | "{1F6CF8E4-B0B7-4112-9D88-15427BA1360E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{33817499-48CA-42C2-874B-7BB9C433557C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3D601141-50FA-4D29-9093-B01F8BF2394A}" = lport=139 | protocol=6 | dir=in | app=system | "{45ACD6D2-A6B7-4C91-BBBE-14374C430C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{49F4BE51-7E92-4008-B490-AE44254DC9AF}" = lport=2869 | protocol=6 | dir=in | app=system | "{71587648-8195-44D1-A139-508E3C54D5EC}" = lport=445 | protocol=6 | dir=in | app=system | "{750DFB21-1CCE-41EE-90B7-06923ACF37B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D729746-6E9C-4395-BD2C-92A57715E00D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{7FCF9266-76F5-4BAC-8F3C-F58991AAB1E3}" = rport=139 | protocol=6 | dir=out | app=system | "{9B424F3B-DCA5-456E-8E11-293EF8F3BE94}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3B1EEB6-5D61-4BBA-BD44-608C36BB620A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD47F954-C815-49E1-9DEE-D8E23FB48934}" = lport=10243 | protocol=6 | dir=in | app=system | "{B451ED79-A4F5-4C3B-A851-796EB1907690}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BDC5CE5C-7D6D-4E27-8609-E1562BDF409D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAF223CD-2F87-4C17-9975-C01896622610}" = rport=138 | protocol=17 | dir=out | app=system | "{CD47F851-D7FB-4B5F-BB74-0AC0010C2660}" = rport=137 | protocol=17 | dir=out | app=system | "{D7F81496-725C-4C93-A83D-34CEF63E7A58}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F2276F67-803A-4D66-A27E-CB677B9AA9E4}" = rport=445 | protocol=6 | dir=out | app=system | "{FD296664-A704-4F83-852C-D1905FE25D85}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03BCCCD8-A454-428E-96B6-CB9CBF51586F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{05F08800-AA07-4663-B2DA-519E6D5E483F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DD0564D-8816-4916-8C6F-61CD7390F896}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1A033EC4-1466-4E0A-AB69-387A7B293730}" = protocol=6 | dir=out | app=system | "{1E020B7B-E5AB-46F4-8023-67FDC77B51AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{25396856-A3F3-4207-B578-BC6EB01FD6AD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2F38CDAF-3C31-44A8-92F7-EF220E475718}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2F6B63BF-A43A-4665-8E2D-21B0F8FB13DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{32E5FB50-3313-4DC7-B74B-7B4DEB7FFA92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{34FC8203-55CD-439F-B68C-BE391CFCFDC1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{3B3462A8-6AE0-43FE-9D9E-0A0628DA0245}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{41FAAC1C-FEEE-4BB8-B5FA-1D4DED402729}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51E8AB91-E5FA-466D-8D82-3BEBB5D46C45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5217F238-78E2-4867-BCCD-7F5CB1251798}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{5E6440E9-1F49-4AF7-A71C-FCABD4D05DC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{620CAF7F-AF06-4E38-B8BE-32E75FF5D0C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{65F19662-041F-4EA2-B165-B5BA33F45389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68A51B9B-A7E1-497D-BD59-A2595C64AE33}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A4FFF35-16B0-4E5F-88FA-6B6B819AB0F2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{6BC4DD46-A613-49BC-9408-B409105E86C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