Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner spioniert meine Email-Passwörter aus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.06.2012, 21:19   #1
Clemens93
 
Trojaner spioniert meine Email-Passwörter aus - Beitrag

Trojaner spioniert meine Email-Passwörter aus



Hallo trojaner-board,

mein Problem ist Folgendes. Von meiner Emailadresse wurden Emails versandt ohne, dass ich irgendetwas damit gemacht hatte. Also habe ich von meinem Laptop aus das Passwort geändert und dachte das Problem so zu beheben. Allerdings wurden am nächsten Tag wieder Emails von dem Account aus versandt. Nach einer kurzen Zeit googlen, habe ich gelesen, dass es sich um einen Trojaner auf meinem Laptop handeln muss, der meine Tastatureingaben auslesen kann und so an mein Passwort gelangt ist.

Daraufhin habe ich eine Virenscan mit Antivir gemacht, bei dem allerdings nichts gefunden wurde und dann einen mit Spybot Search & Destroy. Dieser hatte 102 Befunde und konnte alle "beheben". Allerdings habe ich gelesen, dass es auch viele Trojaner gibt, die dieser übersieht und die Befunde waren alle nur "temporäre Dateien oder Cookies". Ein Trojaner wurde nicht gefunden.

Danach habe ich die Schritte hier befolgt und wollte euch nun meine beiden Logs, die von OTL erstellt wurden, posten, damit ihr mir weiterhelfen könnt. Ich bin über jede Hilfe dankbar, da ich meinen Laptop schnellstmöglich wieder benutzen will.

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 25.06.2012 21:39:04 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Clemens\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,48% Memory free
8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213,25 Gb Total Space | 122,52 Gb Free Space | 57,45% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 1,90 Gb Free Space | 9,71% Space Free | Partition Type: NTFS
 
