Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spam Mails von meinem Account web.de

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.01.2013, 18:14   #1
da.gecko
 
Spam Mails von meinem Account web.de - Standard

Spam Mails von meinem Account web.de



Hallo zusammen,
ich bin über google bei euch gelandet.
Ich habe mich vor ein paar Tagen bei Web.de eingeloggt und hatte nicht zugestellte emails im postfach. Im Header war zu erkennen, dass es sich um Spam handelt.

Von der Arbeit aus habe ich sofort mein Passwort geändert und von da an bekam ich nach jedem Log in die Meldung von missglückten einwählversuchen.

Meinen Rechner auf Arbeit schließe ich mal aus. Zu Hause habe ich einen Win7 Rechner ein MacBook und ein Android System mit dem ich arbeite.

Habe ich nun eventuell einen Trojaner auf dem System oder hat nur durch Zufall ein Bot mein Passwort rausbekommen???

Bitte um Rat.
DAnke & Gruß
Rene

Alt 03.02.2013, 15:03   #2
da.gecko
 
Spam Mails von meinem Account web.de - Standard

Spam Mails von meinem Account web.de



Hier mein OTL:

Code:
ATTFilter
OTL logfile created on: 03.02.2013 15:42:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gecko\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.28% Memory free
8.00 Gb Paging File | 6.16 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 51.71 Gb Free Space | 52.95% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 35.09 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
Drive E: | 221.62 Gb Total Space | 91.99 Gb Free Space | 41.51% Space Free | Partition Type: NTFS
Drive G: | 9.71 Gb Total Space | 4.45 Gb Free Space | 45.85% Space Free | Partition Type: NTFS
Drive H: | 68.41 Gb Total Space | 44.64 Gb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive I: | 70.90 Gb Total Space | 20.37 Gb Free Space | 28.73% Space Free | Partition Type: FAT32
 
Computer Name: GECKO-PC | User Name: Gecko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.03 13:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gecko\Desktop\OTL.exe
PRC - [2013.01.27 14:16:16 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.08 17:55:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- H:\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.04.27 12:35:40 | 000,276,248 | ---- | M] (GP Software) -- H:\Directory Opus\dopusrt.exe
PRC - [2004.08.05 12:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) -- H:\BMWgroup\ETKLokal\transbase\tbmux32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.27 14:16:16 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 20:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.10.25 10:10:22 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.27 14:16:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.19 11:14:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.05 16:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- H:\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2012.01.05 00:12:12 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.10.25 10:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.12.23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- H:\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- I:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.08.05 12:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) [Auto | Running] -- H:\BMWgroup\ETKLokal\transbase\tbmux32.exe -- (Transbase)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.30 18:53:44 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.25 10:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.08.27 05:32:28 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.08.27 05:32:28 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010.08.27 05:32:28 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.08.27 05:32:08 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.08.27 05:32:08 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010.08.27 05:32:08 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009.11.14 18:32:05 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009.10.08 20:29:10 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.10.08 20:29:09 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.08.10 14:05:34 | 000,073,216 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2009.08.10 14:05:34 | 000,023,040 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.10.09 12:37:01 | 000,234,512 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djusb_x64.sys -- (a4djusb_x64)
DRV:64bit: - [2008.10.09 12:37:01 | 000,046,096 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djavs_x64.sys -- (a4djavs_x64)
DRV:64bit: - [2007.10.03 21:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007.10.03 21:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007.10.03 21:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.10.25 10:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.10.25 10:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.01.29 11:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- H:\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 1B 99 ED 0B A1 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.9.4
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.15 14:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.27 14:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 11:06:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.15 14:03:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.27 14:16:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 11:06:58 | 000,000,000 | ---D | M]
 
