Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gmx Mail Account gehackt? Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.03.2013, 15:50   #1
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Hallo zusammen,

ich bin jetzt wirklich ratlos und hoffe, dass ihr vielleicht Ideen oder sogar Lösungen parat habt...

Folgendes Problem:

Eigentlich nutze ich mein gmx Postfach über meinen Mailclient und logge mich nicht über die Internetseite ein.

Als ich allerdings mal von meiner Arbeit drauf zugreifen musste, stellte ich beim Einloggen über Gmx.de fest, dass mein letzter Log-In gegen 5:59 Uhr war. Dieser Log-In stammt definitiv nicht von mir. Erst dachte ich, dass ich mich viel. nicht richtig ausgeloggt hätte oder vielleicht meine Handyapp sich automatisch aktualisiert hat. Am Folgetag war jedoch wieder ein Log-In, der ebenfalls nicht von mir war, um 0:07 Uhr, den Tag darauf gegen 06:14 Uhr.

Das E-Mail-Postfach an sich war soweit unauffällig, also es wurden keine Mails versendet oder sonstige Einstellungen geändert, soweit ich das sehen kann.

Ich überprüfte dann sämtliche andere Konten, die ich unterhalte. Hier war nichts Auffälliges festzustellen, keine fehlgeschlagenen Log-In Versuche oder komische Online-Zeiten.

Daraufhin habe ich mein Passwort geändert.

Nun nach einer Woche und täglicher Prüfung, habe ich wieder einen nicht von mir stammenden Log-In von 04:49 Uhr festgestellt. Auch bei meiner Notfallmailadresse, die ich dort hinterlegt habe, waren 7 fehlerhafte Log-In Versuche.

Leider gibt es bei GMX.de keine Log-In Liste mit IP-Adressen und auch von Gmx.de keine Hilfe.

Außer von meinem Handy, von meinem Lap Top bzw. von der Arbeit aus, rufe ich keine Mails ab, auch habe ich in den letzten Wochen auch keine sonderartigen Mails erhalten.

Die Gmxapp auf meinem Handy hatte ich auf manuell gestellt. Eine automatische Synchronisierung kann ich also ausschließen.

Wie kommt dieser jemand an mein altes oder gar an mein neues Passwort und wieso nur bei diesem einen Gmx-Account?

Habt ihr eine Idee was das sein kann? Vielleicht ein Virus auf meinem Lap-top?

Das ganze ist schon ziemlich seltsam und beängstigend.

Bin für jede mögliche Idee oder Ratschlag dankbar!

Bitte helft mir und vielen Dank schonmal im Voraus

LG Knightthreat

Alt 26.03.2013, 23:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Hallo und

Zitat:
Habt ihr eine Idee was das sein kann? Vielleicht ein Virus auf meinem Lap-top?
Das könnte sein, evtl sind aber auch zu schwache Passwörter die Schwachstelle. Wie lang bzw. kurz und einfach bzw. komplex ist dein Passwort gestrickt? Es reicht wenn du die Länge verrätst und welcher Zeichensatz verwendet wird zB "mein Passwort besteht aus 7 Zeichen, nur kleine Buchstaben und Ziffern"

Denkbar ist aber auch eine Kompromittierung eines Geräts. Dann sollten wir vllt mal beim Laptop anfangen! Hattest du mal irgendwelche Virenfunde zu verzeichnen?
__________________

__________________

Alt 26.03.2013, 23:29   #3
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Hi cosinus, schön dass Du antwortest.

Mein Passwort war sehr komplex, es hatte 6 Buchstaben zwei Ziffern und gemischte Groß u. Kleinschreibung. Es stand in keinerlei Verbindung zu mir. Auch beim Abändern des Pw habe ich ein gemischtes mit 7 Buchstaben einem Sonderzeichen und zwei Ziffern genommen!

Vor allem fielen mir auch keine Fehllogins auf.

Ich habe mit mehreren Programmen Virenscans gemacht unter anderem mit spot u. spyware, hier wurden jedoch nur geringfügige Funde gebracht (cookies usw..).

Einmal hat sich mein Virenprogramm bei folgender Datei gemeldet: C:\Windows\Sysnative\drivers\sptd.sys, die er mir als Warnung gab, ich aber nicht löschen konnte.
lt. google ein virtuelles Laufwerk.. Ich kenn mich jetzt nicht so aus..
__________________

Alt 27.03.2013, 00:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Hm, ich hab schon mehrere Hinweise auf sowas aber vllt täusch ich mich da.

Zitat:
also es wurden keine Mails versendet oder sonstige Einstellungen geändert, soweit ich das sehen kann.
Das große Problem bei E-Mail: ein spammer kann als Absendeadresse irgendwas angeben. Tun kann man da gegen garnichts.