Computer Name: MARIANNE-PC | User Name: Clemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09122612-6AD6-4EB0-AB36-25111C875FB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0BB1773A-D23A-4352-816F-56CC424CE781}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0D2DF36B-6F17-4DCA-AC4E-64A198A2C38A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{146FB05B-3795-4112-ABEA-6E38383AA62C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{17D7B55D-1961-4BDA-BF95-66181D21112E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1AB633E7-2C43-4EDE-AAFB-D17A4CBFDDF1}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{1B6A9681-799C-4EB4-922D-A1964BB77D43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{217595A5-DDB6-4BE9-B733-3ADE1B75DFDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{225FFF81-C871-496F-BA50-6B9DCE491A7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C18FD81-596A-43E9-A1B6-03A72306C0D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40D9D5A5-1A20-472A-B00D-BDC8936A2EF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61E23DC7-F7D9-4AE7-9E0A-103F81A81429}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{67AEAED5-4EE0-4834-B1D1-F73480F175FD}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{6EF78A6E-5C4C-4C5D-AB03-C6164F469848}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{780CB2D2-C01A-46BA-8BD2-EBBEBAE70DB6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7A9140A4-C93D-4CF7-B51A-3AF3ACDCD541}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7C411261-F0BB-4793-B424-D0F1745A7370}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{7F1588FD-BC81-4367-87B7-C89FE7A6051D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F9463CE-77CE-4586-9429-1E795BA17945}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{81C2795A-FD14-4300-BFAE-CBF0EA3F06DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85F9F3B3-C573-4433-AFDF-E83617FBDE6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E2121B7-9821-423C-B7F5-EEAAD00D42BC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F6850D9-DF2D-46B4-A2B6-032C4CBF7501}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9251CE09-96C4-4EF6-82E8-A0DE00523C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{96A8E531-2039-4687-96AF-0CC6C35FFDA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9914E50A-99AD-472C-9109-8656002A61A3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A86E57DF-4FE8-45F3-9A3D-68EFB4AF6B36}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B2E24346-BDB6-43BB-9D37-2F90599492A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7295481-9CAA-42D7-8C3A-8646228000F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8D71F67-F8AA-4838-8A39-CEE5FBDB7CB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2923DE9-EF2F-4421-921A-56A562C8E55C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD0BAD3D-978D-4A14-8AAF-B4C8B2C07B8A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D06244A9-CA8F-4BEE-B956-7EB1B9097AF2}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe | 
"{D7820EAC-413E-4151-BC4E-FEFC608AADCF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D9165685-41F8-4E26-815C-7497C30BA317}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D9D0A448-E8B3-4532-ADB6-CE9CEBD994E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DC4752E1-DB52-445B-B2A2-4E6A0E1E6456}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{E70F6C00-6A24-4B15-9112-1B01F17209D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E85065FA-CC5B-4C78-B144-9920B19349F1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E9AC508A-E183-44D1-895A-8BE85FA13C42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FAEBDA4F-D6C4-49C3-B3C8-B58947DBE32D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FC17A98E-6847-4467-A55D-406591DDD553}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073C007D-4B41-48A4-B819-5A0D5225331E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0E1E097C-4D28-474F-B320-D585F18CEAD5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1F8C4542-0DDD-4E41-B301-984E99E59F4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{27B847E2-E718-411E-AEBF-3B027F0F92FA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2FDA9D16-5C8D-49E4-8599-457A8ECE7DF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{318427AE-CC2B-4904-8064-507809EBBA30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{35ACF478-7D11-4FC8-8549-5DBC243AD812}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{3B5CDC87-6C2B-4CCE-A1A1-5E8616D9FD6D}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{4232C8EB-D6B5-43BF-A585-F0AD5E3A089A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{47F8B2D2-CA14-4DEC-8AEC-1A89CC7CC771}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