Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Emailkonto (live.de) gehackt ? Wie weiter ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2013, 12:55   #1
ChaosDesign
 
Emailkonto (live.de) gehackt ? Wie weiter ? - Standard

Emailkonto (live.de) gehackt ? Wie weiter ?



Hallo

Ich bin Frischling und habe von PC nicht wirklich Ahnung. Zumindest dann, wenn es ans Eingemachte geht.

Die Beiträge in diesem Forum, die ich zu diesem Thema gelesen habe, sind so individuell, dass ich für mich keine Infos daraus ziehen kann. Insofern:


Ich hatte heute Morgen eine Email in meinem live.de-Account, die mir sagte, dass eine angeblich von mir (an viele andere) verschickte Email nicht gesendet werden konnte. Die "vielen anderen" Emailadressen die ich lesen konnte, stammen nicht aus meinem Adressbuch und sind mir gänzlich unbekannt. Diese Email, mit dem Sendestatus, habe ich bereits gelöscht.

In der Email, die ich angeblich verschickt haben soll und die sich nun im Gelöscht-Ordner befindet, befand sich nur ein einziger Link (den ich nicht angeklickt haben !).

Screenshot:


Was muss ich nun tun ?

Vorsorglich habe ich das Passwort zu dem live-Mailaccount gewechselt.
Wie weiter ?

Danke

So, ich habe nun Defogger.exe und ORT.exe laufen lassen.
Die OTL.Txt und Extras.Txt Dateien wurden auf dem Desktop abgespeichert und meine Name gemäß Anweisung mit *** ersetzt. Ich weiß aber nicht wie ich die hier posten kann/soll.

Ich habe auch versucht "gmer" auszuführen, es kam aber diese Fehlermeldung:

"Kein Datenträger
Es befindet sich kein Datenträger im Laufwerk. Legen Sie einen
Datenträger in Laufwerk\Device\Harddisk2\DR2 ein.
Abbrechen-Wiederholen-Weiter"


Ich konnte weder Abbrechen, noch Wiederholen und auch nicht auf Weiter klicken.
Gmer musste ich so schließen.

Wie poste ich also die OTL.txt und Extras.txt Dateien ?
Einfach nur den Text kopieren und hier einfügen oder kann/muss ich die txt.datei irgendwo hochladen ?

Danke

Alt 01.04.2013, 19:59   #2
ChaosDesign
 
Emailkonto (live.de) gehackt ? Wie weiter ? - Standard

Emailkonto (live.de) gehackt ? Wie weiter ?



Schade, noch keine Antwort.

Dafür weitere Erkenntnisse meinerseits.

Ich habe das System mit verschiedenen Scannern durchforstet.
Malwarebytes, Antivir und Emsisoft Emergency Kit haben nichts gefunden.

Auch mit SUPERAntiSpyware habe ich das komplette System gescannt.

Das hat einen Fund angezeigt. Eine Uninstall.exe eines VST-Equilizers (VST-plugin für Musiksequencer) wurde angeblich als Trojaner erkannt.
Ich habe diese Datei dann zu VirusTotal und VirSCAN hochgeladen.
Keiner der dort gelisteten Virologen hat in dieser Datei ein Problem erkannt - ausser SUPERAntispyware.

Dann dachte ich, dass das Problem damit erledigt ist, wohl falscher Alarm oder so...
Aber gerade bekam ich eine Email von Yahoo...

Es hat jemand von Russland aus versucht sich in mein Emailkonto von Yahoo einzuloggen - mit gültigem Passwort !

Jetzt hätte ich doch gerne mehr Hilfe.

Wenn mir also noch mal jemand für blöd erklären kann, wie ich hier vorzugehen habe. Danke !


