Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mail delivery failed. Web.de Postfach verschickt selbständig Emails.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 11.09.2012, 07:31   #1
Steve0
 
Mail delivery failed. Web.de Postfach verschickt selbständig Emails. - Standard

Mail delivery failed. Web.de Postfach verschickt selbständig Emails.



Mir ist letzte Woche schon mal aufgefallen das mein Web.de Postfach eigenstänidig Emails versendet. Ich vermute es zumindest da ich ungefähr 7 Emails mit der betreff Maildelivery failed erhalten habe und die in den Emails angegebenen Empfängeradressen nicht kenne. Daraufhin habe ich das Passwort des Postfaches geändert und einen vollständigen Systemscan mit Antivir gemacht. Antivir hat aber nichts gefunden deswegen bin ich davon ausgegangen das ich mit dem Passwortwechsel auf der sicheren Seite bin. Nun hab ich gestern wieder diese Emails mit dem Maildelivery failed betreff bekommen. Ich würde mich sehr über Hilfe freuen.
Ich hab schon mal vorsorglich einen Malwarebytes check gemacht und werde den logtext anhängen und otl hab ich auch schon mal durchlaufen lassen. Ich hoffe ihr könnt mir helfen.


[CODE]Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [Administrator]

10.09.2012 23:17:16
mbam-log-2012-09-10 (23-17-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 697162
Laufzeit: 2 Stunde(n), 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.09.2012 07:35:04 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Steve\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 59,41% Memory free
7,59 Gb Paging File | 5,76 Gb Available in Paging File | 75,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 51,89 Gb Free Space | 44,57% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 78,83 Gb Free Space | 23,90% Space Free | Partition Type: NTFS
Drive F: | 14,83 Gb Total Space | 8,50 Gb Free Space | 57,34% Space Free | Partition Type: FAT32
 
Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll ()
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll ()
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (zebrmdmc) -- C:\Windows\SysNative\drivers\zebrmdmc.sys (MCCI)
DRV:64bit: - (zebrmdm) -- C:\Windows\SysNative\drivers\zebrmdm.sys (MCCI)
DRV:64bit: - (zebrmdfl) -- C:\Windows\SysNative\drivers\zebrmdfl.sys (MCCI Corporation)
DRV:64bit: - (zebrbus) -- C:\Windows\SysNative\drivers\zebrbus.sys (MCCI)
DRV:64bit: - (sfvfs02) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology)
DRV:64bit: - (sfdrv01) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology)
DRV:64bit: - (sfhlp02) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 4E BB 18 8A 30 CB 01  [binary data]
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2967869
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/Users/Steve/AppData/Local/Google/Chrome/User%20Data/Default/Extensions/caehdcpeofiiigpdhbabniblemipncjj/SwitchyAuto.pac?1334601712387
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2
FF - prefs.js..extensions.enabledAddons: vlcplaylist@helgatauscher.de:0.7.2
FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2012.02.14
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1818576\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.03.27 10:22:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.05 22:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.23 15:07:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.05 22:17:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.23 15:07:00 | 000,000,000 | ---D | M]
 