Zitat:
inmal hat sich mein Virenprogramm bei folgender Datei gemeldet: C:\Windows\Sysnative\drivers\sptd.sys, die er mir als Warnung gab, ich aber nicht löschen konnte.
lt. google ein virtuelles Laufwerk.. Ich kenn mich jetzt nicht so aus..
Daemon-Tools? Das Programm verwenden den SPTD-Treiber, der so manchen Helfer in Rookit-Scantools schon mal in die Irre geführt hat, mich eingeschlossen =>
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2013, 11:36   #5
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Was für Hinweise meinst Du? soweit ich meine, hab ich kein Daemon Tools..

Hatte heute wieder einen Log-In um 06:15 Uhr ca.

Wie soll ich weiter vorgehen?


Geändert von knightthreat (27.03.2013 um 11:49 Uhr)

Alt 27.03.2013, 15:52   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Na, ich hab micht schlecht ausgedrückt, mit Hinweisen meine ich, dass ich es schon ein paar mal erlebt habe, dass das Passwort geknackt wurde aber kein Befall feststellbar war

Die SPTD-Datei jedenfalls ist der Treiber, der zB von den Daemon-Tools benutzt wird. Die Datei sollte i.O. sein.


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
--> Gmx Mail Account gehackt? Virus?

Alt 28.03.2013, 11:07   #7
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.03.2013 22:47:07 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,97 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,96% Memory free

7,93 Gb Paging File | 5,90 Gb Available in Paging File | 74,41% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451,07 Gb Total Space | 348,29 Gb Free Space | 77,21% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)

"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AB26960-8350-44B2-B0FA-2B7400E819C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{1141BA51-7121-4C28-9D74-4D91809575CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{187A5B22-A6ED-46A0-A772-3F69ACD7BE95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{209B3ABB-45E5-4AE4-8B2D-BF80A9FF03A8}" = rport=445 | protocol=6 | dir=out | app=system | 

"{2517CFD7-62D5-473A-9402-B9180D511F6A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{25E9C926-EF53-42D5-9A7B-68FDC6C6887B}" = lport=139 | protocol=6 | dir=in | app=system | 

"{2B32C260-58FA-45EC-A2CA-7852CF5DADA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{2F18FAD3-A049-42DB-9EA7-0468A15168F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3B3DC4FC-2B40-4506-A466-CE225364626C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3C88919F-5D7A-410C-B5DF-B5F7584AFAEF}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3E21119D-EA76-48ED-9535-ECBAB5210457}" = rport=138 | protocol=17 | dir=out | app=system | 

"{4B1B9866-4905-4186-9525-51329206556E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4B369935-56CD-4CB2-8E60-85E2EB57DAF0}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{6BFA01DB-EF78-44D7-81DD-13CADB39EF59}" = lport=137 | protocol=17 | dir=in | app=system | 

"{7087B074-CD02-4665-9784-4B2BE04BE6D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{877B2D00-F6E4-40C7-84A8-73FFDFF34489}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8F068D7E-1055-4185-BCD4-719C1D78AD8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A08EB336-5DAA-43CA-B330-6F786852A271}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B5B554CD-1AED-40DC-A710-A14A89066671}" = lport=138 | protocol=17 | dir=in | app=system | 

"{BC189F16-B577-41E9-8DE3-709A9707C280}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C332BAAF-3DCE-4EEF-AEC7-C17FC1EE519C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{C526AE44-2FC9-476D-8714-0C337D015F05}" = rport=137 | protocol=17 | dir=out | app=system | 

"{C536234D-1977-4DEE-8776-9C60B5B69235}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D18B1200-EBE8-43CB-BD48-7882808F18DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D6E84E1E-F7C2-4184-945F-D3C5F0C89BCF}" = lport=445 | protocol=6 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0959AA25-A5C3-4E5C-947F-84ABAF9E9861}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{0EDC1694-B4AC-47AA-B296-F55E416A043C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 

"{10CE22B3-C4A1-4B25-8C80-0DEEE4AEA13A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{1157232F-614B-4B4D-8A83-40E0B35A6255}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"{12CD27BB-E9AB-4CFD-B605-3BBCF606B987}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 

"{12F84A8B-B92B-406A-8765-F008BD33A060}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{16BCBD78-4E48-4376-AE51-B23D6CAA84CB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{170CBFE1-BC87-41F3-98B3-4247402D2C65}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | 

"{17B19F5D-6BEA-432A-9BF7-D82EB59E97D0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"{196F21D1-9F0D-4E2A-96A2-47A34396A5FA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{1B2083E3-0170-4DFC-8E34-E50090D38255}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 