Hier nun den Inhalt der OTL.Txt-Datei (Eine Extra.Txt wurde aus welchen Gründen auch immer nicht erstellt o. auf dem Desktop gespeichert):
----------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.04.2013 20:13:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 63,69% Memory free
3,50 Gb Paging File | 2,57 Gb Available in Paging File | 73,55% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 18,77 Gb Free Space | 38,44% Space Free | Partition Type: NTFS
Drive E: | 86,30 Gb Total Space | 41,82 Gb Free Space | 48,46% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 74,60 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.01 20:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.03.28 13:10:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 13:10:39 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.28 13:10:37 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 13:10:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.16 10:17:22 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.31 11:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.31 11:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.03 13:42:57 | 001,259,448 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.29 10:55:48 | 000,147,456 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicStartMenu.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.09 14:08:29 | 004,595,064 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2012.10.18 00:24:02 | 000,163,840 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2012.07.17 15:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 15:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.10.31 20:30:00 | 000,167,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programme\AVerMedia\AVerUpdate\AVerUpdateServer.exe
PRC - [2011.08.19 23:43:58 | 000,360,448 | ---- | M] (AVerMedia) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2011.05.20 01:20:18 | 000,675,840 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2011.04.01 23:52:24 | 000,403,456 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.16 14:59:45 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2012.10.18 00:24:02 | 000,163,840 | ---- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.28 13:10:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 13:10:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 16:31:38 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.09 10:49:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.03 13:42:57 | 001,259,448 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 14:08:29 | 004,595,064 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2012.07.17 15:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.10.31 20:30:00 | 000,167,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Auto | Running] -- C:\Programme\AVerMedia\AVerUpdate\AVerUpdateServer.exe -- (AVerUpdateServer)
SRV - [2011.08.19 23:43:58 | 000,360,448 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2011.04.01 23:52:24 | 000,403,456 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- F:\Downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA)
DRV - [2013.03.28 13:10:53 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 13:10:53 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 13:10:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.19 22:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.09.19 10:31:44 | 000,591,360 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.21 19:14:00 | 000,583,296 | ---- | M] (Line 6) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L6GX.sys -- (L6GX)
DRV - [2011.11.17 16:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.11.17 16:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011.11.17 16:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.09.19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.09.19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.09.19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D6 C6 37 F0 F7 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bd37dc5d0-431d-44e5-8c91-49419370caa1%7D:3.1.26
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2013.02.16.23
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.1.3
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 10:49:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 10:49:23 | 000,000,000 | ---D | M]
 
[2013.01.21 18:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.03.30 15:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions
[2013.03.30 15:36:01 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.02.23 12:05:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.21 18:48:15 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2013.03.20 14:55:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\firefox@ghostery.com
[2013.03.05 13:20:32 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.02.21 12:44:42 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\status4evar@caligonstudios.com.xpi
[2013.03.08 13:41:01 | 000,194,575 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013.02.14 18:19:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.21 12:56:40 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.09 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 10:49:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0FD99D0-7230-4424-BC93-9FFDD5CE20CA}: NameServer = 213.191.92.86 62.109.123.7
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.01 20:02:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.30 15:15:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KeePass
[2013.03.30 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\EmsisoftEmergencyKit
[2013.03.29 20:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\logcollector
[2013.03.29 20:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ibackup
[2013.03.29 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\frestore
[2013.03.29 20:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\chmview
[2013.03.29 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\arcverify
[2013.03.28 18:54:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.27 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics
[2013.03.27 11:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013.03.16 18:05:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Google
[2013.03.16 18:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.03.16 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.03.10 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\***\.tuxguitar-1.2
[2013.03.10 11:13:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\REAPER Media
[2013.03.09 10:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.05 16:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.05 16:29:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI
[2013.03.05 10:57:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProgSense
[2013.03.05 10:57:21 | 000,000,000 | ---D | C] -- C:\Downloads
[2013.03.04 21:06:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Orbit
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.01 20:03:30 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.01 20:01:40 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.04.01 20:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.01 20:01:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.01 19:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 19:22:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.01 14:38:02 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 14:38:02 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 14:34:51 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.01 14:34:51 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.01 14:34:51 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.01 14:34:51 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.01 14:30:40 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.01 14:30:40 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.01 14:30:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 14:30:29 | 1408,688,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 11:29:46 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_040213102205093.job
[2013.03.29 09:22:18 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.28 13:10:53 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.28 13:10:53 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.28 13:10:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.16 14:59:45 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2013.03.09 14:26:47 | 000,002,069 | ---- | M] () -- C:\Users\***\.lmmsrc.xml
 