[2010.07.31 09:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions
[2012.09.06 20:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\lb4wcsjq.default\extensions
[2012.09.06 20:31:17 | 000,000,000 | ---D | M] (GIGA Deutsch Community Toolbar) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\lb4wcsjq.default\extensions\{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440}
[2012.07.31 22:29:09 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\lb4wcsjq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.05.18 15:29:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\lb4wcsjq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 15:39:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\lb4wcsjq.default\extensions\ich@maltegoetz.de
[2012.03.28 12:12:18 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\lb4wcsjq.default\extensions\vshare@toolbar
[2012.06.01 22:16:33 | 000,007,343 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\extensions\vlcplaylist@helgatauscher.de.xpi
[2011.10.19 10:29:55 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2011.12.09 13:23:45 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012.07.26 09:34:48 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.03.16 18:51:36 | 000,000,950 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\searchplugins\icqplugin-1.xml
[2010.12.08 13:49:10 | 000,001,056 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\searchplugins\icqplugin.xml
[2012.03.18 19:19:56 | 000,002,412 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\searchplugins\Linkury Smartbar Search.xml
[2010.11.27 17:38:37 | 000,001,583 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\mozilla\firefox\profiles\lb4wcsjq.default\searchplugins\web-search.xml
[2012.03.19 19:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.27 10:22:56 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.09.05 22:17:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.27 12:21:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 22:17:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.27 12:21:58 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 12:21:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 12:21:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 12:21:58 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.145.0_0\npBFHUpdater.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1818576\npmathplugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U6 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: Google Translate = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WGT Golf Challenge = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Google+ = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: Google Kalender = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Battlefield Heroes = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.145.0_0\
CHR - Extension: Pixlr Editor = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0\
CHR - Extension: Google \u00DCbersetzer f\u00FCr Google+ = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfppgkomfopklagggkjiaddgndkgopgl\1.1.7_0\
CHR - Extension: Google Maps = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: Google Mail = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\Toolbar\WebBrowser: (no name) - {1CE76C93-A797-4CA2-AB3C-F4A6CFBA3440} - No CLSID value found.
O3 - HKU\S-1-5-21-2761538403-3478655871-178291849-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2761538403-3478655871-178291849-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2761538403-3478655871-178291849-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steve\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steve\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E47E0BB-8397-47A7-ACEF-5D8A884F497A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9002D774-5E96-40B4-8A6F-A1CF894839DC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c5d063e6-64cb-11e0-87ac-485b39601d5b}\Shell - "" = AutoRun
O33 - MountPoints2\{c5d063e6-64cb-11e0-87ac-485b39601d5b}\Shell\AutoRun\command - "" = H:\RunGame.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 23:19:35 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012.09.05 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2012.09.05 21:08:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.05 21:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.05 21:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.05 09:06:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Programmierung
[2012.09.05 08:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueJ
[2012.09.05 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\bluej
[2012.09.05 08:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueJ
[2012.09.04 10:04:38 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.08.23 15:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.23 15:07:00 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.23 15:07:00 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.23 15:06:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.23 15:06:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.23 12:06:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\FOTO CD
[2012.08.16 13:57:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 13:57:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 13:57:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 13:57:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 13:57:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 13:57:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 13:57:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 13:57:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 13:57:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 13:57:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 13:57:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 13:57:55 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 13:57:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 10:48:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 10:48:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 10:48:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 10:48:11 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 07:29:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.11 07:25:31 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 07:25:31 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 07:22:13 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.11 07:22:13 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.11 07:22:13 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.11 07:22:13 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.11 07:22:13 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.11 07:17:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 07:17:38 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.11 07:03:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.11 06:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761538403-3478655871-178291849-1000UA.job
[2012.09.10 23:19:39 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012.09.10 23:16:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.10 09:51:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2761538403-3478655871-178291849-1000Core.job
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 00:11:20 | 000,007,592 | ---- | M] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2012.09.05 19:35:00 | 000,004,027 | ---- | M] () -- C:\Users\Steve\.recently-used.xbel
[2012.09.05 08:50:20 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\BlueJ.lnk
[2012.09.04 10:04:34 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.04 10:04:34 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.04 10:04:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.04 10:04:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.04 10:04:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.04 10:04:34 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.03 07:33:46 | 000,002,457 | ---- | M] () -- C:\Users\Steve\Desktop\Google Chrome.lnk
[2012.08.21 10:34:30 | 001,338,567 | ---- | M] () -- C:\Users\Steve\Desktop\Hund.jpg
[2012.08.19 09:30:40 | 000,388,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.05 21:08:54 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.05 19:35:00 | 000,004,027 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2012.09.05 08:50:20 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\BlueJ.lnk
[2012.08.16 13:45:38 | 001,338,567 | ---- | C] () -- C:\Users\Steve\Desktop\Hund.jpg
[2012.08.15 09:44:13 | 000,911,828 | ---- | C] () -- C:\Users\Steve\Desktop\SCN_0001.pdf
[2012.07.30 21:29:56 | 000,007,660 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\.freeciv-client-rc-2.3
[2012.05.15 09:56:40 | 000,000,550 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.24 18:46:42 | 000,171,820 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.12.06 21:44:03 | 000,000,000 | ---- | C] () -- C:\Users\Steve\.gtk-bookmarks
[2011.12.06 21:40:16 | 000,624,784 | ---- | C] () -- C:\Users\Steve\.fonts.cache-1
[2011.11.11 11:23:39 | 000,290,904 | ---- | C] () -- C:\Windows\SysWow64\vc6-re200l.dll
[2011.11.11 09:16:19 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.10 15:02:30 | 000,005,387 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2011.10.10 15:02:29 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2011.10.10 15:02:29 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2011.10.10 15:02:29 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2011.10.10 15:02:29 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2011.10.10 15:02:29 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2011.10.10 15:02:29 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2011.10.10 15:02:29 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2011.10.10 15:02:29 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2011.10.10 15:02:29 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2011.10.10 15:02:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2011.10.10 15:02:29 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2011.10.10 15:02:29 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2011.10.10 15:02:29 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2011.10.10 15:02:29 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2011.10.10 15:02:29 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2011.10.10 15:02:29 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2011.09.19 12:55:33 | 000,007,168 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.31 20:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.08.31 20:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.08.31 20:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.08.31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.07.03 17:18:01 | 000,000,000 | ---- | C] () -- C:\Users\Steve\AppData\Local\{1AF375CB-5FB0-4719-BB42-CF8F1F1BFCC7}
[2011.06.16 09:20:13 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.06.16 09:14:59 | 000,000,082 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2011.04.28 12:13:14 | 000,000,136 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.23 00:57:06 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010.12.09 21:55:54 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.12.09 21:52:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.11.24 18:07:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.31 09:38:17 | 000,007,592 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
 
