Diverse E-Mail Konten gehackt

Doggy81 · 10.04.2013, 12:05

Danke sehr!

JRT Logfile

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by xxx on 10.04.2013 at 12:44:42,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.04.2013 at 12:47:12,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWCleaner Logfile

Code:

ATTFilter

# AdwCleaner v2.200 - Datei am 10/04/2013 um 12:52:17 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : xxx - xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [719 octets] - [10/04/2013 12:52:17]

########## EOF - C:\AdwCleaner[S2].txt - [778 octets] ##########

OTL Logfiles

Code:

ATTFilter

OTL logfile created on: 10.04.2013 12:57:39 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,26% Memory free
5,86 Gb Paging File | 4,42 Gb Available in Paging File | 75,44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 25,15 Gb Free Space | 21,11% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Notepad++\NppShell_05.dll ()
MOD - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe ()
MOD - C:\Programme\Samsung\Samsung Update Plus\HMXML.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WinRing0_1_2_0) -- C:\Users\xxx\AppData\Local\Temp\tmp493F.tmp File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 3C B7 B9 B4 2B CE 01  [binary data]
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2100955007-3637390453-2697659314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.13 13:47:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.08 23:13:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.08 23:13:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.12.20 03:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\xxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: SEOquake = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.14_0\
CHR - Extension: Google Drive = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Adblock Plus = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: iMacros for Chrome = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.1_0\
CHR - Extension: NoFollow = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid\3.3.6_0\
CHR - Extension: Link2Clip = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmieebpnfbcjdackmfajcbbknaikebla\1.1_0\
CHR - Extension: PageRank Status = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.3.0_1\
CHR - Extension: Change Colors = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\
CHR - Extension: Copy Links = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpoommnneaebpfgaoejklgemonkmjpc\1.2.1_0\
CHR - Extension: Premiumize.me = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm\0.0.16_0\
CHR - Extension: Color Picker = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg\0.0.1.51_0\
CHR - Extension: Google Reader = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Programme\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{935C30C2-6AEA-4DC0-B3C7-1742CC23C44B}: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4905C36-BE12-4D5A-A2C9-82B8F867D164}: DhcpNameServer = 82.212.62.62 78.42.43.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 12:56:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.04.10 12:44:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.10 12:44:37 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.10 12:44:16 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe
[2013.04.10 09:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Diagnostics
[2013.04.09 17:53:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.09 17:27:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\mbar
[2013.04.09 16:38:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SimilarImages
[2013.04.09 16:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimilarImages
[2013.04.09 16:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MaierSoft
[2013.04.09 16:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\SimilarImages
[2013.04.08 23:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.29 16:33:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.29 16:23:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\PDAppFlex
[2013.03.29 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2013.03.29 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.29 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.29 15:43:41 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.29 15:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.26 11:08:36 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.24 14:13:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2013.03.24 14:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013.03.24 14:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.03.24 14:12:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.24 14:12:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.24 01:05:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\com.adobe.WidgetBrowser
[2013.03.20 22:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.03.19 16:53:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs
[2013.03.14 15:42:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.03.14 15:42:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Adobe Mini Bridge CS5
[2013.03.14 14:12:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\dealsdestages