========== Files Created - No Company Name ==========
 
[2013.04.01 20:03:30 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.01 20:02:44 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.04.01 20:02:41 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.03.29 09:22:18 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.03.16 14:59:45 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2013.02.09 17:00:08 | 000,511,488 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2013.02.09 17:00:08 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2013.02.09 17:00:08 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2013.02.02 10:54:56 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2013.01.24 16:25:24 | 000,002,069 | ---- | C] () -- C:\Users\***\.lmmsrc.xml
[2013.01.23 20:08:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2013.01.23 20:08:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2013.01.23 20:08:13 | 000,622,592 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2013.01.23 20:08:13 | 000,421,888 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2013.01.23 20:08:13 | 000,311,296 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2013.01.23 20:08:13 | 000,307,200 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2013.01.23 20:08:13 | 000,307,200 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2013.01.23 20:08:13 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2013.01.23 20:08:13 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2013.01.21 23:38:18 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.01.21 22:29:08 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013.01.21 20:58:09 | 000,000,050 | ---- | C] () -- C:\ProgramData\.SimImages
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.16 10:27:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\atunes
[2013.03.26 21:58:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2013.03.27 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2013.03.01 10:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2013.02.11 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blue Cat Audio
[2013.02.25 18:27:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2013.02.09 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2013.01.24 11:19:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CrystalIdea Software
[2013.01.21 22:44:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.01.27 17:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org
[2013.02.14 13:13:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flux
[2013.03.27 10:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2013.02.02 10:54:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon
[2013.04.01 16:51:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2013.02.20 12:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2013.03.30 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2013.02.16 13:07:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keolab
[2013.03.16 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.02.08 14:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2013.01.21 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Line 6
[2013.02.03 20:51:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2013.02.11 14:01:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MeldaProduction
[2013.01.21 22:46:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.01.25 21:26:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.05 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2013.02.20 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre 7
[2013.03.05 10:57:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2013.02.20 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER
[2013.01.21 23:56:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Submersible
[2013.01.26 15:05:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subtitle Edit
[2013.01.28 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Voxengo
[2013.03.28 14:06:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2013.02.20 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wise Registry Cleaner
[2013.02.28 09:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2013.01.25 22:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
-----------------------------------------------------------

Weitere Infos folgen (gmer...)

(Einige Zeit später...)

Ich haber versucht, gmer erneut auszuführen, aber es kam erneut die bereits o.g. Fehlermeldung, dass keine Datenträger im Laufwerk sei...

Wie soll ich weitermachen ?
Bitte detailliert erklären, auch wenn ich Fehler mache, erklären was und warum verkehrt war !

Hilfreich wäre es auch, wenn mir jemand sagen könnte, ob es Sinn macht oder empfehlenswert ist, bereits jetzt die diversen Passwörter zu wechseln ?

So, ich habe jetzt zum dritten Mal vesucht, meine System mit "gmer" zu scannen. Es erschien zum dritten Mal die Fehlermeldung, dass kein Datenträger im Laufwerk sei.

Es wäre nett, wenn sich mal jemand dazu äußern könnte. Danke.

Dafür habe ich nach langem Suchen rausgefunden (nein, es wurde nicht in dieser Anleitung http://www.trojaner-board.de/69886-a...-beachten.html beschrieben), warum keine Extras.Txt-Datei erstellt wurde.

Somit also noch einmal die OTL.Txt und EXTRAS.Txt Datei:
--------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.04.2013 12:57:23 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 36,95% Memory free
3,50 Gb Paging File | 2,19 Gb Available in Paging File | 62,70% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 18,23 Gb Free Space | 37,34% Space Free | Partition Type: NTFS
Drive E: | 86,30 Gb Total Space | 41,82 Gb Free Space | 48,46% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 75,99 Gb Free Space | 77,81% Space Free | Partition Type: NTFS
Drive L: | 595,88 Gb Total Space | 36,89 Gb Free Space | 6,19% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AVerUpdateServer) -- C:\Programme\AVerMedia\AVerUpdate\AVerUpdateServer.exe (AVerMedia TECHNOLOGIES, Inc.)
SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AVerFx2hbtv) -- C:\Windows\System32\drivers\AVerFx2hbtv.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (L6GX) -- C:\Windows\System32\drivers\L6GX.sys (Line 6)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (Uim_Vim) -- C:\Windows\System32\drivers\Uim_Vim.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D6 C6 37 F0 F7 CD 01  [binary data]
IE - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bd37dc5d0-431d-44e5-8c91-49419370caa1%7D:3.1.26
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2013.02.16.23
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.1.3
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 10:49:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.09 10:49:23 | 000,000,000 | ---D | M]
 