"{2400AA90-7C39-4A2D-8CDB-C70409BF7BEF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{2A23C189-BE0B-423A-A74E-D2A9971EB3D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{2AE371DF-2972-46A4-B3C3-F7AFCAB40DEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{2B625286-DF83-48EF-B526-35E2E4A6BF63}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 

"{2B7FE7E5-1DC0-446B-A02F-60BCC5D6EABC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{31F73393-076F-477D-8634-AE61420C5BE8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 

"{39A25565-0691-4B0D-BD08-7BC0D6D3C8D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{3AA278C1-4B01-451A-835B-B386DA954F32}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{3C66AD6E-89D6-418D-97C3-840DDEB286D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{3DF232FB-3B57-40EC-8294-4EF25426B6B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 

"{4288F167-07E5-457A-80A3-537DE63905B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

"{53CC31D3-ED57-4432-A2AD-DE5D575E1C1C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{54F75903-9E85-4866-8F4D-373DAC18AEDA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"{5519FD56-CC3D-4EC9-8298-9A4ADE979917}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 

"{564C3D70-904A-4FF0-8984-51C31E7D97C2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{5A10DC39-BA8B-4E50-9B92-1DE672EFBE15}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{5F955A1D-3278-44C8-93AD-8266881B5C58}" = protocol=6 | dir=out | app=system | 

"{5FB958BB-409D-4E1F-A7B6-171F37312E3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{6AF71CBB-3BD9-4A65-A6CA-70EEF3E58285}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{6C2B9D81-BD8D-4BD3-AEB8-3BD2740F803E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{7305E180-DC97-4868-B682-5AA7DCC32955}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{733FF932-29AE-4CD2-8907-AD8FFCABA7DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{73981C6E-09D6-4BEB-91E2-1A4D58DB41E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{77A5B253-7C19-486A-A314-06D0B084FD60}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | 

"{7CCE4A3C-A689-4C6B-8D78-5F4D058DD64E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |  

"{85C6F976-C450-4158-B096-E665B0C34E3F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 

"{8FC5C7DC-457E-444B-845F-33D26F9A409E}" = protocol=17 | dir=in | app=c:\users\User\downloads\videoconvertersdm.exe | 

"{959FFDBD-C8CE-4EA7-A7D3-6066CB44BEC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9C95ACC2-CEA7-4036-9C12-11AAF4859D52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{9E8B8C41-97CB-4657-95EB-2421834F745F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{A8CE5EEC-D29F-493B-B8DB-A0187FE7C0CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{AB452E3F-E83E-4ECF-8CFD-904265000CE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{AEE11A6C-F89E-4DDE-BA54-A406FF3C510E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{B2082065-ACBE-4FBD-B9DC-0AC775916BA9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{B48CE8BB-61CE-4B43-A971-3379017AEFE4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 

"{BC2E7D95-8A77-478C-9A21-ED54B664C350}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{BD2941C3-F26F-492C-89CD-13EC4E6C418B}" = protocol=6 | dir=in | app=c:\users\User\downloads\videoconvertersdm.exe | 

"{C6F040A7-DE01-4AD7-9E42-F858DBCB65B4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 

"{CC58CB6B-3A0A-4713-B47F-9D237F555D7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CFA56FC3-00AD-47FC-8E68-97B10F2870B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D3404745-6BA2-4B55-AA95-6D8A7D9F5284}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 

"{DF5CEB55-CB82-47CE-8964-523CD0F60032}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 

"{E0071BE9-2754-45A0-990A-9AB0CC91B11E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E4A52448-BFD0-4645-A705-F9514029EBC4}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{E5DA7BA1-8F7C-4261-BF55-86E8009AFAEF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 

"{F3282EDC-ACEE-4BC8-9C29-F0B1BACEC0E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{F59895A2-0474-48D7-A233-B2338E133DC5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 

"{F5FBC175-A869-4C3C-A22B-8FC845390D69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FE533851-3574-436F-AF4F-541773DFE334}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 

"TCP Query User{68AC2514-1E3D-4034-897B-8FB8F24E6CF6}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

"TCP Query User{7162CB2E-21F9-484D-9C87-687168434A1B}C:\program files (x86)\your freedom\freedom.exe" = protocol=6 | dir=in | app=c:\program files (x86)\your freedom\freedom.exe | 

"TCP Query User{AA1AE0B4-4985-493F-AB4A-3108392460EE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 

"TCP Query User{B7F4A38D-E44E-4AD3-B10D-7EA42E397B24}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 

"TCP Query User{EE844CEA-B283-4E2C-B418-210401CE24F1}C:\program files (x86)\logitech\vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe | 