{4ADBEE7B-0CC0-491A-93D0-4895086E1596}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EB825A1-8E8D-410C-AF17-9C2FEA3CD7B5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5268CD98-67F3-4221-93FA-964AECC55DD1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{57BB6F8C-B2D2-4830-BEBB-EDBE6F613FF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5C60F87E-384C-4399-B142-3FB733DE8B5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D595E0B-0E73-47BD-AE40-186E1F4D666E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5E0ABA39-E8F3-4917-8EBE-56C812ED1535}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6979B81F-DFBA-4B32-A2A3-1414F32E3EF6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{6BBA864A-05F0-4FC8-B4BB-A3EDAD5944CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{76FF6D7B-D664-4E49-8FE2-6664199FDB3E}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{841D852E-C2E3-4E37-8E9D-AD0CF1A0C4D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8908D0A6-C113-468B-B2EE-BADD0DE37C46}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{89AE344E-BBD8-43D4-AFA8-6BFF063E5408}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92CF646D-4902-4ACF-A7FA-D8C0297E62AD}" = protocol=6 | dir=out | app=system | 
"{95DB1386-DAA4-41C6-BFC9-4084FE50E10B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{96A3C451-6266-4C2C-A5B7-96FE0931A780}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{96A3CEC8-0045-4788-8F34-08EA0BC0ECD0}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{97EC5C6F-0758-415E-B2EA-D473A4CB7195}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9F953F6C-CE79-4551-98FE-3DC6251037C1}" = protocol=6 | dir=out | app=system | 
"{A633A119-86AD-4389-9DD6-09F91E4EC3F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AEC8F834-3E1A-41BD-82F6-3F015EA00519}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C856B125-4B60-411C-8951-CC3F048452FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C9C7001C-BAD5-4F5C-BDF3-465EF518B942}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D1A5631D-EA00-4538-9DFD-B9AD69F3C2AC}" = protocol=6 | dir=out | app=system | 
"{D4E29148-19E8-4DF5-939D-B950D475B14A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DAE9BA43-166B-4850-A339-C1B8EC416661}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{E0E7A584-C0E2-400E-949F-9C9BBE0644AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EA6DC25E-E547-4F20-A605-629492E45602}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA7AFF2F-8EE1-48FF-B1ED-EEC55CEC38F4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F102F7AD-5CB0-4F87-AA40-1A4C198E90AB}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{FD087E2C-D5A8-4FD5-968D-A85DFF044CAF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{12834B36-A518-42EC-A26C-F23FC359746E}\\criss-pc\lan\flat out 2\flatout2.exe" = protocol=6 | dir=in | app=\\criss-pc\lan\flat out 2\flatout2.exe | 
"TCP Query User{1D87D98B-9243-40FE-A819-D4AD2D2DAD2C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{4EE7F338-1182-420A-B630-4CA3BE4D5FF1}F:\warcraft 3\war3.exe" = protocol=6 | dir=in | app=f:\warcraft 3\war3.exe | 
"TCP Query User{53CDE0FE-40AD-4AAA-87AE-7CF989F79F04}E:\warcraft iii lan\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii lan\war3.exe | 
"TCP Query User{6548FAB4-6217-41B8-9719-A0A1262EEDFC}C:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe | 
"TCP Query User{80E730D3-6E90-41FC-88A7-E6BF231CE797}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe | 
"TCP Query User{88CD2C48-836F-41B5-9001-10229E3AA0E9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{9A665355-EE68-4C87-AC74-7D6A5BF43D14}C:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe | 
"TCP Query User{ABAB91AC-8EBA-45C2-9CF4-130F6A7DF1FD}C:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe | 
"TCP Query User{AE5FAB58-3E13-4F6C-9A5B-F3080FB6D6D9}C:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe | 
"TCP Query User{C893337E-BF9B-476D-9619-68BDD376A476}C:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe" = protocol=6 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe | 
"TCP Query User{EBC22E60-51F4-40A2-82B0-C8DA06C8323D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{ED15582A-6A2F-47D5-8A58-0366C76835CA}C:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{FB6535E2-6BD6-4C1B-A452-DF5C1BF9B864}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{0A0E304A-0122-4B45-B9E0-3E81B334F401}C:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex70.208\jailbreakwindowsphone\chevronwp7.exe | 
"UDP Query User{0A9CBB21-1574-47DC-928B-756D5B8B4433}F:\warcraft 3\war3.exe" = protocol=17 | dir=in | app=f:\warcraft 3\war3.exe | 