[2009.10.07 17:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gecko\AppData\Roaming\mozilla\Extensions
[2013.02.03 13:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gecko\AppData\Roaming\mozilla\Firefox\Profiles\9dflfc9y.default\extensions
[2009.12.13 13:00:45 | 000,000,000 | ---D | M] (FireFTP button) -- C:\Users\Gecko\AppData\Roaming\mozilla\Firefox\Profiles\9dflfc9y.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
[2011.10.15 11:56:49 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Gecko\AppData\Roaming\mozilla\Firefox\Profiles\9dflfc9y.default\extensions\youtube2mp3@mondayx.de
[2013.01.27 14:22:59 | 000,141,038 | ---- | M] () (No name found) -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\extensions\firegestures@xuldev.org.xpi
[2013.02.03 13:36:59 | 000,194,323 | ---- | M] () (No name found) -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2012.11.02 08:13:24 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.02.03 13:00:20 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.04 17:03:48 | 000,000,853 | ---- | M] () -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\searchplugins\11-suche.xml
[2012.06.04 17:03:48 | 000,002,209 | ---- | M] () -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\searchplugins\englische-ergebnisse.xml
[2012.06.04 17:03:48 | 000,010,506 | ---- | M] () -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\searchplugins\gmx-suche.xml
[2012.04.17 19:23:20 | 000,002,101 | ---- | M] () -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\searchplugins\googlede.xml
[2012.06.04 17:03:48 | 000,002,368 | ---- | M] () -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\searchplugins\lastminute.xml
[2012.06.04 17:03:48 | 000,005,489 | ---- | M] () -- C:\Users\Gecko\AppData\Roaming\mozilla\firefox\profiles\9dflfc9y.default\searchplugins\webde-suche.xml
[2012.05.16 15:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.14 16:16:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013.01.27 14:16:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.07.17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.27 14:16:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.27 14:16:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.27 14:16:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.27 14:16:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.27 14:16:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.27 14:16:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] H:\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [KiesTrayAgent]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A1CE3CC-6103-4A19-AD5C-C911031621CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2183797-2112-4ABF-A698-79A79F80ED2A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - H:\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - H:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Duden Korrektor SysTray - hkey= - key= - C:\Program Files (x86)\Duden\Duden Korrektor\DKtray.exe (Expert System S.p.A.)
MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - H:\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 13:56:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gecko\Desktop\OTL.exe
[2013.02.03 13:42:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.03 13:21:59 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gecko\Desktop\tdsskiller.exe
[2013.02.03 13:20:20 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Gecko\Desktop\aswMBR.exe
[2013.01.30 18:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2013.01.29 19:44:48 | 000,000,000 | ---D | C] -- C:\Users\Gecko\AppData\Roaming\Malwarebytes
[2013.01.29 19:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.29 19:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.29 19:44:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.29 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.29 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\Gecko\AppData\Local\Programs
[2013.01.29 19:44:02 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Gecko\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.27 15:05:04 | 000,000,000 | ---D | C] -- C:\Users\Gecko\AppData\Local\WBFSManager
[2013.01.27 15:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[2013.01.27 15:03:53 | 000,000,000 | ---D | C] -- C:\Users\Gecko\Documents\WBFS Manager Covers
[2013.01.19 18:01:02 | 017,080,776 | ---- | C] (Talam Group, LLC                                          ) -- C:\Users\Gecko\Desktop\nexusradio.exe
[2013.01.19 17:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013.01.19 11:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.19 11:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.19 11:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.19 11:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.19 11:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.01.19 11:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009.11.14 18:32:05 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Gecko\AppData\Roaming\pcouffin.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 15:46:03 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 15:46:03 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 15:42:40 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.03 15:42:40 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.03 15:42:40 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.03 15:38:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 15:38:11 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 15:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 13:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gecko\Desktop\OTL.exe