[2013.01.21 18:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.03.30 15:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions
[2013.03.30 15:36:01 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.02.23 12:05:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.21 18:48:15 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2013.03.20 14:55:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1cbiyfl9.default\extensions\firefox@ghostery.com
[2013.03.05 13:20:32 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.02.21 12:44:42 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\status4evar@caligonstudios.com.xpi
[2013.03.08 13:41:01 | 000,194,575 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2013.02.14 18:19:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.21 12:56:40 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1cbiyfl9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.09 10:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.09 10:49:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3860657243-3871851665-2463855471-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3860657243-3871851665-2463855471-1000\..Trusted Domains: line6.net ([]* in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0FD99D0-7230-4424-BC93-9FFDD5CE20CA}: NameServer = 62.109.123.197 213.191.74.19
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.02 08:44:06 | 000,000,000 | ---D | C] -- C:\Users\***\Tracing
[2013.04.02 08:42:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013.04.02 08:42:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.04.01 20:02:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.30 15:15:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KeePass
[2013.03.30 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\EmsisoftEmergencyKit
[2013.03.29 20:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\logcollector
[2013.03.29 20:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ibackup
[2013.03.29 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\frestore
[2013.03.29 20:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\chmview
[2013.03.29 20:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\arcverify
[2013.03.28 18:54:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2013.03.27 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics
[2013.03.27 11:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013.03.25 22:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013.03.16 18:05:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Google
[2013.03.16 18:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.03.16 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.03.16 14:59:23 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2013.03.16 14:59:23 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2013.03.16 14:59:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2013.03.16 14:59:23 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2013.03.16 14:59:23 | 000,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2013.03.16 14:59:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2013.03.16 14:59:23 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2013.03.16 14:59:23 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2013.03.16 14:59:22 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2013.03.16 14:59:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2013.03.16 14:59:19 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2013.03.16 14:59:19 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2013.03.16 14:59:19 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2013.03.16 14:59:19 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2013.03.16 14:59:19 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2013.03.16 14:59:19 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2013.03.16 14:59:18 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2013.03.16 14:59:18 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2013.03.15 19:48:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.10 13:49:47 | 000,000,000 | ---D | C] -- C:\Users\***\.tuxguitar-1.2
[2013.03.10 11:13:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\REAPER Media
[2013.03.09 10:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.05 16:40:11 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 16:40:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 16:40:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 16:40:02 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.05 16:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.05 16:29:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI
[2013.03.05 10:57:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ProgSense
[2013.03.05 10:57:21 | 000,000,000 | ---D | C] -- C:\Downloads
[2013.03.04 21:06:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Orbit
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.02 12:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.02 12:22:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.02 09:22:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.02 08:21:46 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.02 08:21:46 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.02 08:21:46 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.02 08:21:46 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.02 08:15:04 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 08:15:04 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 08:07:45 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.04.02 08:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.02 08:07:35 | 1408,688,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 20:03:30 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.01 20:01:40 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.04.01 20:01:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.01 20:01:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.04.01 11:29:46 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_040213102205093.job
[2013.03.29 09:22:18 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.28 13:10:53 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.28 13:10:53 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.28 13:10:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.25 22:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013.03.16 14:59:45 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2013.03.13 16:31:37 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 16:31:37 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.09 14:26:47 | 000,002,069 | ---- | M] () -- C:\Users\***\.lmmsrc.xml
[2013.03.05 16:39:57 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.05 16:39:57 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.05 16:39:57 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.05 16:39:57 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.05 16:39:57 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.05 16:39:57 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
 