"UDP Query User{12249188-AE8D-43E9-845B-C668C4F9DEA5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{2EFEEB4E-47C1-491C-B757-5B238EF4D1E3}C:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\lan\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{5E5EB7F3-7321-472C-9792-728CF50C07DE}\\criss-pc\lan\flat out 2\flatout2.exe" = protocol=17 | dir=in | app=\\criss-pc\lan\flat out 2\flatout2.exe | 
"UDP Query User{5E90EACB-29BB-4447-A545-609914E5C575}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe | 
"UDP Query User{7E4D367E-4659-4F2E-9131-CD28CA738E6B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{8ABA1D8D-378A-4911-A145-63E636C8B4BD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{9187DA62-1884-4D0D-9C03-CC9D93D298A9}C:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\temp4_rund-um-sorglos-paket.zip\jailbreakwindowsphone\chevronwp7.exe | 
"UDP Query User{956D7CBF-B896-4D2D-9DF3-2BBC13583C9E}C:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex89.112\jailbreakwindowsphone\chevronwp7.exe | 
"UDP Query User{964A1058-24CA-45E8-AD45-D78EAC97EAD4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{9836EB2E-5565-408C-B472-BC39EBBA6AF6}E:\warcraft iii lan\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii lan\war3.exe | 
"UDP Query User{CCE2B5AD-022B-4ADB-B53A-FABDB85DA1A6}C:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe" = protocol=17 | dir=in | app=c:\users\clemens\appdata\local\temp\rar$ex21.120\jailbreakwindowsphone\chevronwp7.exe | 
"UDP Query User{CE251EAE-46AA-4AE8-986A-747A4A2E131F}C:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\matthias1970\counter-strike source\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A80AF0FF-16ED-3B44-9103-A874B3771422}" = Windows Phone Emulator x64 - DEU
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E8C633FD-8719-448F-9A55-F04CFDD53E67}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB_AUDIO_DEusb-audio.deReloopJockey3ME" = Reloop Jockey 3 ME USB ASIO driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{07C57B29-D2E4-4959-84A5-016F2BE11A35}" = Microsoft Windows Phone 7 Developer Resources(DE)
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1762BA00-6EBE-4430-9FBB-16F516B4A46D}" = Microsoft Expression Blend SDK for Windows Phone 7
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1D537C29-27C9-4EE2-92BC-22D0910EAE9D}" = Microsoft XNA Game Studio 4.0 Language Pack (de-DE)
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{553B3EFC-4D47-36D4-B15E-BE098BAEC8AC}" = Windows Phone 7 Add-in for Visual Studio 2010 - DEU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9219F0C5-4320-43D3-8A23-F8B4C6F02DEE}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK
"{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}" = Microsoft Expression Blend SDK for Silverlight 4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F39359B6-58F1-4837-BE9B-D111FAF50D74}" = Microsoft Visual Studio 2010 Express for Windows Phone  - DEU
"{F7800FC1-6948-4D64-A9BC-3EEDDA408D25}" = Microsoft Expression Blend 4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"CL-Eye Driver" = CL-Eye Driver
"Counter-Strike: Source v17" = Counter-Strike: Source v17
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"HotspotShield" = Hotspot Shield 2.53
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Microsoft Visual Studio 2010 Express for Windows Phone  - DEU" = Microsoft Windows Phone Developer Tools - DEU
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SpeedFan" = SpeedFan (remove only)
"VLC media player" = VLC media player 2.0.1
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.6.0
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.8.4
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.06.2012 18:00:45 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:00:45 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:51 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.06.2012 18:27:52 | Computer Name = Marianne-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 19.06.2012 12:28:08 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 20.06.2012 06:50:18 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 20.06.2012 06:50:18 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 20.06.2012 14:03:35 | Computer Name = Marianne-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.06.2012 10:34:26 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 21.06.2012 10:34:26 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 25.06.2012 09:28:43 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 25.06.2012 09:28:43 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 25.06.2012 13:15:21 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 25.06.2012 13:15:22 | Computer Name = Marianne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
 