[2013.02.03 13:49:36 | 000,365,568 | ---- | M] () -- C:\Users\Gecko\Desktop\hfyd8ymw.exe
[2013.02.03 13:33:54 | 000,000,512 | ---- | M] () -- C:\Users\Gecko\Desktop\MBR.dat
[2013.02.03 13:22:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gecko\Desktop\tdsskiller.exe
[2013.02.03 13:21:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Gecko\Desktop\aswMBR.exe
[2013.01.30 19:24:22 | 000,000,124 | ---- | M] () -- C:\Users\Gecko\Documents\ax_files.xml
[2013.01.30 18:59:02 | 000,000,563 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2013.01.30 18:53:44 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.01.29 19:44:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.29 19:44:06 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Gecko\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.27 18:55:17 | 000,000,742 | ---- | M] () -- C:\Users\Gecko\Desktop\codbo2.lnk
[2013.01.27 15:03:54 | 000,002,565 | ---- | M] () -- C:\Users\Public\Desktop\WBFS Manager 4.0.lnk
[2013.01.27 14:16:20 | 000,002,048 | ---- | M] () -- C:\Users\Gecko\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.01.19 18:01:14 | 017,080,776 | ---- | M] (Talam Group, LLC                                          ) -- C:\Users\Gecko\Desktop\nexusradio.exe
[2013.01.19 14:11:40 | 000,375,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.19 11:09:34 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.19 11:06:53 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.03 13:49:36 | 000,365,568 | ---- | C] () -- C:\Users\Gecko\Desktop\hfyd8ymw.exe
[2013.02.03 13:33:54 | 000,000,512 | ---- | C] () -- C:\Users\Gecko\Desktop\MBR.dat
[2013.01.30 18:59:02 | 000,000,563 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2013.01.29 19:44:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.27 18:55:17 | 000,000,742 | ---- | C] () -- C:\Users\Gecko\Desktop\codbo2.lnk
[2013.01.27 15:03:54 | 000,002,565 | ---- | C] () -- C:\Users\Public\Desktop\WBFS Manager 4.0.lnk
[2013.01.19 11:09:34 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.19 11:06:53 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.11.06 18:08:26 | 000,001,526 | ---- | C] () -- C:\Users\Gecko\.recently-used.xbel
[2011.10.15 13:55:46 | 000,233,540 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.06 21:55:38 | 000,179,204 | ---- | C] () -- C:\Windows\hphins15.dat
[2011.09.06 21:55:38 | 000,002,011 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.04.14 16:17:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.14 18:33:12 | 000,001,044 | ---- | C] () -- C:\Users\Gecko\AppData\Roaming\vso_ts_preview.xml
[2009.11.14 18:32:05 | 000,099,384 | ---- | C] () -- C:\Users\Gecko\AppData\Roaming\inst.exe
[2009.11.14 18:32:05 | 000,007,859 | ---- | C] () -- C:\Users\Gecko\AppData\Roaming\pcouffin.cat
[2009.11.14 18:32:05 | 000,001,167 | ---- | C] () -- C:\Users\Gecko\AppData\Roaming\pcouffin.inf
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2009.11.18 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Ableton
[2009.10.15 23:15:17 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Ashampoo
[2013.01.19 18:11:52 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Audacity
[2010.09.09 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Canon
[2009.10.08 20:22:12 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\DAEMON Tools Lite
[2010.02.12 20:16:52 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\DassaultSystemes
[2010.02.10 19:22:17 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Design Science
[2010.02.11 19:15:45 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Duden
[2009.10.07 21:45:45 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\GPSoftware
[2011.11.06 18:07:27 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\gtk-2.0
[2011.02.03 22:37:24 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\ICQ
[2010.11.26 10:07:12 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\ImgBurn
[2011.01.06 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Mp3tag
[2013.01.19 18:35:24 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Rapid Evolution 2
[2011.01.05 18:06:35 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\Samsung
[2009.10.07 21:09:34 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\TeamViewer
[2010.01.22 17:49:40 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Roaming\VSO
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.03.18 13:41:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.05.07 19:01:32 | 000,000,000 | ---D | M] -- C:\AMD
[2009.10.07 21:41:55 | 000,000,000 | ---D | M] -- C:\ATI
[2011.08.24 19:39:07 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.01.27 15:04:09 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.19 11:09:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.29 19:44:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.29 19:44:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.09.24 09:16:33 | 000,000,000 | ---D | M] -- C:\SiLabs
[2013.02.03 15:44:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.03.18 13:41:13 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.03 13:42:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5 >
[2013.01.29 19:44:15 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Local\Programs
[2013.02.03 15:44:46 | 000,000,000 | ---D | M] -- C:\Users\Gecko\AppData\Local\Temp