[2011.08.03 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2011.05.22 14:13:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Opera
[2011.08.03 10:25:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Teleca
[2012.07.30 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.freeciv
[2012.01.27 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.minecraft
[2011.03.13 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Anvsoft
[2012.03.16 12:30:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ashampoo
[2011.11.11 11:00:20 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Atmel
[2011.03.14 12:08:23 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CadSoft
[2011.06.04 20:04:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canneverbe Limited
[2011.07.08 23:30:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Command and Conquer 4
[2010.08.24 21:43:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2012.05.04 18:29:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoft
[2011.05.18 15:29:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.13 15:17:11 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Firefly Studios
[2012.01.11 11:45:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\flightgear.org
[2011.05.18 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Free MP3 WMA OGG Converter
[2012.09.05 19:35:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2011.01.18 21:07:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HandBrake
[2011.07.01 17:53:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ICQ
[2011.05.04 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ImgBurn
[2011.06.08 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2011.12.06 23:24:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MAGIX
[2010.11.24 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Miranda Fusion
[2011.09.21 12:30:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mouse Recorder Pro
[2012.08.02 10:19:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MyPhoneExplorer
[2011.07.11 23:10:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NAVIGON
[2010.08.01 16:50:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Need for Speed World
[2012.07.02 10:12:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Notepad++
[2012.07.10 10:57:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenCandy
[2010.10.12 17:57:11 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2012.04.09 17:38:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Opera
[2012.07.05 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\pdfforge
[2011.11.14 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Rainmeter
[2011.09.19 09:33:16 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Recorder
[2011.10.19 10:10:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Samsung
[2012.01.11 11:34:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Subversion
[2012.03.27 12:55:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Swiss Academic Software
[2011.08.03 10:13:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Teleca
[2012.03.26 20:04:23 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TerraTec
[2010.09.19 16:09:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\The Creative Assembly
[2010.08.22 10:11:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Touchstone
[2011.04.19 22:26:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TS3Client
[2011.10.19 08:35:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.11.11 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\VisualAssist
[2011.04.17 12:37:20 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\wargaming.net
[2012.06.15 10:21:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:73BDADA8

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.09.2012 07:35:04 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\Steve\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 59,41% Memory free
7,59 Gb Paging File | 5,76 Gb Available in Paging File | 75,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 51,89 Gb Free Space | 44,57% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 78,83 Gb Free Space | 23,90% Space Free | Partition Type: NTFS
Drive F: | 14,83 Gb Total Space | 8,50 Gb Free Space | 57,34% Space Free | Partition Type: FAT32
 
Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0955489C-27F4-464F-A6B4-D36D03C32D59}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0D79C722-3AE1-4D8D-8821-686D58CE0D95}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1C6CA506-43D6-4A25-A696-EA1BF6C1D1B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E47D5E2-DD8E-4358-AE64-4CB140D65C8B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{341D06CC-7AE5-4605-BBB1-42AC83AEF34E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3B255AF1-910D-4827-A04D-90A2139F6C6A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4119DDEC-B639-4CDA-A699-20DCD4FEB602}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{445944FD-46B8-45DB-8B0A-7D937AE7D40D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4670CE48-DF91-4F13-A8D1-AEA180F164DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5FD1A217-0FCF-4313-B1E9-1B7E92A50C8B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{666D2AB3-FF9F-4B70-A54E-B8C7AE9E4B21}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8B319E63-8B25-4D07-97C4-E8F9FF4C0773}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A5A73CFD-474D-401D-B71F-065DD8CAC2CD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B0FD6874-EC0C-4FD2-B09A-D11E4011D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BA8B5C6D-BBE6-42B4-83AD-7A74F34AC4B4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{C4E500A9-1E55-4971-BF49-517857C31DC8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D444D4B2-D58B-4961-9AD2-8529FB9C9347}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D6256BA7-2C25-4020-9E39-0798707916FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F23DD1AD-01CF-4758-8ECB-5EC93DFAD3F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F617057B-E0C0-4C03-805F-D1085BC8D135}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F9345D56-5C77-4618-8B71-8681150F9690}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031F0A59-32C4-40C6-86D2-687D4FCAD816}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{046A5294-EC11-4A96-8028-CA88E0F2807A}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{08FD2111-DDD6-4E80-929B-5E95C5DE337A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{0A1D7A98-5FCC-407B-8116-862333987D39}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0C430E17-0FAB-47D0-8CEF-5309EA975BCA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{10D0DE05-A3BE-4C7F-B24A-A6950587AE8F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\gnuman@web.de\counter-strike\hl.exe | 
"{18B41BBC-996A-4A87-8094-FC13ADAF9001}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe | 
"{19065F43-0D6B-4411-98C7-C88FF7C7487A}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{1B5B21C2-D9CD-437F-A87D-6DC7340B5EB0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe | 
"{1D4F78DE-E8D6-4F05-9504-DD2991D08AC5}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{1EF4372F-D540-421B-962B-971A178CF10E}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{1FC0D636-245F-4A5B-A199-F43F8CC723BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{217D9C96-40D6-42F8-BC54-32125CFB3C23}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{27D66472-55DD-4161-8B50-74492FD3388E}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{2A5B9238-76D4-4709-95D7-0B559300889A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2BBB9617-42B1-4AAB-BBEA-7C511D162C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{30FEC6F6-90A2-4A46-847B-18037048E6B8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3267F101-CC0E-4178-938B-6968A0E87759}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\pa_fischer@hotmail.com\half-life\hl.exe | 
"{366B6870-EB94-4362-9FBE-92A1B33A626D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\kein_plan\counter-strike source\hl2.exe | 
"{36F5EAB4-F67E-4FC7-B6CB-CC52627B6621}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{3A193075-E96A-4492-A70B-9AE9E9981E0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{46F27498-8FE1-4069-BEDF-20A64CB21D4B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\pa_fischer@hotmail.com\counter-strike\hl.exe | 
"{47E1663D-CEF1-443F-86A4-A6A0ABBC6F5E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{49031623-1A2A-43D8-8B68-FD10A227F1A4}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{6093BD66-08A7-4075-BFC9-3CD613701C46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{67CDF408-E569-4959-AD95-FD17E1880C8B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{69CF3754-71D0-4957-9A9B-520719C8AE61}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6BD58346-5647-4ADE-B3E6-4DE9F3E930F3}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{6C3172FE-14E3-4FA0-B990-89E655F407D3}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{6CC81C65-9B6F-43EC-8CE6-0B082CB98F79}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe | 