< End of report >
         
--- --- ---


OTL.txt:

Code:
ATTFilter
OTL logfile created on: 25.06.2012 21:39:04 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Clemens\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,48% Memory free
8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213,25 Gb Total Space | 122,52 Gb Free Space | 57,45% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 1,90 Gb Free Space | 9,71% Space Free | Partition Type: NTFS
 
Computer Name: MARIANNE-PC | User Name: Clemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.25 21:35:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Clemens\Downloads\OTL.exe
PRC - [2012.05.08 19:01:53 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:01:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:01:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.02.11 22:07:54 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.09.15 10:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 17:21:19 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
MOD - [2012.06.13 17:06:43 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 17:06:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 16:44:35 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 14:01:41 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012.05.12 12:49:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 12:48:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 12:48:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 12:48:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.01.29 21:23:22 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.25 16:27:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 22:24:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 19:01:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:01:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011.12.16 11:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.02.11 22:07:54 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:01:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:01:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 23:16:34 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.12.16 23:16:32 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.11 17:59:48 | 000,411,712 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rlj3me_u.sys -- (RELOOP_JOCKEY3ME_USB)
DRV:64bit: - [2010.10.11 17:59:46 | 000,051,264 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rlj3me_a.sys -- (RELOOP_JOCKEY3ME_WDM)
DRV:64bit: - [2010.10.11 17:59:44 | 000,031,296 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rlj3me_m.sys -- (RELOOP_JOCKEY3ME_MIDI)
DRV:64bit: - [2010.09.01 21:54:40 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.25 04:14:46 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l160x64.sys -- (AtcL001)
DRV:64bit: - [2009.06.10 23:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.24 13:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007.10.01 15:59:46 | 001,829,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2007.07.26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006.11.18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 E9 64 8F 13 D9 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=107738&babsrc=SP_ss&mntrId=30057ff500000000000000ff94eedfe3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=107738&babsrc=adbartrp&mntrId=30057ff500000000000000ff94eedfe3&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 22:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 22:24:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.25 16:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Extensions
[2012.05.14 16:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\9tekxp9h.default\extensions
[2012.01.10 18:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.30 16:50:06 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.01.06 15:19:31 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CLEMENS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TEKXP9H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.16 22:24:56 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.15 15:13:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.14 16:40:18 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.15 15:13:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.15 15:13:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.15 15:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 15:13:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 15:13:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.28 14:43:49 | 000,000,926 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.178.53	developerservices.windowsphone.com
O1 - Hosts: 192.168.178.32	developerservices.windowsphone.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Clemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.postbank.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244F1588-EE7B-4486-BD60-BFB03350C5B2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 18:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.06.25 18:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.25 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.06.13 14:26:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7DBE41FD-F994-4324-8F8A-0337B0B404A4}
[2012.06.13 14:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2012.06.13 14:23:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}
[2012.06.13 14:23:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.13 14:18:51 | 276,453,536 | ---- | C] (Native Instruments                                                                                                                                                                                                                                                                                          ) -- C:\Users\Clemens\Desktop\Traktor 2 2.5.0 Setup PC.exe
[2012.06.13 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Local\Macromedia
[2012.06.12 22:21:49 | 000,000,000 | ---D | C] -- C:\Users\Clemens\Documents\Native Instruments
[2012.06.12 22:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2012.06.12 22:20:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2012.06.12 22:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2012.06.12 22:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012.06.12 22:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012.06.12 21:47:36 | 000,411,712 | ---- | C] (Ploytec GmbH) -- C:\Windows\SysNative\drivers\rlj3me_u.sys
[2012.06.12 21:47:36 | 000,051,264 | ---- | C] (Ploytec GmbH) -- C:\Windows\SysNative\drivers\rlj3me_a.sys
[2012.06.12 21:47:36 | 000,031,296 | ---- | C] (Ploytec GmbH) -- C:\Windows\SysNative\drivers\rlj3me_m.sys
[2012.06.12 21:47:36 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.deReloopJockey3ME
[2012.06.01 21:28:31 | 000,000,000 | RH-D | C] -- C:\ESD
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.25 21:35:19 | 000,000,000 | ---- | M] () -- C:\Users\Clemens\defogger_reenable
[2012.06.25 21:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.25 21:15:22 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 21:15:22 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 21:01:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669260355-712338567-2124028690-1000UA.job
[2012.06.25 19:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 19:14:55 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 18:38:23 | 000,001,288 | ---- | M] () -- C:\Users\Clemens\Desktop\Spybot - Search & Destroy.lnk
[2012.06.25 18:01:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-669260355-712338567-2124028690-1000Core.job
[2012.06.19 01:32:49 | 003,932,184 | ---- | M] () -- C:\snp2uvc-001.raw
[2012.06.13 16:59:37 | 000,392,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 16:50:34 | 001,639,280 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 16:50:34 | 000,698,784 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 16:50:34 | 000,653,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 16:50:34 | 000,149,088 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 16:50:34 | 000,121,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.13 14:25:56 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2012.06.13 14:23:46 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2012.06.12 22:19:58 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2012.06.07 22:18:41 | 000,000,148 | R--- | M] () -- C:\Users\Clemens\Desktop\ts.m3u
[2012.06.01 22:14:16 | 2817,654,784 | ---- | M] () -- C:\Users\Clemens\Documents\Windows.iso
[2012.06.01 22:03:56 | 000,001,405 | ---- | M] () -- C:\Users\Clemens\Desktop\Windows installieren.lnk
[2012.05.30 23:02:26 | 000,000,527 | ---- | M] () -- C:\Windows\wiso.ini
 
========== Files Created - No Company Name ==========
 
[2012.06.25 21:35:19 | 000,000,000 | ---- | C] () -- C:\Users\Clemens\defogger_reenable
[2012.06.25 18:30:59 | 000,001,288 | ---- | C] () -- C:\Users\Clemens\Desktop\Spybot - Search & Destroy.lnk
[2012.06.13 14:25:56 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2012.06.13 00:02:29 | 003,878,204 | ---- | C] () -- C:\Users\Clemens\Desktop\Jockey3_V26.1-(2Decks,2Sample Decks).tsi
[2012.06.12 22:20:23 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2012.06.12 22:19:58 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2012.06.07 22:18:53 | 000,000,148 | R--- | C] () -- C:\Users\Clemens\Desktop\ts.m3u
[2012.06.01 22:10:46 | 2817,654,784 | ---- | C] () -- C:\Users\Clemens\Documents\Windows.iso
[2012.06.01 22:03:56 | 000,001,405 | ---- | C] () -- C:\Users\Clemens\Desktop\Windows installieren.lnk
[2012.01.26 11:49:42 | 000,000,527 | ---- | C] () -- C:\Windows\wiso.ini
[2012.01.09 17:59:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.01.03 03:53:56 | 000,039,864 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2011.12.27 20:31:20 | 004,342,784 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.12.27 20:31:04 | 000,135,680 | ---- | C] () -- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
[2011.12.21 18:10:32 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2011.12.21 18:10:26 | 006,266,784 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2011.12.21 18:10:26 | 000,977,648 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2011.12.21 18:10:26 | 000,353,984 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2011.12.21 18:10:26 | 000,202,728 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2011.12.21 18:10:26 | 000,127,384 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.25 18:55:16 | 001,596,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.02.11 21:57:49 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.11 21:57:36 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.11 21:57:34 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
========== LOP Check ==========
 