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 03.02.2013 15:42:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gecko\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.28% Memory free
8.00 Gb Paging File | 6.16 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 51.71 Gb Free Space | 52.95% Space Free | Partition Type: NTFS
Drive D: | 146.48 Gb Total Space | 35.09 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
Drive E: | 221.62 Gb Total Space | 91.99 Gb Free Space | 41.51% Space Free | Partition Type: NTFS
Drive G: | 9.71 Gb Total Space | 4.45 Gb Free Space | 45.85% Space Free | Partition Type: NTFS
Drive H: | 68.41 Gb Total Space | 44.64 Gb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive I: | 70.90 Gb Total Space | 20.37 Gb Free Space | 28.73% Space Free | Partition Type: FAT32
 
Computer Name: GECKO-PC | User Name: Gecko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "H:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "H:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "H:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "H:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1475505A-474B-4D57-A5B5-E901CA4B2414}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B7A2691-3213-44A7-9015-D672079DBE03}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{21973715-E9E1-48F4-BEB5-FDF879E4B433}" = lport=138 | protocol=17 | dir=in | app=system | 
"{26C829E3-70ED-430A-90DF-85B7EC7DF7E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2793D12C-6A88-40B1-8C74-546C73E4DA55}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{28904CF0-B4D6-4806-AA23-B61D74518C32}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{2A3BCA9D-A899-42D8-90A9-FDEC3F1DB471}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{347E523A-3F64-4410-849A-9C3C47E899B6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3F073DDE-91DC-4041-88F0-DDCF81748329}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3F51F847-A1EE-4579-9D1C-9E27A6A6FBEE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{416BB7E3-4A20-4752-9C84-9C6685B6A08A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4C0BC693-6D30-4444-8473-0B42A11B03E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5180C1C0-290C-4951-B2EE-79935E080770}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D9C9A5D-B62A-45A6-8F59-9BD71EEB143C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7586316E-7857-4863-9317-7AF7B828DFAC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78E01157-B458-4A74-92AD-08D6EB5AD146}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7EC2330F-8D53-42EB-95C1-C748C27F47DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{82D370AD-FEE9-4095-ACCC-31FC7D771E61}" = lport=139 | protocol=6 | dir=in | app=system | 
"{923AF4DB-BEA9-4DBD-A424-5F67B2F614EA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9887DE5E-0386-4907-9233-30CCCE796B83}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9AA96B29-3FF2-4B94-B168-602FB0776320}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9FB11D43-9E7F-4E9C-A290-EC9F85352EE4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A1AA64CD-7590-4C32-9FB6-D3C12A80E88B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A5C526F9-BAEB-4374-9E5F-6BA5E921574F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B07B34C0-85F9-4E74-969C-2DCD24C45FF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B1FF8265-697B-402D-8B4C-B38C488D318F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B512EC27-D23E-467D-9CFB-7706134CD981}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DAD7D4E9-39F9-4300-A1AE-393B5254C407}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E255EE09-3729-4E9C-BCED-2C3676153FB7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E8975025-FAE6-4564-B53C-4888A99856B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBE35216-2004-47EE-BF1F-772FF4D3E02F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD5C5E5A-DDD4-4F28-B03E-F69B3600255A}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F74F3A-DA82-4AB2-8AFC-B81D8A3BCF52}" = protocol=17 | dir=in | app=i:\steam\steamapps\da.gecko@web.de\counter-strike source\hl2.exe | 
"{023D34BA-D152-4756-93DD-6BD36EF24178}" = protocol=17 | dir=in | app=i:\dragon age\daoriginslauncher.exe | 
