|
Log-Analyse und Auswertung: Trojaner spioniert meine Email-Passwörter ausWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.06.2012, 21:19 | #1 |
| Trojaner spioniert meine Email-Passwörter aus Hallo trojaner-board, mein Problem ist Folgendes. Von meiner Emailadresse wurden Emails versandt ohne, dass ich irgendetwas damit gemacht hatte. Also habe ich von meinem Laptop aus das Passwort geändert und dachte das Problem so zu beheben. Allerdings wurden am nächsten Tag wieder Emails von dem Account aus versandt. Nach einer kurzen Zeit googlen, habe ich gelesen, dass es sich um einen Trojaner auf meinem Laptop handeln muss, der meine Tastatureingaben auslesen kann und so an mein Passwort gelangt ist. Daraufhin habe ich eine Virenscan mit Antivir gemacht, bei dem allerdings nichts gefunden wurde und dann einen mit Spybot Search & Destroy. Dieser hatte 102 Befunde und konnte alle "beheben". Allerdings habe ich gelesen, dass es auch viele Trojaner gibt, die dieser übersieht und die Befunde waren alle nur "temporäre Dateien oder Cookies". Ein Trojaner wurde nicht gefunden. Danach habe ich die Schritte hier befolgt und wollte euch nun meine beiden Logs, die von OTL erstellt wurden, posten, damit ihr mir weiterhelfen könnt. Ich bin über jede Hilfe dankbar, da ich meinen Laptop schnellstmöglich wieder benutzen will. Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 25.06.2012 21:39:04 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Clemens\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,48% Memory free 8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 213,25 Gb Total Space | 122,52 Gb Free Space | 57,45% Space Free | Partition Type: NTFS Drive E: | 19,53 Gb Total Space | 1,90 Gb Free Space | 9,71% Space Free | Partition Type: NTFS Computer Name: MARIANNE-PC | User Name: Clemens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09122612-6AD6-4EB0-AB36-25111C875FB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0BB1773A-D23A-4352-816F-56CC424CE781}" = rport=10243 | protocol=6 | dir=out | app=system | "{0D2DF36B-6F17-4DCA-AC4E-64A198A2C38A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{146FB05B-3795-4112-ABEA-6E38383AA62C}" = lport=2869 | protocol=6 | dir=in | app=system | "{17D7B55D-1961-4BDA-BF95-66181D21112E}" = lport=139 | protocol=6 | dir=in | app=system | "{1AB633E7-2C43-4EDE-AAFB-D17A4CBFDDF1}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{1B6A9681-799C-4EB4-922D-A1964BB77D43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{217595A5-DDB6-4BE9-B733-3ADE1B75DFDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{225FFF81-C871-496F-BA50-6B9DCE491A7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C18FD81-596A-43E9-A1B6-03A72306C0D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{40D9D5A5-1A20-472A-B00D-BDC8936A2EF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61E23DC7-F7D9-4AE7-9E0A-103F81A81429}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{67AEAED5-4EE0-4834-B1D1-F73480F175FD}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{6EF78A6E-5C4C-4C5D-AB03-C6164F469848}" = lport=2869 | protocol=6 | dir=in | app=system | "{780CB2D2-C01A-46BA-8BD2-EBBEBAE70DB6}" = rport=139 | protocol=6 | dir=out | app=system | "{7A9140A4-C93D-4CF7-B51A-3AF3ACDCD541}" = rport=137 | protocol=17 | dir=out | app=system | "{7C411261-F0BB-4793-B424-D0F1745A7370}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{7F1588FD-BC81-4367-87B7-C89FE7A6051D}" = lport=137 | protocol=17 | dir=in | app=system | "{7F9463CE-77CE-4586-9429-1E795BA17945}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{81C2795A-FD14-4300-BFAE-CBF0EA3F06DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{85F9F3B3-C573-4433-AFDF-E83617FBDE6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8E2121B7-9821-423C-B7F5-EEAAD00D42BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8F6850D9-DF2D-46B4-A2B6-032C4CBF7501}" = lport=10243 | protocol=6 | dir=in | app=system | "{9251CE09-96C4-4EF6-82E8-A0DE00523C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{96A8E531-2039-4687-96AF-0CC6C35FFDA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9914E50A-99AD-472C-9109-8656002A61A3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A86E57DF-4FE8-45F3-9A3D-68EFB4AF6B36}" = lport=138 | protocol=17 | dir=in | app=system | "{B2E24346-BDB6-43BB-9D37-2F90599492A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B7295481-9CAA-42D7-8C3A-8646228000F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B8D71F67-F8AA-4838-8A39-CEE5FBDB7CB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C2923DE9-EF2F-4421-921A-56A562C8E55C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CD0BAD3D-978D-4A14-8AAF-B4C8B2C07B8A}" = lport=2869 | protocol=6 | dir=in | app=system | "{D06244A9-CA8F-4BEE-B956-7EB1B9097AF2}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe | "{D7820EAC-413E-4151-BC4E-FEFC608AADCF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D9165685-41F8-4E26-815C-7497C30BA317}" = rport=138 | protocol=17 | dir=out | app=system | "{D9D0A448-E8B3-4532-ADB6-CE9CEBD994E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DC4752E1-DB52-445B-B2A2-4E6A0E1E6456}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{E70F6C00-6A24-4B15-9112-1B01F17209D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E85065FA-CC5B-4C78-B144-9920B19349F1}" = rport=445 | protocol=6 | dir=out | app=system | "{E9AC508A-E183-44D1-895A-8BE85FA13C42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{FAEBDA4F-D6C4-49C3-B3C8-B58947DBE32D}" = lport=445 | protocol=6 | dir=in | app=system | "{FC17A98E-6847-4467-A55D-406591DDD553}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{073C007D-4B41-48A4-B819-5A0D5225331E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0E1E097C-4D28-474F-B320-D585F18CEAD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1F8C4542-0DDD-4E41-B301-984E99E59F4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{27B847E2-E718-411E-AEBF-3B027F0F92FA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2FDA9D16-5C8D-49E4-8599-457A8ECE7DF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{318427AE-CC2B-4904-8064-507809EBBA30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{35ACF478-7D11-4FC8-8549-5DBC243AD812}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{3B5CDC87-6C2B-4CCE-A1A1-5E8616D9FD6D}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{4232C8EB-D6B5-43BF-A585-F0AD5E3A089A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{47F8B2D2-CA14-4DEC-8AEC-1A89CC7CC771}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{4ADBEE7B-0CC0-491A-93D0-4895086E1596}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4EB825A1-8E8D-410C-AF17-9C2FEA3CD7B5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5268CD98-67F3-4221-93FA-964AECC55DD1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{57BB6F8C-B2D2-4830-BEBB-EDBE6F613FF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5C60F87E-384C-4399-B142-3FB733DE8B5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5D595E0B-0E73-47BD-AE40-186E1F4D666E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5E0ABA39-E8F3-4917-8EBE-56C812ED1535}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6979B81F-DFBA-4B32-A2A3-1414F32E3EF6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{6BBA864A-05F0-4FC8-B4BB-A3EDAD5944CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{76FF6D7B-D664-4E49-8FE2-6664199FDB3E}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{841D852E-C2E3-4E37-8E9D-AD0CF1A0C4D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8908D0A6-C113-468B-B2EE-BADD0DE37C46}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{89AE344E-BBD8-43D4-AFA8-6BFF063E5408}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{92CF646D-4902-4ACF-A7FA-D8C0297E62AD}" = protocol=6 | dir=out | app=system | "{95DB1386-DAA4-41C6-BFC9-4084FE50E10B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96A3C451-6266-4C2C-A5B7-96FE0931A780}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{96A3CEC8-0045-4788-8F34-08EA0BC0ECD0}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{97EC5C6F-0758-415E-B2EA-D473A4CB7195}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9F953F6C-CE79-4551-98FE-3DC6251037C1}" = protocol=6 | dir=out | app=system | "{A633A119-86AD-4389-9DD6-09F91E4EC3F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AEC8F834-3E1A-41BD-82F6-3F015EA00519}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C856B125-4B60-411C-8951-CC3F048452FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C9C7001C-BAD5-4F5C-BDF3-465EF518B942}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D1A5631D-EA00-4538-9DFD-B9AD69F3C2AC}" = protocol=6 | dir=out | app=system | "{D4E29148-19E8-4DF5-939D-B950D475B14A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DAE9BA43-166B-4850-A339-C1B8EC416661}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{E0E7A584-C0E2-400E-949F-9C9BBE0644AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EA6DC25E-E547-4F20-A605-629492E45602}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EA7AFF2F-8EE1-48FF-B1ED-EEC55CEC38F4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F102F7AD-5CB0-4F87-AA40-1A4C198E90AB}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | "{FD087E2C-D5A8-4FD5-968D-A85DFF044CAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{12834B36-A518-42EC-A26C-F23FC359746E}\\criss-pc\lan\flat out 2\flatout2.exe" = protocol=6 | dir=in | app=\\criss-pc\lan\flat out 2\flatout2.exe | "TCP Query User{1D87D98B-9243-40FE-A819-D4AD2D2DAD2C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{4EE7F338-1182-420A-B630-4CA3BE4D5FF1}F:\warcraft 3\war3.exe" = protocol=6 | dir=in | app=f:\warcraft 3\war3.exe | "TCP Query User{53CDE0FE-40AD-4AAA-87AE-7CF989F79F04}E:\warcraft iii lan\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii lan\war3.exe | "TCP Query User{6548FAB4-6217-41B8-9719-A0A1262EEDFC}C:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe | "TCP Query User{80E730D3-6E90-41FC-88A7-E6BF231CE797}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe | "TCP Query User{88CD2C48-836F-41B5-9001-10229E3AA0E9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{9A665355-EE68-4C87-AC74-7D6A5BF43D14}C:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe | "TCP Query User{ABAB91AC-8EBA-45C2-9CF4-130F6A7DF1FD}C:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe | "TCP Query User{AE5FAB58-3E13-4F6C-9A5B-F3080FB6D6D9}C:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe | "TCP Query User{C893337E-BF9B-476D-9619-68BDD376A476}C:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe | "TCP Query User{EBC22E60-51F4-40A2-82B0-C8DA06C8323D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{ED15582A-6A2F-47D5-8A58-0366C76835CA}C:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{FB6535E2-6BD6-4C1B-A452-DF5C1BF9B864}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{0A0E304A-0122-4B45-B9E0-3E81B334F401}C:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe | "UDP Query