========== Files Created - No Company Name ==========
 
[2013.04.02 08:42:37 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.04.01 20:03:30 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.01 20:02:44 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.04.01 20:02:41 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.03.29 09:22:18 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.03.16 14:59:45 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2013.02.09 17:00:08 | 000,511,488 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2013.02.09 17:00:08 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2013.02.09 17:00:08 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2013.02.02 10:54:56 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini
[2013.01.24 16:25:24 | 000,002,069 | ---- | C] () -- C:\Users\***\.lmmsrc.xml
[2013.01.23 20:08:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2013.01.23 20:08:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2013.01.23 20:08:13 | 000,622,592 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2013.01.23 20:08:13 | 000,421,888 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2013.01.23 20:08:13 | 000,311,296 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2013.01.23 20:08:13 | 000,307,200 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2013.01.23 20:08:13 | 000,307,200 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2013.01.23 20:08:13 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2013.01.23 20:08:13 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2013.01.21 23:38:18 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.01.21 22:29:08 | 000,088,688 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2013.01.21 20:58:09 | 000,000,050 | ---- | C] () -- C:\ProgramData\.SimImages
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.16 10:27:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\atunes
[2013.03.26 21:58:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2013.03.27 11:17:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2013.03.01 10:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2013.02.11 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blue Cat Audio
[2013.02.25 18:27:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2013.02.09 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2013.01.24 11:19:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CrystalIdea Software
[2013.01.21 22:44:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2013.01.27 17:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org
[2013.02.14 13:13:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flux
[2013.03.27 10:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2013.02.02 10:54:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon
[2013.04.01 16:51:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2013.02.20 12:49:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2013.03.30 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2013.02.16 13:07:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keolab
[2013.03.16 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.02.08 14:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2013.01.21 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Line 6
[2013.02.03 20:51:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2013.02.11 14:01:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MeldaProduction
[2013.01.21 22:46:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.01.25 21:26:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.05 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2013.02.20 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre 7
[2013.03.05 10:57:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2013.02.20 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER
[2013.01.21 23:56:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Submersible
[2013.01.26 15:05:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subtitle Edit
[2013.01.28 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Voxengo
[2013.03.28 14:06:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2013.02.20 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wise Registry Cleaner
[2013.02.28 09:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2013.01.25 22:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

------------------------------------------------------------------------------------


Die Extras.Txt-Datei:
------------------------------------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.04.2013 12:57:23 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,65 Gb Available Physical Memory | 36,95% Memory free
3,50 Gb Paging File | 2,19 Gb Available in Paging File | 62,70% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 18,23 Gb Free Space | 37,34% Space Free | Partition Type: NTFS
Drive E: | 86,30 Gb Total Space | 41,82 Gb Free Space | 48,46% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 75,99 Gb Free Space | 77,81% Space Free | Partition Type: NTFS
Drive L: | 595,88 Gb Total Space | 36,89 Gb Free Space | 6,19% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3860657243-3871851665-2463855471-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lupas Rename] -- Reg Error: Key error.
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4192B549-EC65-4AD9-A4BA-38DA396105EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A8BEC051-7073-4871-B5AF-1E6AF517368E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B26A76A-83D8-4BDC-BB75-88E1B19E709F}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{2E56392E-D54D-4D53-BDA2-ED2FE0EDCAC6}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{3343D55C-562B-4DC0-A380-332685E6398C}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{5CD37AB9-0948-4A33-B842-BE28394EF321}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6E4CF425-5E3C-4046-BE49-7212240FF620}" = dir=in | app=c:\users\***\appdata\local\microsoft\skydrive\skydrive.exe | 
"{6F3EEA97-7D0E-48DC-84B1-BCCD1561DF8B}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{93350AC4-3E15-4D02-9647-234F4E14A57F}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{93C5F138-0CFA-4B83-B95A-84ABA3022FF3}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{C691866B-2B44-4778-836E-51F093471E70}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D47D077F-D61D-4685-AE68-C3A8649BB7D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DACEF6DC-5BE0-426A-8B67-7166BECE5D64}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{EDC8ABCE-5C57-423E-AF9C-5DC8003E6B3B}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"TCP Query User{7B53F6D3-980B-45F8-90E6-0F2476CFB980}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{63D83DD9-32DD-458E-80AD-7FB26D6A9927}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{03DC1A7A-3F8D-40C1-ADD8-181BBB49F166}" = Native Instruments RC 24
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{16C964BA-7E2D-49EC-96D7-3A1497751660}" = Native Instruments RC 48
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3A4A028F-A5B3-4248-AE75-EE62A80C1B9B}" = Adobe Audition Loopology Content
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{48A404E2-0A25-4CEF-AB87-8626BD1B0F2C}" = Flux_StereoTool
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{5012C3AD-9A0D-443D-9463-76E45A4655C9}" = Classic Shell
"{5016185F-05AF-455F-AA70-6B6E5D6D4E70}" = AVerTV 3D
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}" = LibreOffice 4.0.0.3
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B63DFA23-5C10-44B4-881D-45EFBF4A4761}" = MAGIX Screenshare
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.9
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F3DCD04C-BE9C-408C-BC8C-B77AF972DBC2}" = teXXas
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Audacity_is1" = Audacity 2.0.2
"AVerMedia A827 USB TV Tuner" = AVerMedia A827 USB TV Tuner 2.1.0.159
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 2.0.16.0
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClipMemAdvanced" = ClipMem Advanced
"CutePDF Writer Installation" = CutePDF Writer 3.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
"Freemake Video Converter_is1" = Freemake Video Converter Version 4.0.0
"Glary Utilities_is1" = Glary Utilities 2.54.0.1759
"InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}" = AVerTV 3D
"KeolabSpicyGuitar_is1" = Spicy Guitar 1.2.0.1
"LAME_is1" = LAME v3.99.3 (for Windows)
"Line 6 Uninstaller" = Line 6 Uninstaller
"LinuxLive USB Creator" = LinuxLive USB Creator
"Lupas Rename 2000_is1" = Lupas Rename 2000 v5.0 Release
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments RC 24" = Native Instruments RC 24
"Native Instruments RC 48" = Native Instruments RC 48
"Native Instruments Service Center" = Native Instruments Service Center
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"REAPER" = REAPER
"SimilarImages" = SimilarImages
"SubtitleEdit_is1" = Subtitle Edit 3.2.8
"Unlocker" = Unlocker 1.9.1
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.65
"XnView_is1" = XnView 1.99.6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3860657243-3871851665-2463855471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre 7" = PhotoFiltre 7
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2013 08:58:14 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: reaper.exe, Version: 4.3.2.0, Zeitstempel:
 0x50f5f519  Name des fehlerhaften Moduls: Guitar Rig 5.dll, Version: 5.1.1.2673, 
Zeitstempel: 0x50881c6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0065a9cd  ID des fehlerhaften
 Prozesses: 0xeb0  Startzeit der fehlerhaften Anwendung: 0x01ce2c7b8d8646b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\REAPER\reaper.exe  Pfad des fehlerhaften
 Moduls: F:\Musik\Instrumente\VST-Instrumente\Guitar Rig 5.dll  Berichtskennung: 51046da0-9870-11e2-adec-00158315a310
 