"{08DE0C11-96DE-418E-A41E-7BC21F5292A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A57748F-525D-4E01-B5EA-F84063A3F67E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0B63A831-9FD5-4083-9A0B-851656CD3C41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{155AE886-EA0D-4F32-A018-E5E056F3B47D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{18DD727C-F148-40DF-8211-A4CFC107CAD9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1CBCBB81-E0F3-4F01-AE24-B3EED4D417A8}" = protocol=6 | dir=in | app=h:\icq6.5\icq.exe | 
"{1DAD1895-D1D2-43AF-8F36-8A339B230D1C}" = protocol=6 | dir=in | app=c:\users\gecko\temp\teamviewer3\teamviewer.exe | 
"{21784AFB-EF21-460D-8705-0F6C00B4E0EA}" = protocol=17 | dir=in | app=d:\battlefield 3\bf3.exe | 
"{22E3A9A7-9E91-49C5-B675-99F2E6381B2A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{2796A82C-49BF-455F-A6B6-25141C6DFAE5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{28C84DB2-7C02-49C9-962A-465680B1F65C}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{28CB46F3-0D79-4605-B99D-C02ADFF83856}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{2B7A1933-438A-4D30-BF5A-E0211CFD2B6D}" = protocol=6 | dir=out | app=system | 
"{2BF9608E-1CB2-485E-A6B9-67404208AB06}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{2C42757A-DC1B-443C-8D9C-83A1741C07CC}" = dir=in | app=h:\itunes\itunes.exe | 
"{2E3E7939-E255-4F31-B05A-0C43F745A13D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{309C7FA2-AD61-4F4B-9F90-8645A59C8571}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{3177D465-2CAE-4F94-8E2F-6271AD2974C4}" = protocol=17 | dir=in | app=i:\steam\steamapps\da.gecko@web.de\counter-strike source\hl2.exe | 
"{336208F1-45FD-4243-A425-D5A72F102573}" = protocol=17 | dir=in | app=i:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{346C9541-1BAE-4798-8B85-2B8CED37B7C0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3E19D518-3654-4EC1-ACAA-F689E33F92C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{42E11B80-E84B-49AE-9526-3BF138E9BD58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{4B7D96F5-0D88-486D-9143-C3F3942955CA}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe | 
"{4DB312CF-56E2-4978-84DD-F08D05136E0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{501E598E-A52F-4237-AB5B-1B454D560AFA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{53D57AED-F1AF-4488-9A72-9617645617CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{55DEC5D7-8721-4A22-9523-A8250EC1B64B}" = protocol=17 | dir=in | app=c:\users\gecko\temp\teamviewer3\teamviewer.exe | 
"{5DB4293D-450E-4F1F-876E-66489F87711C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6B620D32-FD8F-4B3B-9552-2972EAFF2D5A}" = protocol=6 | dir=in | app=d:\battlefield 3\bf3.exe | 
"{6C839B56-7A82-4EE5-9AE1-A4ECB3AAEB89}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{707ED33B-1B53-469E-8A0C-5DCD1B5CB254}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{73516009-F32E-433C-852C-F3EFDADFC299}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{8D35ADD1-5CBB-4728-ACB7-8207E806565D}" = protocol=17 | dir=in | app=i:\dragon age\bin_ship\daorigins.exe | 
"{8D5AB137-2D38-4819-9442-3C58050F55C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{905D581B-BBD1-4DA8-975F-3EA0637D18BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9145B189-60F2-4D8C-80BC-B370DF34A8B5}" = protocol=6 | dir=in | app=i:\dragon age\daoriginslauncher.exe | 
"{933A160D-DEE5-4F85-B071-A19F7104FBD9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9348940C-A5FA-465E-8580-4C5092A7F838}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E039C0C-CC5A-41F2-BBBA-469104D2101A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AC820849-A0A1-479B-BAA0-CFBEEC9A6F30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B1DC6D69-1C8A-4045-B47F-26FFAEBCB6E3}" = protocol=6 | dir=in | app=i:\dragon age\bin_ship\daorigins.exe | 
"{B22791CB-28EF-456A-B789-1F59E9E8F142}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B5C41B5C-AAE2-4935-873F-5AFF326E560A}" = dir=in | app=f:\setup\hpznui40.exe | 