[2011.12.23 03:29:42 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Easeware
[2011.05.25 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Lexware
[2011.07.15 16:06:51 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\OpenOffice.org
[2012.02.12 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\SoftGrid Client
[2011.11.26 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Temp
[2011.11.13 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TP
[2011.08.20 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\XMedia Recode
[2012.04.25 12:01:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

MfG Clemens93

Geändert von Clemens93 (25.06.2012 um 21:34 Uhr) Grund: Logfiles als code eingebunden

Alt 29.06.2012, 15:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner spioniert meine Email-Passwörter aus - Standard

Trojaner spioniert meine Email-Passwörter aus



Hattest du ein zu einfaches Passwort? Beschreib mal wie das Passwort vorher war, also Länge und Zeichensatz.
Ein schwaches Passwort besteht zB nur aus kleinen Buchstaben oder nur aus Zahlen und ist kürzer als 8 Stellen.


Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 29.06.2012, 19:35   #3
Clemens93
 
Trojaner spioniert meine Email-Passwörter aus - Standard

Trojaner spioniert meine Email-Passwörter aus



Mein Passwort war eigentlich ziemlich einfach: 2 Buchstaben + meine PLZ, die allerdings eine einfache Zahlenkombination ist. Insgesamt hatte es 7 Zeichen.

Nach fast 3,5h ist der Suchlauf nun fertig.

Malwarebytes-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Clemens :: MARIANNE-PC [Administrator]

29.06.2012 17:03:02
mbam-log-2012-06-29 (17-03-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 587638
Laufzeit: 3 Stunde(n), 25 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Clemens\Downloads\vidcodec.464783(1).exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Clemens\Downloads\vidcodec.464783.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Eset-Log folgt gleich.

Eset-Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7934bcfcb437714cb395272e4403a916
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-29 09:32:31
# local_time=2012-06-29 11:32:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 21882554 21882554 0 0
# compatibility_mode=5893 16776574 100 94 32408603 92625845 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=365511
# found=1
# cleaned=0
# scan_time=9556
C:\Users\Clemens\Downloads\windows.7.codec.pack.v3.6.0.setup.exe	probably a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
         
__________________

Alt 01.07.2012, 14:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner spioniert meine Email-Passwörter aus - Standard

Trojaner spioniert meine Email-Passwörter aus



Ist das Passwort nun geändert?
Wenn ja, werden immer noch Mails ohne dein Zutun versendet?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.07.2012, 15:05   #5
Clemens93
 
Trojaner spioniert meine Email-Passwörter aus - Standard

Trojaner spioniert meine Email-Passwörter aus



Das Passwort habe ich sofort, nachdem ich es bemerkt hatte, von einem anderen PC aus geändert. Seitdem habe ich mich nicht mehr vom "infizierten" PC aus in mein Email-Konto eingeloggt, da ich mir ja bis jetzt noch nicht ganz sicher war, ob er clean ist.

Es wurden nachdem ich das Passwort von dem anderen PC aus geändert hatte, keine Mails mehr versandt, was ja aber auch logisch ist, da auf dem "infizierten" PC keine Logins mehr durchgeführt wurden (außer Trojaner-board), bei denen das Passwort ausspioniert werden hätte können.

Soll ich den Befund von Eset deinstallieren? Ich denke nicht, dass ich ihn brauche, weil ich eh den VLC-player verwende und der standardmäßig alle Codecs hat.

Wenn ich ihn entfernt habe, ist mein PC dann "clean" oder muss ich noch weitere Schritte durchführen?


Alt 01.07.2012, 16:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner spioniert meine Email-Passwörter aus - Standard

Trojaner spioniert meine Email-Passwörter aus



ESET hat manchmal sehr hysterische Funde.
Ich denke du kannst dich auch wieder mit deinem "normalen" Rechner einloggen. Keylogger sind da nicht.