"{70AB8A41-9483-4DF7-BF61-1032AF48E41F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\gnuman@web.de\counter-strike\hl.exe | 
"{70DB016F-99EE-4341-93A8-BAEC1D354084}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7AF0FF80-B51A-42FF-882E-1A062984FEA4}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{7E61037F-C564-4E3F-BFF7-4D47495D10C3}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{7EB16772-37EC-4822-B293-8E715D0F5734}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{84BEE2FB-663C-43F0-9CF4-AD284B8F26B0}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\pa_fischer@hotmail.com\half-life\hl.exe | 
"{8941EC77-ABA9-4B8F-979A-20709B3A1E6D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{8C683903-45F5-4C54-9DBD-F03B50FA87F2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe | 
"{8D9498C0-C9CD-472B-B5F5-12D30A77A176}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{94145263-5EF3-4573-A7F1-002F2A04D0E8}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe | 
"{992C06B0-6A31-4D3A-99E9-DF80EFCE48C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9ACBED83-66A1-416B-9CA5-6D56DD156DFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9B6C1B6D-9EF4-43AE-8CDB-0B8FFBEB5925}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9F0B7E0C-044E-4583-A61A-343180CF3554}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A3322B61-05EE-49AD-BA67-7B398A2037F0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{AB31D0B7-B3FA-43B4-9971-5CBF0AE9B25C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe | 
"{B7583CDE-0287-4F6E-B28F-D6955C30B626}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe | 
"{B87A9E37-1E97-4564-9E2C-1B1DCD60A6A7}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{BEE7EE21-1474-4962-84C3-F1BF7451AE2A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{BF31E87D-FF6C-47AC-AE8B-2F90014BB8C6}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\pa_fischer@hotmail.com\counter-strike\hl.exe | 
"{C185D8E1-EDA8-4099-A7D6-731608574B87}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm | 
"{C41045A0-930E-4758-8741-BC8A0912D2BE}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{C42A6958-CC1F-4EFB-943E-80445009F9C3}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe | 
"{CA78505A-B752-4303-9845-820115EC7568}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{CB1934B0-19D7-4247-9F63-9676D269EAFE}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{CC9E5E00-79EA-4A7B-BA85-61D62BF9B5BD}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\kein_plan\counter-strike source\hl2.exe | 
"{D0E1C4C5-4BFE-45C5-AA80-987C180638B5}" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe | 
"{D322274C-0182-4BF3-9538-7A2EA5440044}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{D3872F7B-044E-47E8-972C-B71CB9EC7F72}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm | 
"{DA12AAD7-65A2-49B2-8298-FD72F2D64DA0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DC978044-2118-4855-B028-C8267F88265A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E2945ED9-E148-49F6-8E36-913DBCBF5A85}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe | 
"{E51907BD-FA72-436C-8EF5-EAE1E2493A12}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{EE2EE016-FBC7-4CB8-A699-933FD7BEE257}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{EF4C93B3-DFC7-49CB-9C6F-27B7482674CD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F2E72C76-D98F-4E4F-9D03-A88A9B98D747}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{F3B46950-7716-415F-9164-76DB49721DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\fusiontools\updater.exe | 
"TCP Query User{024079CE-83C8-426B-8D90-AD3C196219BE}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{12740855-F44C-40A5-A706-BF073ABBDEEC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{1693FEF5-1B78-48A7-90F4-EBF8E94D57A3}D:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{1B256C52-D035-4D99-A278-B490D8907525}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{30FBF908-122F-4E1C-89F9-AC595DD9D142}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{342D95AE-B53F-4C37-AFC6-3DD5D34B1BD8}D:\progs\miranda\miranda64.exe" = protocol=6 | dir=in | app=d:\progs\miranda\miranda64.exe | 