[2013.03.13 20:26:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.13 20:26:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.13 20:26:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.13 20:26:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.13 20:26:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.13 20:26:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.13 20:26:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.13 20:26:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.13 13:47:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2013.03.13 13:47:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2013.03.13 13:47:27 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2013.03.13 13:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.03.13 13:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.03.13 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2013.03.13 13:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.03.13 13:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013.03.13 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Logitech
[2013.03.13 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Logishrd
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.10 12:58:41 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.10 12:58:41 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.10 12:58:41 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.10 12:58:41 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.10 12:56:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2013.04.10 12:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000UA.job
[2013.04.10 12:53:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.10 12:53:24 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.10 12:51:54 | 000,613,083 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2013.04.10 12:44:16 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe
[2013.04.10 12:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.10 11:25:05 | 000,029,391 | ---- | M] () -- C:\Users\xxx\Desktop\indexed google com.csv
[2013.04.10 11:05:00 | 000,045,044 | ---- | M] () -- C:\Users\xxx\Desktop\www-ipaddatentarife-de_20130410T090431Z_ExternalLinks_AllLinks.csv
[2013.04.10 00:41:11 | 000,001,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013.04.09 23:55:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100955007-3637390453-2697659314-1000Core.job
[2013.04.09 18:00:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 18:00:15 | 000,022,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 17:52:56 | 243,978,118 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.09 16:38:13 | 000,000,045 | ---- | M] () -- C:\ProgramData\.SimImages
[2013.04.08 22:51:12 | 000,038,205 | ---- | M] () -- C:\Users\xxx\Desktop\kwdomainlist.pdf
[2013.03.29 15:43:43 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.28 14:11:22 | 000,275,620 | ---- | M] () -- C:\Users\xxx\Desktop\1-13.pdf
[2013.03.25 14:29:56 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.25 14:29:56 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.25 14:29:56 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.21 21:34:03 | 000,197,160 | ---- | M] () -- C:\Users\xxx\Desktop\gutschein ab in den urlaub.pdf
[2013.03.21 21:20:17 | 003,648,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.15 21:50:50 | 000,001,456 | ---- | M] () -- C:\Users\xxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.03.13 13:47:27 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2013.03.13 13:10:40 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 13:10:40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.04.10 12:51:54 | 000,613,083 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe
[2013.04.10 11:25:05 | 000,029,391 | ---- | C] () -- C:\Users\xxx\Desktop\indexed google com.csv
[2013.04.10 11:04:59 | 000,045,044 | ---- | C] () -- C:\Users\xxx\Desktop\www-ipaddatentarife-de_20130410T090431Z_ExternalLinks_AllLinks.csv
[2013.04.09 17:52:56 | 243,978,118 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.09 16:38:13 | 000,000,045 | ---- | C] () -- C:\ProgramData\.SimImages
[2013.04.08 22:51:12 | 000,038,205 | ---- | C] () -- C:\Users\xxx\Desktop\kwdomainlist.pdf
[2013.03.29 15:43:43 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.28 14:11:22 | 000,275,620 | ---- | C] () -- C:\Users\xxx\Desktop\1-13.pdf
[2013.03.21 21:34:02 | 000,197,160 | ---- | C] () -- C:\Users\xxx\Desktop\gutschein ab in den urlaub.pdf
[2013.03.19 15:28:59 | 000,001,456 | ---- | C] () -- C:\Users\xxx\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013.02.03 04:31:49 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013.01.17 21:05:11 | 000,001,456 | ---- | C] () -- C:\Users\xxx\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2013.01.07 21:13:12 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.01.07 21:13:12 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.12.20 18:58:23 | 000,000,017 | ---- | C] () -- C:\Users\xxx\AppData\Local\resmon.resmoncfg
[2012.12.20 03:00:59 | 000,001,366 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.12.20 02:50:45 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 10.04.2013 12:57:40 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 57,26% Memory free