"TCP Query User{F794ECAE-1918-4CC9-AEF6-CD3B43C95790}C:\users\User\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\User\appdata\local\akamai\netsession_win.exe | 

"UDP Query User{23EEF42F-BA64-456A-9DD8-112A407F1675}C:\program files (x86)\your freedom\freedom.exe" = protocol=17 | dir=in | app=c:\program files (x86)\your freedom\freedom.exe | 

"UDP Query User{406EA9E5-4D2F-414D-B196-B68E18D0E4E5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 

"UDP Query User{78950AA8-22CB-47A2-B2E8-752DBEA43CAA}C:\program files (x86)\logitech\vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe | 

"UDP Query User{BFD06161-5118-4935-873B-9B31F947FE9E}C:\users\User\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\User\appdata\local\akamai\netsession_win.exe | 

"UDP Query User{DE27C456-21BD-4148-9B4A-7EDBA6AE2F18}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

"UDP Query User{E624290D-C61F-4F1F-AA08-474F8233AFA2}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety

"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64

"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility

"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"PC-Doctor for Windows" = Dell Support Center

"SynTPDeinstKey" = Dell Touchpad

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29

"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15

"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian

"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center

"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish

"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish

"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish

"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek

"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7

"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C55C6A62-CBAF-495E-BA8D-7CF765F6C436}" = DDBAC

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai

"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17

"AudibleManager" = AudibleManager

"Avira AntiVir Desktop" = Avira Free Antivirus

"Dell Webcam Central" = Dell Webcam Central

"DivX Setup.divx.com" = DivX-Setup

"FormatFactory" = FormatFactory 3.0.1

"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PhotoBookWorld_is1" = PhotoBookWorld 2.1

"TeamViewer 7" = TeamViewer 7

"VLC media player" = VLC media player 1.1.2

"WildTangent dell Master Uninstall" = WildTangent-Spiele

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 01.09.2011 19:00:44 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 01.09.2011 20:06:48 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 13:48:47 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 13:48:47 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 13:48:53 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 13:52:36 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 13:59:04 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 14:03:25 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 15:07:53 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 03.09.2011 19:08:53 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

[ Media Center Events ]

Error - 01.09.2010 16:34:53 | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 22:34:53 - Fehler beim Herstellen der Internetverbindung.  22:34:53 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 01.09.2010 16:35:05 | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 22:34:59 - Fehler beim Herstellen der Internetverbindung.  22:34:59 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 12.09.2010 17:07:02 | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 23:07:02 - Fehler beim Herstellen der Internetverbindung.  23:07:02 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 12.09.2010 17:07:12 | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 23:07:07 - Fehler beim Herstellen der Internetverbindung.  23:07:07 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 12.09.2010 18:07:42 | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 00:07:42 - Fehler beim Herstellen der Internetverbindung.  00:07:42 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 12.09.2010 18:07:48 | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 00:07:47 - Fehler beim Herstellen der Internetverbindung.  00:07:47 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ OSession Events ]

Error - 02.01.2011 08:35:32 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 15.01.2011 12:53:19 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 23.01.2011 14:52:21 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 

lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 29.01.2011 10:45:18 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 08.02.2011 12:48:21 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 13.03.2011 19:10:35 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 18.05.2011 17:27:16 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 13.08.2011 12:53:37 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 17.12.2011 10:35:12 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 04.01.2012 09:59:29 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ Spybot - Search and Destroy Events ]

Error - 23.03.2013 01:31:35 | Computer Name = User-PC | Source = SDCleaner | ID = 100

Description = LoadCleaningInstructions

 

Error - 23.03.2013 01:32:18 | Computer Name = User-PC | Source = SDCleaner | ID = 100

Description = LoadCleaningInstructions

 

[ System Events ]

Error - 26.03.2013 05:10:05 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 26.03.2013 18:05:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 26.03.2013 18:05:51 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 26.03.2013 18:05:52 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 26.03.2013 18:42:05 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 27.03.2013 17:20:55 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 27.03.2013 17:21:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 27.03.2013 17:21:04 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

Error - 27.03.2013 17:28:34 | Computer Name = User-PC | Source = ACPI | ID = 327693

Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen

 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware

 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 

den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen

 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

 

Error - 27.03.2013 17:47:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name

 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 

wurde:   %%1058

 

 

< End of report >
         
--- --- ---

Geändert von knightthreat (28.03.2013 um 11:17 Uhr)

Alt 28.03.2013, 11:09   #8
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



HI, hier sind beide Auswertungen:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.03.2013 22:47:07 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,97 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,96% Memory free

7,93 Gb Paging File | 5,90 Gb Available in Paging File | 74,41% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451,07 Gb Total Space | 348,29 Gb Free Space | 77,21% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )

PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )

PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)

PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)

PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (GSService) -- C:\Windows\SysWOW64\GSService.exe ()

SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)

SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )

SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )

SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (CDMA Device Service) -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe ()

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)

DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)

DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)

DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)

DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EEBC724E-4BFE-4464-9D97-20B6AFD8E567}

IE:64bit: - HKLM\..\SearchScopes\{EEBC724E-4BFE-4464-9D97-20B6AFD8E567}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.

IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}

IE - HKLM\..\SearchScopes\{160B65D0-06C6-4356-B0DC-E23E359F5430}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

 

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU:

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP:

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = QIP:

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = QIP:

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^HJ^xdm255^YY^de&ptb=EAAEB22B-6C35-4FB0-866C-BB2E56545B86&si=CJi409_t7bQCFcpZ3godIHMASQ

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = QIP:

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=5212_8&babsrc=SP_clro&mntrId=4c228e7d000000000000701a04ae1e8e

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "My Web Search"

FF - prefs.js..browser.search.selectedEngine: "My Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7}:2.6.0.15

FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {3474c305-9dad-11d8-9207-00055d74c2e4}:0.4.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1

FF - prefs.js..extensions.enabledItems: {271A3CF5-5A54-447B-A08F-BE805F0DA60A}:3.3.5.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=EAAEB22B-6C35-4FB0-866C-BB2E56545B86&n=77fc1ea6&ind=2013011622&p2=^HJ^xdm255^YY^de&si=CJi409_t7bQCFcpZ3godIHMASQ&searchfor="

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.12 20:02:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.12 20:02:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 21:14:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.10 21:14:11 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 21:14:13 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.10 21:14:11 | 000,000,000 | ---D | M]

 

[2010.01.11 22:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions

[2010.01.11 22:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2013.02.23 19:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\j9uyos9z.default\extensions

[2013.02.12 22:49:26 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\j9uyos9z.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2013.02.23 19:43:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\j9uyos9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013.01.16 22:51:01 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\j9uyos9z.default\extensions\4zffxtbr-bs@VideoDownloadConverter_4z.com

[2013.01.16 22:40:33 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\j9uyos9z.default\extensions\ffxtlbr@incredibar.com

[2012.12.26 19:38:24 | 000,001,300 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\claro.xml

[2011.07.24 14:31:22 | 000,000,917 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\conduit.xml

[2010.10.16 20:25:42 | 000,000,828 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-1.xml

[2011.03.05 14:30:45 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-10.xml

[2011.03.06 13:06:41 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-11.xml

[2011.04.30 15:54:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-12.xml

[2011.04.30 16:28:43 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-13.xml

[2011.06.23 23:39:42 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-14.xml

[2011.08.13 19:47:25 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-15.xml

[2010.10.16 20:25:42 | 000,000,828 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-2.xml

[2010.10.16 20:25:42 | 000,000,828 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-3.xml

[2010.10.16 20:25:42 | 000,000,828 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-4.xml

[2010.10.16 20:25:42 | 000,000,828 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-5.xml

[2010.10.16 20:25:34 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-6.xml

[2010.10.31 23:16:33 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-7.xml

[2010.11.17 00:46:12 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-8.xml

[2010.12.11 15:38:45 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin-9.xml

[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\icqplugin.xml

[2013.01.16 22:51:32 | 000,009,631 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\my-web-search.xml

[2010.10.16 20:25:42 | 000,002,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\j9uyos9z.default\searchplugins\qip-search.xml

[2013.03.10 21:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.03.10 21:14:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2013.03.10 21:14:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013.03.10 21:14:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013.03.10 21:14:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2009.11.14 01:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2009.06.25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll

[2011.09.05 18:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2012.04.28 23:27:36 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.12.26 19:37:51 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.09.01 13:49:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.04.28 23:27:36 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2013.01.12 13:39:39 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2012.04.28 23:27:36 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.28 23:27:36 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.28 23:27:36 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

========== Chrome  ==========

 

CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\

CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1324757305-1681669773-3064394410-1001\..Trusted Domains: olb.de ([www] * in Trusted sites)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1857/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.15.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F2BD488-0247-4145-8CAF-5FB3A87B6F37}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72457032-14D2-43E6-97CB-46A7F3B1BE77}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ADD10C5-E4D4-4F4E-AB38-B29C3B2F9387}: DhcpNameServer = 192.168.181.211 192.168.181.254

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL ()