User{0A9CBB21-1574-47DC-928B-756D5B8B4433}F:\warcraft 3\war3.exe" = protocol=17 | dir=in | app=f:\warcraft 3\war3.exe | "UDP Query User{12249188-AE8D-43E9-845B-C668C4F9DEA5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{2EFEEB4E-47C1-491C-B757-5B238EF4D1E3}C:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{5E5EB7F3-7321-472C-9792-728CF50C07DE}\\criss-pc\lan\flat out 2\flatout2.exe" = protocol=17 | dir=in | app=\\criss-pc\lan\flat out 2\flatout2.exe | "UDP Query User{5E90EACB-29BB-4447-A545-609914E5C575}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe | "UDP Query User{7E4D367E-4659-4F2E-9131-CD28CA738E6B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{8ABA1D8D-378A-4911-A145-63E636C8B4BD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{9187DA62-1884-4D0D-9C03-CC9D93D298A9}C:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe | "UDP Query User{956D7CBF-B896-4D2D-9DF3-2BBC13583C9E}C:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe | "UDP Query User{964A1058-24CA-45E8-AD45-D78EAC97EAD4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{9836EB2E-5565-408C-B472-BC39EBBA6AF6}E:\warcraft iii lan\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii lan\war3.exe | "UDP Query User{CCE2B5AD-022B-4ADB-B53A-FABDB85DA1A6}C:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe | "UDP Query User{CE251EAE-46AA-4AE8-986A-747A4A2E131F}C:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A80AF0FF-16ED-3B44-9103-A874B3771422}" = Windows Phone Emulator x64 - DEU "{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2 "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{E8C633FD-8719-448F-9A55-F04CFDD53E67}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam "USB_AUDIO_DEusb-audio.deReloopJockey3ME" = Reloop Jockey 3 ME USB ASIO driver "WinRAR archiver" = WinRAR 4.01 (64-Bit) "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy) "{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4 "{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools "{07C57B29-D2E4-4959-84A5-016F2BE11A35}" = Microsoft Windows Phone 7 Developer Resources(DE) "{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components) "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{1762BA00-6EBE-4430-9FBB-16F516B4A46D}" = Microsoft Expression Blend SDK for Windows Phone 7 "{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "{1D537C29-27C9-4EE2-92BC-22D0910EAE9D}" = Microsoft XNA Game Studio 4.0 Language Pack (de-DE) "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{553B3EFC-4D47-36D4-B15E-BE098BAEC8AC}" = Windows Phone 7 Add-in for Visual Studio 2010 - DEU "{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010 "{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry) "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe "{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio) "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9219F0C5-4320-43D3-8A23-F8B4C6F02DEE}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK "{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}" = Microsoft Expression Blend SDK for Silverlight 4 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F39359B6-58F1-4837-BE9B-D111FAF50D74}" = Microsoft Visual Studio 2010 Express for Windows Phone - DEU "{F7800FC1-6948-4D64-A9BC-3EEDDA408D25}" = Microsoft Expression Blend 4 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "1489-3350-5074-6281" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Blend_4.0.20901.0" = Microsoft Expression Blend 4 "CL-Eye Driver" = CL-Eye Driver "Counter-Strike: Source v17" = Counter-Strike: Source v17 "DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt "HotspotShield" = Hotspot Shield 2.53 "InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "Microsoft Visual Studio 2010 Express for Windows Phone - DEU" = Microsoft Windows Phone Developer Tools - DEU "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Service Center" = Native Instruments Service Center "Native Instruments Traktor 2" = Native Instruments Traktor 2 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "SpeedFan" = SpeedFan (remove only) "VLC media player" = VLC media player 2.0.1 "Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.6.0 "WinLiveSuite" = Windows Live Essentials "XMedia Recode" = XMedia Recode 3.0.8.4 "XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.06.2012 18:00:45 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:00:45 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.06.2012 18:27:52 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ System Events ] Error - 19.06.2012 12:28:08 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 20.06.2012 06:50:18 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 20.06.2012 06:50:18 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 20.06.2012 14:03:35 | Computer Name = Marianne-PC | Source = DCOM | ID = 10010 Description = Error - 21.06.2012 10:34:26 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 21.06.2012 10:34:26 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 25.06.2012 09:28:43 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 25.06.2012 09:28:43 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 25.06.2012 13:15:21 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 Error - 25.06.2012 13:15:22 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet: %%577 < End of report > OTL.txt: Code:
ATTFilter OTL logfile created on: 25.06.2012 21:39:04 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Clemens\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,48% Memory free 8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 213,25 Gb Total Space | 122,52 Gb Free Space | 57,45% Space Free | Partition Type: NTFS Drive E: | 19,53 Gb Total Space | 1,90 Gb Free Space | 9,71% Space Free | Partition Type: NTFS Computer Name: MARIANNE-PC | User Name: Clemens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.25 21:35:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Clemens\Downloads\OTL.exe PRC - [2012.05.08 19:01:53 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:01:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 19:01:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.02.11 22:07:54 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 17:21:19 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll MOD - [2012.06.13 17:06:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.13 17:06:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 16:44:35 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.12 14:01:41 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll MOD - [2012.05.12 12:49:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 12:48:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 12:48:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 12:48:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.01.29 21:23:22 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.25 16:27:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 22:24:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 19:01:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 19:01:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2011.12.16 11:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.02.11 22:07:54 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 19:01:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:01:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 23:16:34 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2011.12.16 23:16:32 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.11 17:59:48 | 000,411,712 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rlj3me_u.sys -- (RELOOP_JOCKEY3ME_USB) DRV:64bit: - [2010.10.11 17:59:46 | 000,051,264 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rlj3me_a.sys -- (RELOOP_JOCKEY3ME_WDM) DRV:64bit: - [2010.10.11 17:59:44 | 000,031,296 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rlj3me_m.sys -- (RELOOP_JOCKEY3ME_MIDI) DRV:64bit: - [2010.09.01 21:54:40 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.04.27 04:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.25 04:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001) DRV:64bit: - [2009.06.10 23:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.24 13:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2007.10.01 15:59:46 | 001,829,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2007.07.26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2006.11.18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 E9 64 8F 13 D9 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=107738&babsrc=SP_ss&mntrId=30057ff500000000000000ff94eedfe3 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=107738&babsrc=adbartrp&mntrId=30057ff500000000000000ff94eedfe3&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 22:24:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 22:24:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.25 16:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Extensions [2012.05.14 16:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\9tekxp9h.default\extensions [2012.01.10 18:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.30 16:50:06 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2012.01.06 15:19:31 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CLEMENS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TEKXP9H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.16 22:24:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.15 15:13:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.14 16:40:18 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.02.15 15:13:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.15 15:13:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 15:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 15:13:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 15:13:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.28 14:43:49 | 000,000,926 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 192.168.178.53 developerservices.windowsphone.com O1 - Hosts: 192.168.178.32 developerservices.windowsphone.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.postbank.