Error - 29.03.2013 10:28:37 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: reaper.exe, Version: 4.3.2.0, Zeitstempel:
 0x50f5f519  Name des fehlerhaften Moduls: Guitar Rig 5.dll, Version: 5.1.1.2673, 
Zeitstempel: 0x50881c6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0065a9cd  ID des fehlerhaften
 Prozesses: 0x7f4  Startzeit der fehlerhaften Anwendung: 0x01ce2c8545d31910  Pfad der
 fehlerhaften Anwendung: C:\Program Files\REAPER\reaper.exe  Pfad des fehlerhaften
 Moduls: F:\Musik\Instrumente\VST-Instrumente\Guitar Rig 5.dll  Berichtskennung: f13e9fa0-987c-11e2-adec-00158315a310
 
Error - 29.03.2013 14:22:25 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm ftw.exe, Version 10.0.17.13908 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 834    Startzeit: 
01ce2caa515710f0    Endzeit: 15    Anwendungspfad: C:\Program Files\Paragon Software\Backup
 and Recovery 2012 Free\program\ftw.exe    Berichts-ID: 988dde91-989d-11e2-adec-00158315a310

 
Error - 30.03.2013 03:54:34 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.03.2013 04:07:58 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm a2emergencykit.exe, Version 3.0.0.4 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d8c    Startzeit: 01ce2d1d73404b50    Endzeit: 16    Anwendungspfad: 
F:\Downloads\EmsisoftEmergencyKit\Run\a2emergencykit.exe    Berichts-ID: ebed0de1-9910-11e2-a559-00158315a310

 
Error - 30.03.2013 08:28:11 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: reaper.exe, Version: 4.3.2.0, Zeitstempel:
 0x50f5f519  Name des fehlerhaften Moduls: Guitar Rig 5.dll, Version: 5.1.1.2673, 
Zeitstempel: 0x50881c6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0065a9cd  ID des fehlerhaften
 Prozesses: 0xa64  Startzeit der fehlerhaften Anwendung: 0x01ce2d41e0199078  Pfad der
 fehlerhaften Anwendung: C:\Program Files\REAPER\reaper.exe  Pfad des fehlerhaften
 Moduls: F:\Musik\Instrumente\VST-Instrumente\Guitar Rig 5.dll  Berichtskennung: 48ce4fc8-9935-11e2-a559-00158315a310
 