"{B61EE880-1461-4025-968B-3177E872C93B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B992AE8E-F6FB-42E1-97D1-EE5EC8B7D120}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BB58B25F-65B5-4FF2-9C68-6FD4FD7B3B6C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{BB719EFF-7E89-4639-99EC-7A9F3AD1E212}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{C0A2394B-71B2-46E7-97FB-0FE600061A47}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C1DEAF08-FD7C-420E-AECF-D953F22ED207}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB4C8E33-C003-47EC-AD34-8C035BC11091}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{CD730C30-41EB-4788-9C2C-0D12D6C62A48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0A909F2-4289-4DB7-ADE0-587CF34F341E}" = protocol=6 | dir=in | app=i:\steam\steamapps\da.gecko@web.de\counter-strike source\hl2.exe | 
"{D33FC3EE-BF75-4065-AFF6-7596731FBF1E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D443977F-4ED4-4AD6-B800-5E4AC476B114}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{D48FD29F-F569-44A5-A583-1DABA840729C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D77FC0BF-EEC7-4A3B-BD6C-3FFE171C81D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{D9556BB7-8A92-4D54-8075-CA8ECD58636C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D990ECC1-793C-41EF-8D7F-A5ED9B9D440F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{DAD2644F-2996-4AF4-BB69-ABA16F5A6180}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC7F3BF3-5D40-403A-8417-2338BA447233}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E18D7207-6B6A-46A0-9831-587C80E99287}" = protocol=17 | dir=in | app=h:\bitcomet\bitcomet.exe | 
"{E2A7FFDF-0418-407D-A089-F01B1B571898}" = protocol=6 | dir=in | app=i:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{E3269789-597C-420A-BDFD-9E3BC9206397}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{E33C1496-E197-4DC6-8A60-2DA4191B9C75}" = protocol=6 | dir=in | app=h:\bitcomet\bitcomet.exe | 
"{E35BE7B8-512F-432A-94BB-C49C1672883A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EFCF6BF1-CE92-4E86-ACBB-4A4EFCB5B9C6}" = protocol=17 | dir=in | app=h:\icq6.5\icq.exe | 
"{F2E7425E-93F6-4397-9B34-C660508950A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F62E1A79-D7B3-4042-BCC2-DAF87F85B0D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{F7381C43-B1E7-4766-ADB8-133C770F62CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F889561D-577E-4842-8D2E-35FA029DB425}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{FC78A2BB-9DF4-4915-96EA-3BDD24D31B6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF2DD8EF-4C0E-4717-A15E-E55F1701697B}" = protocol=6 | dir=in | app=i:\steam\steamapps\da.gecko@web.de\counter-strike source\hl2.exe | 
"TCP Query User{137EC516-F98D-47E0-B65F-E5C4FCAA9546}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{24E5C2FC-6154-4827-AA7D-E87EC0807503}H:\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=h:\bitcomet\bitcomet.exe | 
"TCP Query User{424377CB-642C-42FE-933F-ACB359EEE8C0}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{449CCA86-DCFE-485C-8116-C8971F5980E8}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{607DA5B0-8EE9-4FCF-8129-331CA43BC003}I:\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=i:\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{6311D9B3-088D-4963-B4CA-135F87410482}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{6867EC8A-D7D5-47B3-9801-4DE73B6D5C77}H:\bmw_etk\javaclient\jre1.5.0_11\bin\java.exe" = protocol=6 | dir=in | app=h:\bmw_etk\javaclient\jre1.5.0_11\bin\java.exe | 
"TCP Query User{8E7DD8EB-89F9-4600-88E6-B3E1912C0C5D}H:\bmwgroup\etklokal\javaclient\etk.exe" = protocol=6 | dir=in | app=h:\bmwgroup\etklokal\javaclient\etk.exe | 
"TCP Query User{99048D93-C316-4F21-820F-6BA455030339}D:\cod\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=d:\cod\call of duty black ops ii\t6sp.exe | 
"TCP Query User{C0350E59-F523-4023-B3EC-A986E36DB0DA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{D4DC9DCE-B6BC-4614-B468-4AB6940DCCA7}C:\users\gecko\temp\teamviewer3\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\gecko\temp\teamviewer3\teamviewer.exe | 
"TCP Query User{EAFC329C-AEE8-4154-8D46-21C65845D773}H:\bmw_etk\javaclient\etk.exe" = protocol=6 | dir=in | app=h:\bmw_etk\javaclient\etk.exe | 