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244F1588-EE7B-4486-BD60-BFB03350C5B2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.25 18:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.25 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.25 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.06.13 14:26:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7DBE41FD-F994-4324-8F8A-0337B0B404A4} [2012.06.13 14:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2012.06.13 14:23:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133} [2012.06.13 14:23:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.13 14:18:51 | 276,453,536 | ---- | C] (Native Instruments ) -- C:\Users\Clemens\Desktop\Traktor 2 2.5.0 Setup PC.exe [2012.06.13 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\Macromedia [2012.06.12 22:21:49 | 000,000,000 | ---D | C] -- C:\Users\Clemens\Documents\Native Instruments [2012.06.12 22:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2012.06.12 22:20:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B} [2012.06.12 22:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2012.06.12 22:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012.06.12 22:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2012.06.12 21:47:36 | 000,411,712 | ---- | C] (Ploytec GmbH) -- C:\Windows\SysNative\drivers\rlj3me_u.sys [2012.06.12 21:47:36 | 000,051,264 | ---- | C] (Ploytec GmbH) -- C:\Windows\SysNative\drivers\rlj3me_a.sys [2012.06.12 21:47:36 | 000,031,296 | ---- | C] (Ploytec GmbH) -- C:\Windows\SysNative\drivers\rlj3me_m.sys [2012.06.12 21:47:36 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.deReloopJockey3ME [2012.06.01 21:28:31 | 000,000,000 | RH-D | C] -- C:\ESD ========== Files - Modified Within 30 Days ========== [2012.06.25 21:35:19 | 000,000,000 | ---- | M] () -- C:\Users\Clemens\defogger_reenable [2012.06.25 21:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.25 21:15:22 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 21:15:22 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 21:01:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669260355-712338567-2124028690-1000UA.job [2012.06.25 19:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.25 19:14:55 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012.06.25 18:38:23 | 000,001,288 | ---- | M] () -- C:\Users\Clemens\Desktop\Spybot - Search & Destroy.lnk [2012.06.25 18:01:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669260355-712338567-2124028690-1000Core.job [2012.06.19 01:32:49 | 003,932,184 | ---- | M] () -- C:\snp2uvc-001.raw [2012.06.13 16:59:37 | 000,392,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 16:50:34 | 001,639,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 16:50:34 | 000,698,784 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 16:50:34 | 000,653,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 16:50:34 | 000,149,088 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 16:50:34 | 000,121,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 14:25:56 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk [2012.06.13 14:23:46 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2012.06.12 22:19:58 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk [2012.06.07 22:18:41 | 000,000,148 | R--- | M] () -- C:\Users\Clemens\Desktop\ts.m3u [2012.06.01 22:14:16 | 2817,654,784 | ---- | M] () -- C:\Users\Clemens\Documents\Windows.iso [2012.06.01 22:03:56 | 000,001,405 | ---- | M] () -- C:\Users\Clemens\Desktop\Windows installieren.lnk [2012.05.30 23:02:26 | 000,000,527 | ---- | M] () -- C:\Windows\wiso.ini ========== Files Created - No Company Name ========== [2012.06.25 21:35:19 | 000,000,000 | ---- | C] () -- C:\Users\Clemens\defogger_reenable [2012.06.25 18:30:59 | 000,001,288 | ---- | C] () -- C:\Users\Clemens\Desktop\Spybot - Search & Destroy.lnk [2012.06.13 14:25:56 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk [2012.06.13 00:02:29 | 003,878,204 | ---- | C] () -- C:\Users\Clemens\Desktop\Jockey3_V26.1-(2Decks,2Sample Decks).tsi [2012.06.12 22:20:23 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk [2012.06.12 22:19:58 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk [2012.06.07 22:18:53 | 000,000,148 | R--- | C] () -- C:\Users\Clemens\Desktop\ts.m3u [2012.06.01 22:10:46 | 2817,654,784 | ---- | C] () -- C:\Users\Clemens\Documents\Windows.iso [2012.06.01 22:03:56 | 000,001,405 | ---- | C] () -- C:\Users\Clemens\Desktop\Windows installieren.lnk [2012.01.26 11:49:42 | 000,000,527 | ---- | C] () -- C:\Windows\wiso.ini [2012.01.09 17:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012.01.03 03:53:56 | 000,039,864 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe [2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll [2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll [2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll [2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll [2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.05.25 18:55:16 | 001,596,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2011.02.11 21:57:49 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.02.11 21:57:36 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.02.11 21:57:34 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini ========== LOP Check ========== [2011.12.23 03:29:42 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Easeware [2011.05.25 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Lexware [2011.07.15 16:06:51 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\OpenOffice.org [2012.02.12 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\SoftGrid Client [2011.11.26 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Temp [2011.11.13 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TP [2011.08.20 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\XMedia Recode [2012.04.25 12:01:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > MfG Clemens93 Geändert von Clemens93 (25.06.2012 um 21:34 Uhr) Grund: Logfiles als code eingebunden |
29.06.2012, 15:22 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner spioniert meine Email-Passwörter aus Hattest du ein zu einfaches Passwort? Beschreib mal wie das Passwort vorher war, also Länge und Zeichensatz.