7786627E-034D-4B1E-9916-35ACD52B0E2E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{85B1BE83-0237-4A66-AF0A-1ED1C69E2C55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8A046FFD-F0C4-4036-A378-7960CD587F5A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{99C7B0BC-414C-43BF-AD52-123C02A33A38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A8FD89A3-07F3-464E-B13A-55E085596189}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B306C194-6FD8-4A8B-AB6F-B1002D10650F}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{BAA93C0B-7466-49C2-BC38-E83FC8F37C05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BD50F0ED-4640-4536-AB55-AC94D1906C03}" = protocol=58 | dir=in | app=system | "{C095609B-1717-4051-A2E3-F9993B50B0F0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C353B347-09F2-41ED-B3A6-AE1D2DDD89B1}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{C9768FBA-CFFE-450E-8F60-7B4A6C107FE5}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{CD41EB04-2250-4EDF-BC3B-E8BAFE2A1034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CEBF3E0B-9C3D-4993-AAA0-84EF8C7BA53E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{D7E5775C-3381-4957-99D7-F8991C8C062C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E3B32679-1EF8-4C58-944F-3FC15414CE30}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{FE080CD7-47C0-426A-9D2B-105A3D803F42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FE3B8FE5-FABB-492F-82E6-C68EF2C839FA}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{FF1910C8-74E1-4777-9165-680240186E50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{05562021-9415-453A-8247-D818DC262FE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{3057B31B-A8CF-4267-A1FC-4C7BCBC141DA}D:\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\torchlight ii\torchlight2.exe | "TCP Query User{8049F02D-2992-4F3A-B41D-6D57B98192C6}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "TCP Query User{F290DADA-0047-4EC1-8CB7-C39FFDD4A2A5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{5F61BBAC-C42F-4331-AEFC-4A077D4486EC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{6E4875A9-3886-4059-BA13-E488DDE43854}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe | "UDP Query User{75E340C6-FFEA-4A02-8B85-978E89EC2814}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{B84B4C3B-5CAE-4A4D-B613-B1B4B40219DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{F7CDB217-B97F-47B9-AA6D-59CC46B24476}D:\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\torchlight ii\torchlight2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.10 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{10209B87-55D6-493E-A30A-12A265AA324E}" = TQ Defiler "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{30D81BE6-916F-4B57-9EB5-87C1868D9489}" = SciTE Text Editor "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4 "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0 "{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05) "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0 "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6 "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02 "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "Diablo II" = Diablo II "EPSON Scanner" = EPSON Scan "EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter "LastFM_is1" = Last.fm Scrobbler 2.1.35 "LogMeIn Hamachi" = LogMeIn Hamachi "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "PaperCut NG Client_is1" = PaperCut