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\TSpkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\LIVESSP.DLL (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\TSpkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\LIVESSP.DLL (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{9ea6ee8f-28f9-11e2-a80d-0026b91459fc}\Shell - "" = AutoRun

O33 - MountPoints2\{9ea6ee8f-28f9-11e2-a80d-0026b91459fc}\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\WD Drive Unlock.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.23 00:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2013.03.23 00:43:08 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe

[2013.03.23 00:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2013.03.23 00:42:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs

[2013.03.23 00:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire

[2013.03.23 00:31:35 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys

[2013.03.23 00:31:35 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys

[2013.03.23 00:31:35 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys

[2013.03.23 00:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire

[2013.03.23 00:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2013.03.21 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\shades 3-3

[2013.03.18 00:04:51 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\I-phone 5 Töne-Musik

[2013.03.16 01:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013.03.16 01:33:31 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2013.03.16 01:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013.03.16 01:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013.03.16 01:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013.03.16 01:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013.03.16 01:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2013.03.16 01:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2013.03.16 01:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2013.03.16 01:32:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2013.03.16 01:24:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2013.03.16 01:19:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013.03.16 00:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2013.03.16 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple

[2013.03.16 00:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2013.03.14 23:01:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013.03.14 23:01:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013.03.14 23:00:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.03.14 23:00:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.03.14 23:00:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013.03.14 23:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013.03.14 23:00:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013.03.14 23:00:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013.03.14 23:00:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.03.14 23:00:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013.03.14 23:00:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013.03.14 23:00:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.03.14 23:00:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.03.14 23:00:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.03.14 23:00:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013.03.12 19:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013.03.12 19:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013.03.10 21:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.03.03 18:49:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\FormatFactory

[2013.03.03 18:47:50 | 000,000,000 | ---D | C] -- C:\FFOutput

[2013.03.03 18:47:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory

[2013.03.03 18:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime

[2013.02.27 23:00:40 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013.02.27 23:00:40 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013.02.27 23:00:40 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013.02.27 23:00:40 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013.02.27 23:00:32 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013.02.27 23:00:32 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013.02.27 23:00:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013.02.27 23:00:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013.02.27 23:00:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013.02.27 23:00:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013.02.27 23:00:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013.02.27 23:00:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013.02.27 23:00:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013.02.27 23:00:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013.02.27 23:00:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013.02.27 23:00:28 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013.02.27 23:00:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013.02.27 23:00:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013.02.27 23:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013.02.27 23:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013.02.27 23:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013.02.27 23:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013.02.27 23:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013.02.27 23:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013.02.27 23:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013.02.27 23:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013.02.27 23:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013.02.27 23:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013.02.27 23:00:26 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013.02.27 23:00:26 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013.02.27 23:00:26 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013.02.27 23:00:26 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013.02.27 23:00:26 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013.02.27 23:00:26 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013.02.27 23:00:26 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013.02.27 23:00:26 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013.02.27 23:00:26 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013.02.27 23:00:25 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013.02.27 23:00:25 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013.02.27 23:00:25 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013.02.27 23:00:25 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\User\AppData\Local\CDRip.dll

[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\User\AppData\Local\No23 Recorder.exe

[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\User\AppData\Local\basscd.dll

[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\User\AppData\Local\bass.dll

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013.03.27 22:27:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.27 22:27:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.27 22:19:45 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\qipdater.exe.job

[2013.03.27 22:19:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.03.27 22:19:25 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.26 23:08:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.03.26 10:07:07 | 000,001,009 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013.03.24 20:35:04 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.03.24 20:35:04 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.03.24 20:35:04 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.03.24 20:35:04 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.03.24 20:35:04 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.03.23 20:59:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2013.03.23 11:40:45 | 000,209,375 | ---- | M] () -- C:\Users\User\Desktop\Unbenann6t.png

[2013.03.23 06:36:42 | 000,273,111 | ---- | M] () -- C:\Users\User\Desktop\Unbenannt3.jpg

[2013.03.23 06:36:13 | 000,527,435 | ---- | M] () -- C:\Users\User\Desktop\Unbenannt2.jpg

[2013.03.23 06:35:25 | 000,471,210 | ---- | M] () -- C:\Users\User\Desktop\Unbenannt1.jpg

[2013.03.23 06:34:29 | 000,183,103 | ---- | M] () -- C:\Users\User\Desktop\Unbenannt.png

[2013.03.23 06:32:18 | 000,003,276 | ---- | M] () -- C:\Windows\WININIT.INI

[2013.03.23 00:43:24 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013.03.23 00:31:37 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk

[2013.03.17 23:33:53 | 000,027,517 | -HS- | M] () -- C:\Users\User\Desktop\Folder.jpg