__________________Ein schwaches Passwort besteht zB nur aus kleinen Buchstaben oder nur aus Zahlen und ist kürzer als 8 Stellen. Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
29.06.2012, 19:35 | #3 |
| Trojaner spioniert meine Email-Passwörter aus Mein Passwort war eigentlich ziemlich einfach: 2 Buchstaben + meine PLZ, die allerdings eine einfache Zahlenkombination ist. Insgesamt hatte es 7 Zeichen.
__________________Nach fast 3,5h ist der Suchlauf nun fertig. Malwarebytes-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.29.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Clemens :: MARIANNE-PC [Administrator] 29.06.2012 17:03:02 mbam-log-2012-06-29 (17-03-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 587638 Laufzeit: 3 Stunde(n), 25 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Clemens\Downloads\vidcodec.464783(1).exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Clemens\Downloads\vidcodec.464783.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Eset-Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7934bcfcb437714cb395272e4403a916 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-29 09:32:31 # local_time=2012-06-29 11:32:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 21882554 21882554 0 0 # compatibility_mode=5893 16776574 100 94 32408603 92625845 0 0 # compatibility_mode=8192 67108863 100 0 151 151 0 0 # scanned=365511 # found=1 # cleaned=0 # scan_time=9556 C:\Users\Clemens\Downloads\windows.7.codec.pack.v3.6.0.setup.exe probably a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I |
01.07.2012, 14:30 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner spioniert meine Email-Passwörter aus Ist das Passwort nun geändert? Wenn ja, werden immer noch Mails ohne dein Zutun versendet?
__________________ Logfiles bitte immer in CODE-Tags posten |
01.07.2012, 15:05 | #5 |
| Trojaner spioniert meine Email-Passwörter aus Das Passwort habe ich sofort, nachdem ich es bemerkt hatte, von einem anderen PC aus geändert. Seitdem habe ich mich nicht mehr vom "infizierten" PC aus in mein Email-Konto eingeloggt, da ich mir ja bis jetzt noch nicht ganz sicher war, ob er clean ist. Es wurden nachdem ich das Passwort von dem anderen PC aus geändert hatte, keine Mails mehr versandt, was ja aber auch logisch ist, da auf dem "infizierten" PC keine Logins mehr durchgeführt wurden (außer Trojaner-board), bei denen das Passwort ausspioniert werden hätte können. Soll ich den Befund von Eset deinstallieren? Ich denke nicht, dass ich ihn brauche, weil ich eh den VLC-player verwende und der standardmäßig alle Codecs hat. Wenn ich ihn entfernt habe, ist mein PC dann "clean" oder muss ich noch weitere Schritte durchführen? |
01.07.2012, 16:21 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner spioniert meine Email-Passwörter aus ESET hat manchmal sehr hysterische Funde. Ich denke du kannst dich auch wieder mit deinem "normalen" Rechner einloggen. Keylogger sind da nicht. Ansonsten einfach genauer beschrieben wenn noch weitere Probleme da sind
__________________ --> Trojaner spioniert meine Email-Passwörter aus |
02.07.2012, 00:34 | #7 |
| Trojaner spioniert meine Email-Passwörter aus Habe den Befund von Eset auch gelöscht und verwende den PC nun wieder. Hoffe, dass es keine Probleme gibt, aber falls es welche gibt, weiß ich ja an welches sehr hilfsbereite Forum ich mich wenden kann. Vielen Dank für die Hilfe! |
Themen zu Trojaner spioniert meine Email-Passwörter aus |
account, antivir, auslesen, call of duty, cookies, dateien, device driver, emailadresse, emails, erstellt, firefox 13.0.1, folge, geändert, google, hotspot shield, install.exe, jdownloader, keylogger, kurze, langs, laptop, lexware, microsoft office word, nichts, nvidia update, officejet, otl auswertung, passwort, plug-in, posten, problem, safer networking, scan, search, search the web, searchscopes, spybot, tastatureingaben, temporäre, trojaner, trojaner-board, usb 2.0, versand, version=1.0, virenscan, visual studio |