NG Client 10.7 "SSC Service Utility_is1" = SSC Service Utility v4.30 "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 03.10.2012 06:02:48 | Computer Name = RaptorJesus | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 03.10.2012 15:08:58 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0x390 Startzeit der fehlerhaften Anwendung: 0x01cda19a3c19bffb Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: c860d14d-0d8d-11e2-b20b-1c6f6584924d Error - 03.10.2012 15:11:17 | Computer Name = RaptorJesus | Source = Application Hang | ID = 1002 Description = Programm winamp.exe, Version 5.6.2.3199 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7bc Startzeit: 01cda19aaf22568d Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Winamp\winamp.exe Berichts-ID: 19b485d1-0d8e-11e2-b20b-1c6f6584924d Error - 03.10.2012 15:48:34 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0xdc0 Startzeit der fehlerhaften Anwendung: 0x01cda19a8adbe398 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 506d9662-0d93-11e2-b20b-1c6f6584924d Error - 03.10.2012 15:52:08 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0x1180 Startzeit der fehlerhaften Anwendung: 0x01cda1a012e43b55 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: cff8d9cc-0d93-11e2-b20b-1c6f6584924d Error - 04.10.2012 05:08:46 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0x394 Startzeit der fehlerhaften Anwendung: 0x01cda20f94197ec2 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 1a05266f-0e03-11e2-96a6-1c6f6584924d Error - 04.10.2012 08:06:01 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0xd8c Startzeit der fehlerhaften Anwendung: 0x01cda20fdc80fc0d Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: dcc204ef-0e1b-11e2-96a6-1c6f6584924d Error - 04.10.2012 08:09:35 | Computer Name = RaptorJesus | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be07e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002bd02 ID des fehlerhaften Prozesses: 0xa2c Startzeit der fehlerhaften Anwendung: 0x01cda2289f3b6984 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 5c525a3b-0e1c-11e2-96a6-1c6f6584924d [ OSession Events ] Error - 12.11.2012 18:51:31 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1821 seconds with 1500 seconds of active time. This session ended with a crash. Error - 12.11.2012 19:12:19 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1226 seconds with 1020 seconds of active time. This session ended with a crash. Error - 13.11.2012 10:47:23 | Computer Name = RaptorJesus | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1980 seconds with 1140 seconds of active time. This session ended with a crash. [ System Events ] Error - 09.03.2013 09:03:55 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:04:50 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:05:51 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:06:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:07:52 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 09:08:54 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 09.03.2013 18:26:14 | Computer Name = RaptorJesus | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2667402) Error - 10.03.2013 05:15:43 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 10.03.2013 05:15:52 | Computer Name = RaptorJesus | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 10.03.2013 06:30:18 | Computer Name = RaptorJesus | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = < End of report > Gmer.txt: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-10 13:26:20 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Alex\AppData\Local\Temp\uflyraow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1040] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 .text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe[3084] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076451465 2 bytes [45, 76] .text C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764514bb 2 bytes [45, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:1420] 00000000777d2e3e Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2208] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2212] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2216] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2220] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2224] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2228] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2364] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2368] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2372] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2376] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2380] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2384] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2388] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2392] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2396] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2400] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2404] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2416] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2420] 00000000777d3e59 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2436] 00000000715a1c2f Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2500] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:2524] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3032] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:3036] 00000000731c29e1 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1920:4088] 00000000777d3e59 ---- EOF - GMER 2.1 ---- Eine der Mail Delivery System-Mails: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: crusnikoo2@aol.com SMTP error from remote mail server after end of data: host mailin-04.mx.aol.com [205.188.146.194]: 521 5.2.1 : (RLY:SN) hxxp://postmaster.info.aol.com/errors/554rlysn.html ------ This is a copy of the message, including all the headers. ------ Return-path: <****@freenet.de> Received: from [195.4.92.141] (helo=mjail1.freenet.de) by mout0.freenet.de with esmtpa (ID ****@freenet.de) (port 25) (Exim 4.80.1 #2) id 1UEQuD-0000Ct-4b for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100 Received: from localhost ([::1]:45339 helo=mjail1.freenet.de) by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2) id 1UEQuC-00084X-Vr for crusnikoo2@aol.com; Sat, 09 Mar 2013 22:02:13 +0100 Received: from [195.4.92.24] (port=60049 helo=14.mx.freenet.de) by mjail1.freenet.de with esmtpa (ID ****@freenet.de) (Exim 4.80.1 #2) id 1UEQqh-00021l-JL for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100 Received: from [123.5.165.187] (port=2596 helo=dzau) by 14.mx.freenet.de with esmtpsa (ID ****@freenet.de) (TLSv1  HE-RSA-AES256-SHA:256) (port 25) (Exim4.80.1 #2) id 1UEQqg-0006Rr-F1 for crusnikoo2@aol.com; Sat, 09 Mar 2013 21:58:35 +0100 Reply-To: noreply@battle.com Message-ID: <E66836BACDE2A5AB85AF0A02B40CBF6A@dzau> From: "noreply@emailwow.blizzard.com" <crusnikoo2@aol.com> To: <crusnikoo2@aol.com> Subject: Exploitative Activity---Unauthorized Cheat Programs ("Hacks")(crusnikoo2@aol.com) Date: Sun, 10 Mar 2013 04:58:30 +0800 Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_064F_01326C62.16FA9AA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 X-purgate-ID: 149285::1362862715-00000747-3E0787A2/0-0/0-0 This is a multi-part message in MIME format. ------=_NextPart_000_064F_01326C62.16FA9AA0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 R3JlZXRpbmdzISBqb25uY2tqaXNrZnduaG82NTE4NjQ1NjE3MTcxMTg5MjgxOQ0KMTQ1MzA5NjUz NzM4MTU1MDIyMjk0NzU5MHRsaTJ0bXVreXhuNHhrbg0KbnFrdXFhYWJsdmV0eGF0NDY5MjM3NjUw OTM4NjA1bmRnY2phZWJ1eQ0KSXQgaGFzIGNvbWUgdG8gb3VyIGF0dGVudGlvbiB0aGF0IHlvdSBh cmUgdHJ5aW5nIHRvIHNlbGwvdHJhZGUgeW91ciBwZXJzb25hbCBXb3JsZCBvZiBXYXJjcmFmdCBh Y2NvdW50LiBBcyB5b3UgbWF5IG9yIG1heSBub3QgYmUgYXdhcmUgb2YsIHRoaXMgY29uZmxpY3Rz IHdpdGggdGhlIEVVTEEgYW5kIFRlcm1zIG9mIEFncmVlbWVudC4gSWYgdGhpcyBwcm92ZXMgdG8g YmUgdHJ1ZSwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBkaXNhYmxlZC4gSXQgd2lsbCBi ZSBvbmdvaW5nIGZvciBmdXJ0aGVyIGludmVzdGlnYXRpb24gYnkgQmxpenphcmQgRW50ZXJ0YWlu bWVudCdzIGVtcGxveWVlcy4NCjZkZXA2ZDN6bTY1MzY4OTk4MjYyOTExNzd2a3RlcGR4aWhtDQpj bm9mZmZyd2hvbHR6ZXhhaHJqZTk5NjkxMDM1ODYyOTAwNA0KU28gd2UgaGF2ZSByZXZpZXdlZCBv dXIgbG9ncyBvZiB5b3VyIGFjY291bnQsIGFuZCB3ZSB3ZXJlIGFibGUgdG8gZGV0ZXJtaW5lIHRo ZSBmb2xsb3dpbmc6DQo3NTg1NTI3NTkyNzIwMjBhYW92MXBoY3ZxOXVtMGltcm9wYnVwbHcyaXNr aGxnc2FmYmduanh4DQoqQmF0dGxlLk5ldCBBY2NvdW50IE5hbWU6IGNydXNuaWtvbzJAYW9sLmNv bSB0cWp6cw0Kb3Q1bjRqZDNmZzQ1ODcyMTAwMDc4NzQwNjMxNjE5MTE2Njc0dWlzMncyZHN2aTV1 aGI1aG9xcA0KKkJhdHRsZS5OZXQgQWNjb3VudCBBY3Rpb246NDkgSG91ciBTdXNwZW5zaW9uDQph eGdqOGlvZTZ2MTg3MDYzNzU2MjcyNTU1cm5meXNiMnpqbmQya25iDQo1NzIzMTc5MDE3NDI5NDVo MXBrZ3R3eHlzdW14ZmtyeG5udw0KV2UgaGF2ZSBmb3VuZCB0aGlzIGJlaGF2aW9yIGlzIG1hbnkg dGltZXMgZGlyZWN0bHkgcmVsYXRlZCB0byBncm91cHMgcmVzcG9uc2libGUgZm9yIGNvbXByb21p c2luZyBXb3JsZCBvZiBXYXJjcmFmdCBhY2NvdW50czsgd2UgdGFrZSB0aGVzZSBpc3N1ZXMgdmVy eSBzZXJpb3VzbHkuIFlvdSBzaG91bGQgZ28gdG8gdGhlIGFjY291bnQgbWFuYWdlbWVudCB3ZWJz aXRlIHRvIHN1Ym1pdCB5b3VyIGFjY291bnQgaW5mb3JtYXRpb24gc3RhdHVzIGFzIHNvb24gYXMg cG9zc2libGUgOmh0dHBzOi8vd3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54 bWxyZWY9aHR0cHMyRnVzLmJhdHRsZS5uZXQlMkZhY2NvdW50JSV6c2p2d3RldXRvaDV6M3l0ZXdi ZA0KaGZncHV2cmR0ejVhczJkaWRydHh6cG5sZjQ0OTQ4NDU0NTENCjQ5MDcxNzA0OTg2MjY3NG9l anBmbmtmbHQ4NzUzMjE4ODkwDQpQbGVhc2UgYmUgYXdhcmUgdGhhdCBpZiB1bmF1dGhvcml6ZWQg YWNjZXNzIHRvIHRoaXMgYWNjb3VudCwgaXQgbWF5IGxlYWQgdG8gZnVydGhlciBhY3Rpb24gYWdh aW5zdCB0aGUgYWNjb3VudC4gV2UgbXVzdCBhc2sgdGhhdCBubyBhZGRpdGlvbmFsIGVtYWlscyBi ZSBzdWJtaXR0ZWQgcmVnYXJkaW5nIHRoaXMgaXNzdWUsIGFzIGFkZGl0aW9uYWwgZW1haWxzIHdp bGwgdWx0aW1hdGVseSByZXN1bHQgaW4gdW5kdWUgZGVsYXlzIGluIHJlc3BvbnNlIHRpbWUuDQo3 Y21meWxla3R3Z25udnd1ZGNneDg5MjM4NDQxNDU2ODY3Ng0KMzgxMTQ3NTM2NDkxNDI4MjA4ODI2 NDM2MXFzdWIxcjc0aXoNClNpbmNlcmVseSw8YnI+IDxicj5UaGUgQmF0dGxlLm5ldCBBY2NvdW50 IFRlYW08YnI+DQpvcTQ5bnpyZnlpZmhodGM2NTg3MjQ2MDgxMDU2NzFvdnZoaWJicGNxDQozNTY4 MzMzMjY1MzY5MjRkbGdxdWlmdmFzZ3lrbGINCm55dWphcWdzb2MyNTczOTAyMDAzdWh4ZWprYnZv YWlzd2hvDQpycWx6d2t0Zmd3bnVidXEzMDI1NDExNDAzampjcWJvZ2pycmpldHV2DQpvcGl1cnZu ZGtpdHp5dmh5a3V2czgzNDgxMzYyOTE2Mjc0NQ== ------=_NextPart_000_064F_01326C62.16FA9AA0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxNRVRBIGNvbnRlbnQ9Ik1TSFRNTCA2LjAw LjI5MDAuNjMzMiIgbmFtZT1HRU5FUkFUT1I+PC9IRUFEPg0KPEJPRFk+DQo8UD5HcmVldGluZ3Mh IDxGT05UIA0KY29sb3I9d2hpdGU+bmVnenNsempmbHN4ZGx0OTAzNjYyMTcyMDE2OTU4NDYxOTY8 