"TCP Query User{F8BD114F-8309-4705-9EC7-BA84385B3217}H:\icq6.5\icq.exe" = protocol=6 | dir=in | app=h:\icq6.5\icq.exe | 
"TCP Query User{FE8CE301-6D1B-4871-8CE5-BEDB766459DD}H:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe" = protocol=6 | dir=in | app=h:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe | 
"UDP Query User{08988A6D-1E08-4F48-9B5A-C2CE8B24B083}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{1B8D051C-08AA-4258-9ABB-70520D260995}C:\users\gecko\temp\teamviewer3\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\gecko\temp\teamviewer3\teamviewer.exe | 
"UDP Query User{2FB3F1BA-AA5D-437A-A026-FD2062A573A7}H:\bmwgroup\etklokal\javaclient\etk.exe" = protocol=17 | dir=in | app=h:\bmwgroup\etklokal\javaclient\etk.exe | 
"UDP Query User{3F804EB2-3471-49CE-BF3A-EEB0DBAE5DF3}H:\bmw_etk\javaclient\jre1.5.0_11\bin\java.exe" = protocol=17 | dir=in | app=h:\bmw_etk\javaclient\jre1.5.0_11\bin\java.exe | 
"UDP Query User{77F3011C-81DE-4B99-82B0-1A7A3D2C4915}H:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe" = protocol=17 | dir=in | app=h:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe | 
"UDP Query User{83AAA834-9864-4E08-8116-4F9EDDDB5E1C}I:\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=i:\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{8B231C39-F143-492D-9883-6E6541C7ECFC}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{9EB081E8-BA10-43F0-9CCD-99F4D99A6C66}H:\bmw_etk\javaclient\etk.exe" = protocol=17 | dir=in | app=h:\bmw_etk\javaclient\etk.exe | 
"UDP Query User{B1C43DD8-B2CD-4CA1-92DD-1211551A96C8}H:\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=h:\bitcomet\bitcomet.exe | 
"UDP Query User{B56D5291-3DB0-4CAB-9095-DC42F5F5C09A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{BAE75C7B-AA28-4813-9B12-AA77972411F3}H:\icq6.5\icq.exe" = protocol=17 | dir=in | app=h:\icq6.5\icq.exe | 
"UDP Query User{BFD71F4F-98D7-4BEF-AB80-A1173F38C3C0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{DEA6E861-76D1-4A90-A21A-E6A950854069}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{F017F356-E5A1-45A9-A3C9-1833D2BA74A1}D:\cod\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=d:\cod\call of duty black ops ii\t6sp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}" = HP Deskjet Printer Driver Software 13.0 Rel. 1
"{4439D662-3289-4946-9812-8121CC75BCF7}" = Dassault Systemes Software Prerequisites x86-x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}" = WBFS Manager 4.0
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{264A4D1B-51BB-4A0C-95EA-9CF738241E69}" = Silicon Laboratories CP210x VCP Drivers for Windows 7
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{62326989-2861-4911-A39E-26373BD3FF66}" = Duden Korrektor PLUS
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193f
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A3FBF944-11B9-4DA6-AA48-65F2DD548EE9}" = dj_sf_ProductContext
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DA2E39F3-6ABB-415E-A0BF-CEEEF6E64A44}" = D2400
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E68B0A8D-5FD5-4689-A5B6-155C01026BAC}" = dj_sf_software_req
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA374A45-BF30-0849-7A00-BD8A0BC8CE3E}" = Application Profiles
"{EC0AEEE8-3D70-4792-B4D1-1BFBC7D8BEEB}" = dj_sf_software
"{EC17C160-E2F0-47CC-86D4-140AE22EC38E}" = ETK (Lokal)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitComet" = BitComet 1.15
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
"Excel-Vorlagen für Büro und Sekretariat_is1" = Excel-Vorlagen für Büro und Sekretariat
"Fraps" = Fraps
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GTK2-Runtime" = GTK2-Runtime
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 8.0.4" = Live 8.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.47b
"Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Sniper Elite V2_is1" = Sniper Elite V2
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2013 14:24:38 | Computer Name = Gecko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x648  Startzeit der fehlerhaften Anwendung: 0x01cdff131e116b60
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 4de40ba0-6b0a-11e2-8e26-001bfc677e15
 