"TCP Query User{3B883C02-9B15-4C26-82CA-AF882E6E741D}C:\users\steve\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\steve\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{4533F4CA-19C1-4958-A6E8-BC7106F0F7A9}D:\progs\avr\amtel\avrstudio5.exe" = protocol=6 | dir=in | app=d:\progs\avr\amtel\avrstudio5.exe | 
"TCP Query User{49DEC6DE-A8F8-4A5A-95B7-BE0771DB100D}D:\games\nfs world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\games\nfs world\data\nfsw.exe | 
"TCP Query User{54B86EFA-2314-4993-A611-7ECE9DF6A1C4}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{56E0CA27-C741-493C-8296-902589984719}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{62845482-1494-43D6-95C9-D1844FAFEB6D}D:\games\cube 2\sauerbraten\bin\sauerbraten.exe" = protocol=6 | dir=in | app=d:\games\cube 2\sauerbraten\bin\sauerbraten.exe | 
"TCP Query User{76ADA520-D3DC-44E7-AD38-4DB223260B12}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{8E927B70-8B5C-4FCA-A9FC-325076D3528C}D:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game | 
"TCP Query User{8EB7A1B7-F1AC-4791-9729-FB87996E88D9}D:\progs\girc\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=d:\progs\girc\gamers.irc\mirc.exe | 
"TCP Query User{956A3C7C-BC25-4DD6-8147-3DB91A2F97C0}D:\games\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=d:\games\freeciv\freeciv-server.exe | 
"TCP Query User{9B8FC9FB-F1AB-4B68-9738-476C40B03910}D:\games\world of tanks\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world of tanks\world_of_tanks\wotlauncher.exe | 
"TCP Query User{A233D3D8-91CF-4BDD-90D8-1CEEED796F74}D:\games\paintball\paintball2\paintball2.exe" = protocol=6 | dir=in | app=d:\games\paintball\paintball2\paintball2.exe | 
"TCP Query User{A2703954-A8EA-4529-BEEB-544BDEBEF7E0}D:\progs\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\progs\mirc\mirc.exe | 
"TCP Query User{A9129958-02D0-448D-8D99-1051EFEFBB54}D:\games\c&c\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=d:\games\c&c\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"TCP Query User{BDDB39E1-5EFC-4653-AD8B-17E926962984}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{C4228D4E-5DD6-4C21-A7AF-CA9ED8014D85}D:\games\turok\binaries\turokgame.exe" = protocol=6 | dir=in | app=d:\games\turok\binaries\turokgame.exe | 
"TCP Query User{E04D0C10-E624-4020-8E40-8D8F4B93D1D8}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{ED1342D3-DCEE-422C-8590-60909042984A}D:\games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=d:\games\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{EE1A1D58-C91C-48A9-9B26-63241E29C020}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{F9EEE8D3-D8AB-4F72-AB44-D6C284BE1E47}D:\games\world of tanks\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world of tanks\world_of_tanks\worldoftanks.exe | 
"TCP Query User{FF6FE936-E1A3-449C-9946-0E306C39B7F9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{14F7F055-9BC6-4CB5-AD22-B652A0AB5BC4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{1ADE52C1-10E9-4CC7-A3E3-EE7C4F35270C}D:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{283444E5-362F-4DFC-8DAF-50655E759961}D:\progs\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\progs\mirc\mirc.exe | 
"UDP Query User{342660EA-3756-4AB0-B155-CDBA0591A96A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{38CD96B7-A6D7-4C8F-AB8B-5E99ABAEFD18}D:\progs\avr\amtel\avrstudio5.exe" = protocol=17 | dir=in | app=d:\progs\avr\amtel\avrstudio5.exe | 
"UDP Query User{50582161-E903-4955-9B48-5BC172B07E6C}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{513D238F-0DAE-46B4-AD5B-A4C647807262}D:\progs\miranda\miranda64.exe" = protocol=17 | dir=in | app=d:\progs\miranda\miranda64.exe | 
"UDP Query User{78779B56-D39E-4929-BACB-3887B09BBA43}D:\games\world of tanks\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world of tanks\world_of_tanks\wotlauncher.exe | 
"UDP Query User{80C5793A-D29A-401D-9BF3-FB1AC44A0FEA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{922E980D-035A-4B81-B766-6AE7373821C3}D:\games\c&c\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=d:\games\c&c\officialcnctiberiansun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"UDP Query User{94B55A99-1E1B-465D-B487-9BE0EF6CBDA6}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{A7EFB1B0-1E93-47A8-A233-F77CD5D26ADE}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{AC00DE4A-7CED-4A6F-87E8-8E13FF859B10}D:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\command and conquer 4 tiberian twilight\data\cnc4.game | 