5,86 Gb Paging File | 4,42 Gb Available in Paging File | 75,44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 25,15 Gb Free Space | 21,11% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EFA6E6-8447-425D-83C6-9A50771CE948}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1971C4AB-E42B-41B5-B98F-A263D313B78E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{20FA5E62-75D3-4ADD-BA3C-3102A0AD7ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3FE4D001-9A35-45A5-8AD0-EECE64C40B01}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{419B8DA8-EEB0-492A-8DF1-6836FD188688}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{446AE113-C676-4282-93AE-39B8E2716966}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4B2379C6-3CFE-48DA-8EB6-9962A907817B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59FB9A03-3428-42F4-9FFE-657D48BA4B1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{661F43DC-AD1A-45BA-99FC-8719EDEB59FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89C9A960-9BB3-45B8-801F-22127E92C543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{91E8F083-B0C4-4188-89F7-975C16977C3B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AA800EDC-52D2-4535-B955-0A1CF25FB2FD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B2496B15-3748-4B97-BF53-B0E04F0BA1FE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3F09C66-C11C-4C59-A30F-6556492DA656}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BABC0F74-474D-4A6D-A123-42B18E8118BF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CA7B7DE8-747A-4867-9339-4CCEAB632D14}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CD8481D3-E0E2-41F1-BA8F-2CE1D181D69D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D4AF30CE-757F-4433-A479-E806B31C60B8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E453224D-9A76-4BD0-B524-EE9E1E144FD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5013AFA-88B4-4FBC-A61F-B27015897DF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EAE03202-0F6D-4B31-843A-934B999ACE21}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EF865A7A-23DF-4DAF-9203-37FEA238CA32}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8258E8F-6974-4F59-9DC7-4680B77F13C3}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14665412-6677-40AE-9D4E-B0FAA029549C}" = dir=out | app=%programfiles%\adobe\adobe illustrator cs5.1\support files\contents\windows\illustrator.exe | 
"{4058C61A-F646-41D6-98C7-4721C91933DF}" = protocol=17 | dir=in | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe | 
"{4F8EE637-38D3-4E68-8C9B-9012DCD80DA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{51D66FCF-6B25-4998-BFE6-707963BFF8C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{56784A30-E42A-430C-8725-DF35506291BB}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe | 
"{6DC09F8E-780E-46B4-AC12-68352F5CF604}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F601ABC-BD8B-4CFE-8364-9DC98D4F5AEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7385CB66-185C-42EE-85C9-0E08E28A6EC8}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe | 
"{796C7788-22FE-4106-A9DF-290DC97C6B82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{889CE8B5-42FC-4CC1-A8E6-537D243A6D4E}" = dir=out | app=%programfiles%\adobe\adobe dreamweaver cs6\dreamweaver.exe | 
"{A10C7000-03F2-4288-8FC5-A69CF9896F0A}" = protocol=6 | dir=out | app=system | 
"{A29A0F54-7239-4607-9520-DBE467E2623E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A69EE37F-A1B3-4F57-99E9-3E04D5B37104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA3E20B1-A7D2-4AA0-8506-F610B00BF38E}" = protocol=6 | dir=in | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe | 
"{B5CD539C-9278-4D01-99BB-D8CF4A9A9AAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B789CD90-B733-4CEA-9681-DB6A5137A89D}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs5\photoshop.exe | 
"{DF4620B3-6E64-4E1E-A2E1-FF5CE8B9FDC3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E1C7554B-5A8E-4F82-A24D-EF6E46C723FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E6402DA8-72D7-4087-8547-DF4F12789327}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe | 
"{F09AC1A4-4039-4FE7-8FC4-58B63A1C5C37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2CBE5FB-3A02-4C13-AB87-ABDF2DA630DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F644E99F-F608-4125-8D9B-B2178A663DDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6FD3105-6886-48B4-9F2F-DB56DBDF007F}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe | 
"{F76EABA8-7C0F-4D53-9394-A5A346680040}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8970A6E-846B-43C8-B04E-747E5824A656}" = dir=out | app=c:\program files\gsa search engine ranker\search_engine_ranker.exe | 
"{FEE46946-02D3-4A31-86A3-79ADEC2FEB02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0191B92D-8F64-440A-A87A-34CF1F354A6C}C:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{82B9B3FC-A469-4B9F-8182-483485493D3D}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe | 
"TCP Query User{921BEA41-1291-4D92-BEE2-0738ECB13324}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D4CFE6DF-6835-4ACF-AB30-68954C0DF32A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{2B57D267-440A-449D-A4BD-F3A353670185}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe | 
"UDP Query User{74D40267-0A9F-4C94-A187-11D216A7C0A3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A3A50408-2006-4952-B090-A7FC116A0CC1}C:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{D1C8098F-F884-466A-8940-DF8FA9314108}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alt.Binz" = Alt.Binz 0.39.4
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.6.0.2
"GSA Search Engine Ranker_is1" = GSA Search Engine Ranker v5.16
"jdownloader2" = JDownloader 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"SimilarImages" = SimilarImages
"sp6" = Logitech SetPoint 6.52
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"Xenu's Link Sleuth" = Xenu's Link Sleuth
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2100955007-3637390453-2697659314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
< End of report >

Diverse E-Mail Konten gehackt

Log-Analyse und Auswertung: Diverse E-Mail Konten gehackt

Diverse E-Mail Konten gehackt

Ähnliche Themen: Diverse E-Mail Konten gehackt