[2013.03.17 23:33:53 | 000,027,517 | -HS- | M] () -- C:\Users\User\Desktop\AlbumArt_{E1BE769F-9E15-4CF9-9781-75203D2AEAC4}_Large.jpg

[2013.03.17 23:33:53 | 000,005,825 | -HS- | M] () -- C:\Users\User\Desktop\AlbumArtSmall.jpg

[2013.03.17 23:33:53 | 000,005,825 | -HS- | M] () -- C:\Users\User\Desktop\AlbumArt_{E1BE769F-9E15-4CF9-9781-75203D2AEAC4}_Small.jpg

[2013.03.17 22:45:07 | 000,039,999 | -HS- | M] () -- C:\Users\User\Desktop\AlbumArt_{4646FED7-6BF1-467C-B32A-A398EE4FB037}_Large.jpg

[2013.03.17 22:45:07 | 000,008,511 | -HS- | M] () -- C:\Users\User\Desktop\AlbumArt_{4646FED7-6BF1-467C-B32A-A398EE4FB037}_Small.jpg

[2013.03.16 01:33:39 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013.03.12 20:09:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.03.12 20:09:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.03.12 19:29:24 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013.03.06 22:57:08 | 000,019,456 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.03.04 23:37:14 | 000,000,970 | ---- | M] () -- C:\Users\User\.recently-used.xbel

[2013.03.03 18:47:32 | 000,001,204 | ---- | M] () -- C:\Users\User\Desktop\Format Factory.lnk

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013.03.23 11:40:44 | 000,209,375 | ---- | C] () -- C:\Users\User\Desktop\Unbenann6t.png

[2013.03.23 06:36:42 | 000,273,111 | ---- | C] () -- C:\Users\User\Desktop\Unbenannt3.jpg

[2013.03.23 06:36:13 | 000,527,435 | ---- | C] () -- C:\Users\User\Desktop\Unbenannt2.jpg

[2013.03.23 06:35:25 | 000,471,210 | ---- | C] () -- C:\Users\User\Desktop\Unbenannt1.jpg

[2013.03.23 06:34:29 | 000,183,103 | ---- | C] () -- C:\Users\User\Desktop\Unbenannt.png

[2013.03.23 00:43:24 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2013.03.23 00:43:24 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2013.03.23 00:31:37 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk

[2013.03.17 23:33:53 | 000,027,517 | -HS- | C] () -- C:\Users\User\Desktop\AlbumArt_{E1BE769F-9E15-4CF9-9781-75203D2AEAC4}_Large.jpg

[2013.03.17 23:33:53 | 000,005,825 | -HS- | C] () -- C:\Users\User\Desktop\AlbumArt_{E1BE769F-9E15-4CF9-9781-75203D2AEAC4}_Small.jpg

[2013.03.16 01:33:39 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013.03.16 01:32:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2013.03.16 01:15:26 | 000,039,999 | -HS- | C] () -- C:\Users\User\Desktop\AlbumArt_{4646FED7-6BF1-467C-B32A-A398EE4FB037}_Large.jpg

[2013.03.16 01:15:26 | 000,008,511 | -HS- | C] () -- C:\Users\User\Desktop\AlbumArt_{4646FED7-6BF1-467C-B32A-A398EE4FB037}_Small.jpg

[2013.03.04 23:37:14 | 000,000,970 | ---- | C] () -- C:\Users\User\.recently-used.xbel

[2013.03.03 18:47:32 | 000,001,204 | ---- | C] () -- C:\Users\User\Desktop\Format Factory.lnk

[2013.01.16 23:21:39 | 000,403,832 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe

[2012.11.08 17:56:56 | 000,000,355 | ---- | C] () -- C:\Users\User\Computer - Verknüpfung.lnk

[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.06.19 19:10:04 | 000,007,620 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg

[2010.09.12 23:42:30 | 000,000,367 | ---- | C] () -- C:\Users\User\Zuletzt besucht - Verknüpfung.lnk

[2010.08.15 15:49:45 | 000,001,594 | ---- | C] () -- C:\Users\User\AppData\Local\RecConfig.xml

[2010.07.07 16:45:07 | 000,019,456 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.01.17 23:27:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\User\AppData\Local\lame_enc.dll

[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\User\AppData\Local\vorbisenc.dll

[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\User\AppData\Local\vorbisfile.dll

[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\User\AppData\Local\vorbis.dll

[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\User\AppData\Local\ogg.dll

[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\User\AppData\Local\no23xwrapper.dll

 

========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2010.05.21 00:30:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon

[2010.01.11 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite

[2011.05.12 21:10:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DataDesign

[2010.10.16 20:16:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Desktopicon