"UDP Query User{B137B639-480A-4908-A12D-84D2032BC01A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{B842969C-0EA0-4BA2-A908-5318B98CEC78}D:\games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=d:\games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{BF22113A-D787-4C4E-BF1C-1032200213FF}D:\progs\girc\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=d:\progs\girc\gamers.irc\mirc.exe | 
"UDP Query User{C6BC91F4-15EC-4079-946E-50C83280DE03}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{DA4CA8C4-6E07-48A9-84C5-3B8FF4ACE077}D:\games\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=d:\games\freeciv\freeciv-server.exe | 
"UDP Query User{DD3E5BD1-A258-435C-83C0-A1DA9840D854}D:\games\world of tanks\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world of tanks\world_of_tanks\worldoftanks.exe | 
"UDP Query User{EE48C038-D30C-493F-A90A-77F1C964770A}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{F254CCDD-A1ED-4052-893D-1B1B80CD470B}D:\games\turok\binaries\turokgame.exe" = protocol=17 | dir=in | app=d:\games\turok\binaries\turokgame.exe | 
"UDP Query User{F3E89651-8287-41D4-9DF5-3389B6007392}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{F498FC7D-F18F-4BAA-A704-40C085DB7194}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{F5160060-33B6-43E4-A3F6-1CA0AA3DA77E}D:\games\nfs world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\games\nfs world\data\nfsw.exe | 
"UDP Query User{F8F20CDA-A7EB-4BF1-97EA-C1CCE6840537}C:\users\steve\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\steve\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{FCFE395A-400E-4152-96CC-292BBADAE47B}D:\games\paintball\paintball2\paintball2.exe" = protocol=17 | dir=in | app=d:\games\paintball\paintball2\paintball2.exe | 
"UDP Query User{FF5E6FF5-9538-48FD-95D8-CAD59F79458F}D:\games\cube 2\sauerbraten\bin\sauerbraten.exe" = protocol=17 | dir=in | app=d:\games\cube 2\sauerbraten\bin\sauerbraten.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"894E651124E21A67181E93D667C2B350E49099FD" = Windows-Treiberpaket - Sonix (SNP2UVC) Image  (01/25/2010 061.005.200.300)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"A-WIN-Extras 8.0.0 1818576_is1" = Mathematica Extras 8.0 (1818576)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"MatlabR2010bSP1" = MATLAB R2010bSP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"M-WIN-G 8.0.0 1819003_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.0 1819003)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"sp6" = Logitech SetPoint 6.20
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2CE5E313-EC49-4527-A752-6DC89FE51C0D}" = AVR Toolchain
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.1.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87998E4E-6D9C-411B-AAE9-B8523FFE357D}" = Image Data Converter
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{C1AC4F7A-4B50-4903-882A-D61D3D13782D}" = AVR Studio 4.19
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVR Studio 4.19
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = AVR Jungo USB
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"AnvSoft Photo Flash Maker Platinum" = AnvSoft Photo Flash Maker Platinum 5.32
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Cinergy T Stick RC" = Cinergy T Stick RC V10.0.0.0
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Setup.divx.com" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"EAGLE 5.11.0" = EAGLE 5.11.0
"FastImageResizer" = FastImageResizer (remove only)
"FASTMD5" = FASTMD5 1.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Gamers.IRC" = Gamers.IRC 6.03
"GIMPshop" = GIMPshop 2.2.8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MirandaFusion" = Miranda Fusion 3.0.8
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIA.Updatus" = NVIDIA Updatus
"OpenAL" = OpenAL
"PSpice Student" = PSpice Student 9.1
"PunkBusterSvc" = PunkBuster Services
"ReClock" = ReClock (remove only)
"Sauerbraten" = Sauerbraten
"Sierra Utilities" = Sierra Utilities
"SopCast" = SopCast 3.3.2
"ST6UNST #1" = Recorder
"Steam App 10" = Counter-Strike
"Steam App 10500" = Empire: Total War
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 410" = Portal: First Slice
"Steam App 4560" = Company of Heroes
"Steam App 47700" = Command and Conquer 4: Tiberian Twilight
"Steam App 550" = Left 4 Dead 2
"Steam App 8980" = Borderlands
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2761538403-3478655871-178291849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SimAquarium" = SimAquarium
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.09.2012 16:15:36 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16411
 