Error - 31.03.2013 03:16:17 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.04.2013 02:47:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.04.2013 08:27:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: reaper.exe, Version: 4.3.2.0, Zeitstempel:
 0x50f5f519  Name des fehlerhaften Moduls: Guitar Rig 5.dll, Version: 5.1.1.2673, 
Zeitstempel: 0x50881c6e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0065a9cd  ID des fehlerhaften
 Prozesses: 0x17e4  Startzeit der fehlerhaften Anwendung: 0x01ce2ed28e06cfbe  Pfad der
 fehlerhaften Anwendung: C:\Program Files\REAPER\reaper.exe  Pfad des fehlerhaften
 Moduls: F:\Musik\Instrumente\VST-Instrumente\Guitar Rig 5.dll  Berichtskennung: 74b9fe9e-9ac7-11e2-baac-00158315a310
 
Error - 01.04.2013 08:32:22 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2013 02:09:28 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.03.2013 04:52:43 | Computer Name = ***-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 26.03.2013 05:20:33 | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 26.03.2013 10:21:01 | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 27.03.2013 04:43:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 27.03.2013 04:43:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 30.03.2013 03:52:49 | Computer Name = ***-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{82a24443-63e1-11e2-b955-806e6f6e6963}" können nicht gelesen werden.
 
Error - 31.03.2013 03:14:33 | Computer Name = ***-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{82a24443-63e1-11e2-b955-806e6f6e6963}" können nicht gelesen werden.
 
Error - 01.04.2013 02:45:15 | Computer Name = ***-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{82a24443-63e1-11e2-b955-806e6f6e6963}" können nicht gelesen werden.
 
Error - 01.04.2013 08:30:54 | Computer Name = ***-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{82a24443-63e1-11e2-b955-806e6f6e6963}" können nicht gelesen werden.
 
Error - 02.04.2013 02:07:43 | Computer Name = ***-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{82a24443-63e1-11e2-b955-806e6f6e6963}" können nicht gelesen werden.
 
 
< End of report >
         
--- --- ---
__________________


Geändert von ChaosDesign (01.04.2013 um 20:58 Uhr)

Antwort

Themen zu Emailkonto (live.de) gehackt ? Wie weiter ?
adressbuch, andere, anderen, angeblich, angeklickt, befindet, beiträge, bereits, daraus, einziger, email, email gehackt, emailadresse, emailadressen, emailkonto, forum, gehackt, gesendet, heute, infos, link, morgen, passwort, thema, wirklich, ziehen



Ähnliche Themen: Emailkonto (live.de) gehackt ? Wie weiter ?


  1. Live Installation
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (27)
  2. live setcounter
    Alles rund um Windows - 14.10.2013 (1)
  3. Live Security Platinum Virus bin schon im Abgesichertem Modus und 1. Log erstellt - wie weiter?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  4. Live Security eingefangen - Firefox leitet zu Windows Live um - immer noch Viren auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (27)
  5. Xbox-Live Account gehackt oder ist mein System schmutzig?
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (9)
  6. Emailkonto geblockt
    Log-Analyse und Auswertung - 12.02.2012 (1)
  7. [Gehackt]Gehackt dank nem kleinen Bruder
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (2)
  8. Virus bereinigt, Ad-watch Live läuft nicht mehr (inaktiv), Bedrohung weiter vorhanden?
    Antiviren-, Firewall- und andere Schutzprogramme - 19.07.2010 (2)
  9. Live Pc care
    Plagegeister aller Art und deren Bekämpfung - 29.01.2010 (19)
  10. MultiBoot Live CD
    Alles rund um Mac OSX & Linux - 24.02.2009 (12)
  11. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
  12. wurde gehackt und weiß nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 10.08.2007 (7)
  13. Live Videos
    Netzwerk und Hardware - 12.05.2005 (1)

Zum Thema Emailkonto (live.de) gehackt ? Wie weiter ? - Hallo Ich bin Frischling und habe von PC nicht wirklich Ahnung. Zumindest dann, wenn es ans Eingemachte geht. Die Beiträge in diesem Forum, die ich zu diesem Thema gelesen habe, - Emailkonto (live.de) gehackt ? Wie weiter ?...
Archiv
Du betrachtest: Emailkonto (live.de) gehackt ? Wie weiter ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.