Error - 30.01.2013 14:44:40 | Computer Name = Gecko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID 
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
 enthält den Win32-Fehlercode.
 
Error - 30.01.2013 14:44:40 | Computer Name = Gecko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID 
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
 enthält den Win32-Fehlercode.
 
Error - 30.01.2013 14:45:23 | Computer Name = Gecko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x63c  Startzeit der fehlerhaften Anwendung: 0x01cdff19485fde00
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 34267a60-6b0d-11e2-a400-001bfc677e15
 
Error - 03.02.2013 07:59:41 | Computer Name = Gecko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID 
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
 enthält den Win32-Fehlercode.
 
Error - 03.02.2013 07:59:41 | Computer Name = Gecko-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID 
"007" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich
 enthält den Win32-Fehlercode.
 
Error - 03.02.2013 08:23:21 | Computer Name = Gecko-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "H:\Ashampoo\App\BurningStudio9\burningstudio9.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.02.2013 08:23:21 | Computer Name = Gecko-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "H:\Ashampoo\App\BurningStudio9\burningstudio9.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.02.2013 09:55:31 | Computer Name = Gecko-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 03.02.2013 10:14:29 | Computer Name = Gecko-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x62c  Startzeit der fehlerhaften Anwendung: 0x01ce0205556da480
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 055844f0-6e0c-11e2-8203-001bfc677e15
 
[ OSession Events ]
Error - 13.12.2011 05:02:20 | Computer Name = Gecko-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.01.2013 14:11:16 | Computer Name = Gecko-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.01.2013 14:23:27 | Computer Name = Gecko-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 29.01.2013 16:56:11 | Computer Name = Gecko-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.01.2013 13:55:03 | Computer Name = Gecko-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.01.2013 14:24:38 | Computer Name = Gecko-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.01.2013 14:45:23 | Computer Name = Gecko-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 03.02.2013 09:11:42 | Computer Name = Gecko-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03.02.2013 10:14:29 | Computer Name = Gecko-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 03.02.2013 10:36:52 | Computer Name = Gecko-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 03.02.2013 10:43:52 | Computer Name = Gecko-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
__________________


Alt 03.02.2013, 15:05   #3
da.gecko
 
Spam Mails von meinem Account web.de - Standard

Spam Mails von meinem Account web.de



sorry Doppelpost
__________________

Antwort

Themen zu Spam Mails von meinem Account web.de
account, arbeit, bot, emails, erkenne, erkennen, geändert, google, hallo zusammen, log in, macbook, mails, meldung, passwort, rausbekommen, rechner, schließe, sofort, spam, system, tagen, troja, trojaner, win, win7, zusammen



Ähnliche Themen: Spam Mails von meinem Account web.de


  1. Spam-Mails von meinem Account
    Plagegeister aller Art und deren Bekämpfung - 16.10.2015 (17)
  2. Windows 7, von meinem Yahoo Account werden scheinbar Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (11)
  3. spam mails von meinem t-online.de email account Virus?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2014 (31)
  4. Kontakte aus meinem Yahoo Adressbuch erhalten Spam-Emails von meinem Account
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (11)
  5. AOL Account sendet Spam-Mails in meinem Namen, Malware gefunden, nicht zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.04.2014 (5)
  6. Windows 7: Spam-Mails von meinem Yahoo Account verschickt
    Log-Analyse und Auswertung - 28.04.2014 (7)
  7. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  8. Spam mails von meinem Email Account
    Log-Analyse und Auswertung - 24.10.2013 (14)
  9. Mail-Account verschickt regelmäßig automatisch Spam-Mails aus meinem Postkorb
    Log-Analyse und Auswertung - 13.08.2012 (34)
  10. Gmx-Account sendet Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (11)
  11. SPAM-Mails mit meinem WEB.DE Account !
    Log-Analyse und Auswertung - 14.07.2012 (1)
  12. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  13. YahooMail-Account schickt Spam Mails an alle Kontaktdaten / Abmeldung vom Account nicht moeglich!
    Log-Analyse und Auswertung - 01.06.2012 (1)
  14. Yahoo-Mail-Account versendet Spam-Mails an Kontakte aus meinem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (3)
  15. von meinem WEB.DE Account werden Spam-Mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (23)
  16. System wieder clean? Spam-Mails von meinem Account und Banksperre
    Log-Analyse und Auswertung - 06.01.2012 (22)
  17. Spam-Mails mit meinem E-Mail-Account verschickt.
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (17)

Zum Thema Spam Mails von meinem Account web.de - Hallo zusammen, ich bin über google bei euch gelandet. Ich habe mich vor ein paar Tagen bei Web.de eingeloggt und hatte nicht zugestellte emails im postfach. Im Header war zu - Spam Mails von meinem Account web.de...
Archiv
Du betrachtest: Spam Mails von meinem Account web.de auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.