Error - 08.09.2012 16:15:36 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16411
 
Error - 08.09.2012 16:15:37 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.09.2012 16:15:37 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17410
 
Error - 08.09.2012 16:15:37 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17410
 
Error - 08.09.2012 16:15:38 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.09.2012 16:15:38 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18408
 
Error - 08.09.2012 16:15:38 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18408
 
Error - 08.09.2012 16:15:39 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.09.2012 16:15:39 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19547
 
Error - 08.09.2012 16:15:39 | Computer Name = Steve-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19547
 
[ System Events ]
Error - 03.09.2012 17:03:21 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 04.09.2012 12:14:56 | Computer Name = Steve-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 04.09.2012 12:15:42 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 04.09.2012 14:59:03 | Computer Name = Steve-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 05.09.2012 01:23:59 | Computer Name = Steve-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 05.09.2012 01:24:42 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 06.09.2012 02:08:39 | Computer Name = Steve-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 06.09.2012 02:09:17 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
Error - 11.09.2012 01:17:30 | Computer Name = Steve-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 11.09.2012 01:18:23 | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarOpen
 
 
< End of report >
         
--- --- ---

Geändert von Steve0 (11.09.2012 um 07:41 Uhr)

 

Themen zu Mail delivery failed. Web.de Postfach verschickt selbständig Emails.
antivir, autorun, avira, bho, bonjour, converter, error, failed, firefox, flash player, gfnexsrv.exe, google, google earth, hängen, install.exe, langs, logfile, mail delivery, mp3, nvidia update, nvpciflt.sys, plug-in, popup, realtek, registry, rundll, security, sketchup, smartbar, software, stick, svchost.exe, teamspeak, usb 2.0, wma, wscript.exe




Ähnliche Themen: Mail delivery failed. Web.de Postfach verschickt selbständig Emails.


  1. Mail delivery failed-Email wird an meine gespeicherten Emailadressen verschickt
    Plagegeister aller Art und deren Bekämpfung - 17.06.2015 (15)
  2. E-Mail Programm blockiert - Mail delivery failed..
    Log-Analyse und Auswertung - 20.04.2014 (18)
  3. Seit gestern 800 Emails mit Mail delivery failed​: returning message ​to sender​
    Log-Analyse und Auswertung - 27.03.2014 (9)
  4. mail delivery failed: returning message to sender obwohl ich nichts verschickt habe...
    Plagegeister aller Art und deren Bekämpfung - 28.12.2013 (5)
  5. Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach!
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (3)
  6. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  7. Mail delivery failed, aber nur in Windows live mail
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (8)
  8. Mail delivery failed
    Log-Analyse und Auswertung - 09.06.2013 (7)
  9. GMX Verschickt von selbst EMails.... Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 15.05.2013 (1)
  10. Mail delivery failed: returning message to sender, obwohl keine mail versendet
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (0)
  11. Mail delivery failed Emails - vermutlich Maleware Problem
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (16)
  12. Postfach überschwemmt mit: "Mail Delivery Failed [...]" (GMX)
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (0)
  13. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  14. Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de!
    Log-Analyse und Auswertung - 13.12.2012 (9)
  15. Web.de (Mail delivery failed)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (16)
  16. Email-Account verschickt selbständig Emails ans komplette Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 05.08.2011 (8)
  17. viele MAILER-DAEMON@mail.gmx.net emails im postfach bei thunderbird
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (8)

Zum Thema Mail delivery failed. Web.de Postfach verschickt selbständig Emails. - Mir ist letzte Woche schon mal aufgefallen das mein Web.de Postfach eigenstänidig Emails versendet. Ich vermute es zumindest da ich ungefähr 7 Emails mit der betreff Maildelivery failed erhalten habe - Mail delivery failed. Web.de Postfach verschickt selbständig Emails....
Archiv
Du betrachtest: Mail delivery failed. Web.de Postfach verschickt selbständig Emails. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.