[2013.03.27 22:20:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox

[2012.10.15 16:48:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft

[2012.10.12 23:51:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.10.26 00:57:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Fighters

[2013.01.16 23:21:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo

[2012.04.19 22:52:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0

[2013.03.03 00:04:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ

[2012.05.19 14:42:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView

[2010.06.10 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech

[2010.12.12 20:02:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Local

[2011.10.26 01:14:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX

[2010.06.21 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Miranda

[2010.10.16 20:23:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OCS

[2010.10.16 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera

[2012.11.07 23:18:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCDr

[2012.12.26 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PerformerSoft

[2010.06.21 23:20:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QIP

[2012.01.08 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung

[2013.01.16 22:43:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak

[2012.03.15 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer

[2012.01.08 15:08:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp

[2009.12.22 20:42:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer

 

========== Purity Check ==========
 

< End of report >
         
--- --- ---

Alt 28.03.2013, 11:10   #9
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Das waren beide Berichte.

Heute Morgen war trotz PW-Änderung gestern wieder ein Log In...

Geändert von knightthreat (28.03.2013 um 11:15 Uhr)

Alt 28.03.2013, 12:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.03.2013, 22:43   #11
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Hi, die Datei ist leider in jeglicher Art zu groß um sie hier zu posten bzw. anzuhängen. kann ich sie dir per Mail senden? Magst mir deine Mailadresse per PN senden?
In dem Mailscanner hat er keine Maleware gefunden!

Geändert von knightthreat (28.03.2013 um 22:55 Uhr)

Alt 29.03.2013, 02:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Zu große Dateien bitte zippen und hier anhängen siehe http://www.trojaner-board.de/69886-a...tml#post566999
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.03.2013, 11:37   #13
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



ok, ich zipp sofort.

Also, ich habe mein Handy vom Wlan genommen, hatte das passwort gestern abend von einem verwandten aus nochmal geändert und heute um 11:10 (erstaunlich spät im Vergleich zu sonst, da es sonst immer so von 5-8 Uhr war) war wieder ein Log-In.

Es kann also nicht an meinem PC liegen oder?!

Und es scheint ein jemand zu sein, der heute frei hat u. daher ausgeschlafen hat!

Alt 29.03.2013, 13:16   #14
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



hier die datei

Alt 30.03.2013, 00:49   #15
knightthreat
 
Gmx Mail Account gehackt? Virus? - Standard

Gmx Mail Account gehackt? Virus?



Sooo... nun hatte ich das Passwort von wem ändern lassen, der weder hier im Wlan ist noch hab ich mich jemals von dort aus eingeloggt.

Nun habe ich mich gerade von dort aus eingeloggt u. sehe 19 fehlgeschlagene Log-Ins...

Antwort

Themen zu Gmx Mail Account gehackt? Virus?
altes, automatisch, automatische, ebenfalls, einloggen, einstellungen, gehackt, gen, geändert, gmx, gmx account, gmx mail, gmx.de, hallo zusammen, internetseite, keylogger, komische, log-in, mail, mails, neues, nichts, passwort, problem, ratlos, seite, seltsam, sich automatisch, virus, virus?



Ähnliche Themen: Gmx Mail Account gehackt? Virus?


  1. E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 28.10.2015 (57)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. E-Mail Account gehackt - Rechner betroffen?
    Log-Analyse und Auswertung - 24.06.2014 (5)
  4. Email Account gehackt? Mail Delivery
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (24)
  5. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  6. E-Mail-Account auf Mac gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  7. Mail account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (11)
  8. AOL E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 08.07.2013 (23)
  9. Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (23)
  10. Amazon + E-mail account gehackt
    Log-Analyse und Auswertung - 26.02.2013 (13)
  11. E- Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (82)
  12. Mail Account gehackt? Was ist tokenserver?
    Überwachung, Datenschutz und Spam - 10.06.2012 (87)
  13. AOL E-Mail Account gehackt? Nr. 2
    Überwachung, Datenschutz und Spam - 14.02.2012 (0)
  14. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  15. E-Mail Account gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (28)
  16. Web.de Account gehackt? (Mail Delivery System)
    Überwachung, Datenschutz und Spam - 27.02.2009 (4)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema Gmx Mail Account gehackt? Virus? - Hallo zusammen, ich bin jetzt wirklich ratlos und hoffe, dass ihr vielleicht Ideen oder sogar Lösungen parat habt... Folgendes Problem: Eigentlich nutze ich mein gmx Postfach über meinen Mailclient und - Gmx Mail Account gehackt? Virus?...
Archiv
Du betrachtest: Gmx Mail Account gehackt? Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.