QlI+ODE1OTk2MjE2NDE0ODc4ODAyMTAyNzU3OHd2YW9xeW93a2poeDdpaDxCUj5tbmp2Z3V0YXlv ZXdqZmw3NzYyMTkyNDY5NjEwNzhwbGNxbmZnb3JzPEJSPjwvRk9OVD5UaGlzIHN1c3BlbnNpb24g aGFwcGVuZWQgYmVjYXVzZSBvbmUgb3IgbW9yZSBjaGFyYWN0ZXJzIG9uIHRoZSBhY2NvdW50IHdl cmUgaWRlbnRpZmllZCBleGNoYW5naW5nLCBvciBjb250cmlidXRpbmcgdG8gdGhlIGV4Y2hhbmdl IG9mLCBpbi1nYW1lIHByb3BlcnR5IChpdGVtcyBvciBnb2xkKSBmb3IgInJlYWwtd29ybGQiIGN1 cnJlbmN5LiBUaGlzIGV4Y2hhbmdlIHByb2Nlc3MgbmVnYXRpdmVseSBpbXBhY3RzIHRoZSBXb3Js ZCBvZiBXYXJjcmFmdCBnYW1lIGVudmlyb25tZW50IGJ5IGRldHJhY3RpbmcgZnJvbSB0aGUgdmFs dWUgb2YgdGhlIGluLWdhbWUgZWNvbm9teS48QlI+PEZPTlQgDQpjb2xvcj13aGl0ZT54aXFxY3N0 aWloNTUzNjAwMDA2OTc2NTg4ZGl4aHNoYm56bzxCUj5mdnhhZ2RucGVvcHRpdGNsaHlpeDc3NzY1 NTgxODkwMjU2MjxCUj48L0ZPTlQ+U28gDQp3ZSBoYXZlIHJldmlld2VkIG91ciBsb2dzIG9mIHlv dXIgYWNjb3VudCwgYW5kIHdlIHdlcmUgYWJsZSB0byBkZXRlcm1pbmUgdGhlIA0KZm9sbG93aW5n OjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPjc5NTQ0MTAxMTA4OTkyODlodWxydGd3d2I3b3NnMGp4 ZGRtNmM1czZjbXFzaGZwbWRud3F5cnY8QlI+PC9GT05UPipCYXR0bGUuTmV0IA0KQWNjb3VudCBO YW1lOiBjcnVzbmlrb28yQGFvbC5jb20gPEZPTlQgDQpjb2xvcj13aGl0ZT5yZ2VxYjxCUj48L0ZP TlQ+PEZPTlQgDQpjb2xvcj13aGl0ZT5nb2VzYmRpdnZtMzQwMDEzMTIwNDQ3NTIwODI4NDg3MjUw MXF1cmphd3JvazBydWlneTRiMWxlPEJSPjwvRk9OVD4qQmF0dGxlLk5ldCANCkFjY291bnQgQWN0 aW9uOjQ5IEhvdXIgU3VzcGVuc2lvbjxCUj48Rk9OVCANCmNvbG9yPXdoaXRlPm1maWVxbnNmZnk3 MzMxMTgzOTQzNTUxNTN1eWRoOXlsZmJkcHdhcXQ8QlI+NzgxODA5Mzc5Njg3MzI3dXBnbDF5dzJ0 c3JieG5rYXBocmg8QlI+PC9GT05UPkluIG9yZGVyIHRvIGd1YXJhbnRlZSB0aGUgbGVnaXRpbWFj eSBvZiB5b3VyIGFjY291bnQsIHNvIHdlIGhhdmUgaXNzdWVkIHRoaXMgd2FybmluZyBsZXR0ZXJz IHRvIHlvdS5Zb3Ugc2hvdWxkIGdvIHRvIHRoZSBhY2NvdW50IG1hbmFnZW1lbnQgd2Vic2l0ZSB0 byBzdWJtaXQgeW91ciBhY2NvdW50IGluZm9ybWF0aW9uIGFzIHNvb24gYXMgcG9zc2libGUgOjxB IA0KaHJlZj0iaHR0cDovL2RpYWJsbzMuYmxpenphcmQubmV0Lndhcm5pbmcuZ3NvemVrLmFkbWlu LmFkbWludWJlLmluZm8vZXhwZy9pbmRleC5waHA/cmVmPWh0dHBzJTNBJTJGJTJGdXMuYmF0dGxl Lm5ldCUyRmFjY291bnQlMkZtYW5hZ2VtZW50JTJGaW5kZXgueG1sJmFwcD1iYW0iPmh0dHBzOi8v d3d3LmJhdHRsZS5uZXQvbG9naW4vY3J1c25pa29vMi9sb2dpbi54bWxyZWY9aHR0cHMyRnVzLmJh dHRsZS5uZXQlMkZhY2NvdW50JSV0YXZieGpoZXF6NmE3c25ta2VtdDxCUj48L0E+PEZPTlQgDQpj b2xvcj13aGl0ZT5seXZkZWVia3BxYmg1ZWFsb2M2dzR4bm9qMzUzMjU5MDAxMTxCUj41ODQwMDY4 MjY0Mjc2ODdob250a3Nndnl5MzA1NjU5ODgwNTxCUj48L0ZPTlQ+SWYgeW91IGlnbm9yZSB0aGlz IG1haWwgeW91ciBhY2NvdW50IGNhbiBhbmQgd2lsbCBiZSBjbG9zZWQgcGVybWFuZW50bHkuIFBs ZWFzZSBiZSBhd2FyZSB0aGF0IGlmIHVuYXV0aG9yaXplZCBhY2Nlc3MgdG8gdGhpcyBhY2NvdW50 LCBpdCBtYXkgbGVhZCB0byBmdXJ0aGVyIGFjdGlvbiBhZ2FpbnN0IHRoZSBhY2NvdW50LjxCUj48 Rk9OVCANCmNvbG9yPXdoaXRlPjUyYm4xaTZpeG52aHNweGV3aXRuOTk1NjE3MTk3NDk3NTUwPEJS PjIwMzI5MTI1ODExOTU3OTAxMjM0NzI0ODlueGl2a2l6ZnV1PEJSPjwvRk9OVD5SZWdhcmRzLDxi cj4gPGJyPkJsaXp6YXJkIEVudGVydGFpbm1lbnQ8YnI+PEJSPjxGT05UIA0KY29sb3I9d2hpdGU+ dHdld2NxbHN4anJvY21jMjY2MzQxMjkzODExNDIzY2F0cm9kemttdjxCUj42ODg3MDkwOTk0OTkw MDJyeGZpdmtmZmF4bnd1emk8QlI+eWtuaXlhYXZjbjU5MjczOTQ2MTRqcmJpeGtianRreWR4eXM8 QlI+bXpjaWhwbmF0a2N0d213MDQ0ODA5NDg2NHRhZWF1c2l6YnppeWR2aDxCUj5tcmhrY3p0eGdk YmZ4dGZraGxvaTIxMTMyNTAyOTQwNDM1NjwvRk9OVD48L1A+PC9CT0RZPjwvSFRNTD4NCg== ------=_NextPart_000_064F_01326C62.16FA9AA0-- |
| Themen zu Dauerhafte "Mail Delivery System"-Mails |
| 32 bit, adblock, antivir, audiograbber, autorun, avira, bho, bonjour, error, failed, fehler, firefox, flash player, helper, home, homepage, install.exe, mail delivery, object, panda usb vaccine, plug-in, prozess, realtek, registry, rundll, scan, senden, software, svchost.exe, system, tower, trojaner, windows |
Dauerhafte "Mail Delivery System"-Mails
Baum-Darstellung