Ansonsten einfach genauer beschrieben wenn noch weitere Probleme da sind
__________________
--> Trojaner spioniert meine Email-Passwörter aus

Alt 02.07.2012, 00:34   #7
Clemens93
 
Trojaner spioniert meine Email-Passwörter aus - Standard

Trojaner spioniert meine Email-Passwörter aus



Habe den Befund von Eset auch gelöscht und verwende den PC nun wieder. Hoffe, dass es keine Probleme gibt, aber falls es welche gibt, weiß ich ja an welches sehr hilfsbereite Forum ich mich wenden kann.

Vielen Dank für die Hilfe!

Antwort

Themen zu Trojaner spioniert meine Email-Passwörter aus
account, antivir, auslesen, call of duty, cookies, dateien, device driver, emailadresse, emails, erstellt, firefox 13.0.1, folge, geändert, google, hotspot shield, install.exe, jdownloader, keylogger, kurze, langs, laptop, lexware, microsoft office word, nichts, nvidia update, officejet, otl auswertung, passwort, plug-in, posten, problem, safer networking, scan, search, search the web, searchscopes, spybot, tastatureingaben, temporäre, trojaner, trojaner-board, usb 2.0, versand, version=1.0, virenscan, visual studio




Ähnliche Themen: Trojaner spioniert meine Email-Passwörter aus


  1. Email Account gehackt: Email Versand an meine Kontakte mit meinem Namen, aber anderer Email Adresse.
    Log-Analyse und Auswertung - 29.07.2015 (3)
  2. Jemand benutzt meine Email-Adresse
    Plagegeister aller Art und deren Bekämpfung - 02.07.2014 (4)
  3. Email an meine Mutter unter meinem Namen von unbekannter Email Adresse
    Überwachung, Datenschutz und Spam - 01.11.2013 (1)
  4. Spam mails über meine Email Adresse
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (12)
  5. Wurde mein PC gehackt? Kann der Angreifer immer noch meine Passwörter sehen?
    Log-Analyse und Auswertung - 14.08.2012 (5)
  6. Über meine Email werden Spam verschickt
    Log-Analyse und Auswertung - 16.12.2011 (1)
  7. virus, das meine passwörter weiß?
    Log-Analyse und Auswertung - 28.11.2010 (0)
  8. UNBEKANNTES VERSTECKTES LINUX SYSTEM HAT KONTROLLE ÜBER MEINE FESTPLATEN,SPIONIERT usw...
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (2)
  9. Spam über meine email Adresse versendet
    Log-Analyse und Auswertung - 17.10.2010 (1)
  10. Spioniert Trojaner meine Passwörter aus?
    Log-Analyse und Auswertung - 26.08.2010 (16)
  11. Trojaner spioniert Passwörter aus ?
    Log-Analyse und Auswertung - 23.08.2010 (33)
  12. Trojaner ? werde ich spioniert sämtliche email wurden gelöscht u.s.w...
    Plagegeister aller Art und deren Bekämpfung - 05.06.2010 (1)
  13. Wurden meine Passwörter geklaut ? imrec.exe
    Plagegeister aller Art und deren Bekämpfung - 30.05.2009 (2)
  14. trojaner befall - muss ich nun meine passwörter ändern?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2009 (9)
  15. Email geschieben über meine IP aber nicht von mir!
    Mülltonne - 19.12.2008 (0)
  16. jemand ändert meine passwörter
    Plagegeister aller Art und deren Bekämpfung - 07.02.2008 (7)
  17. Kann nicht auf meine EMail zurückgreifen
    Log-Analyse und Auswertung - 09.08.2007 (4)

Zum Thema Trojaner spioniert meine Email-Passwörter aus - Hallo trojaner-board, mein Problem ist Folgendes. Von meiner Emailadresse wurden Emails versandt ohne, dass ich irgendetwas damit gemacht hatte. Also habe ich von meinem Laptop aus das Passwort geändert und - Trojaner spioniert meine Email-Passwörter aus...
Archiv
Du betrachtest: Trojaner spioniert meine Email-Passwörter aus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.