Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Mail Account gehackt?

Mail Account gehackt?


Plagegeister aller Art und deren Bekämpfung: Mail Account gehackt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 25.04.2013, 19:39   #1
Mr.Green
 
Mail Account gehackt? - Standard

Mail Account gehackt?


Hallo,

ich beschreibe mal mein Problem: Ich hatte mich gerade auf meinem Mailaccount eingeloggt, da sehe ich, dass der letzte Login zu einer Uhrzeit stattgefunden hat, zu der ich mich sicher nicht eingeloggt hatte. Lies mich natürlich stutzig werden. Ich wähle meine pw schon mit Bedacht aus, wie also sollte jemand da rankommen? Jetzt würde ich gerne wissen, ob mein PC sauber ist. Hoffe ich bin hier bei euch richtig.

Hier die Logfiles nach eurer Anleitung:


OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.04.2013 19:42:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 63,18% Memory free
11,99 Gb Paging File | 9,70 Gb Available in Paging File | 80,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 13,43 Gb Free Space | 18,04% Space Free | Partition Type: NTFS
Drive D: | 323,74 Gb Total Space | 112,53 Gb Free Space | 34,76% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 281,78 Gb Free Space | 96,18% Space Free | Partition Type: NTFS
Drive F: | 314,80 Gb Total Space | 261,97 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive G: | 2,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 1,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.25 18:41:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2013.04.12 21:01:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.29 20:09:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.29 20:09:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.29 20:09:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.08 18:04:18 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.10.08 17:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Programme\Tablet\Wacom\WacomHost.exe
PRC - [2012.09.26 19:14:10 | 000,168,864 | ---- | M] () -- F:\HTC Sync\HTC Sync\adb.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- F:\Open Office\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- F:\Open Office\program\soffice.bin
PRC - [2012.08.13 12:08:08 | 000,103,936 | ---- | M] (OpenOffice.org) -- F:\Open Office\program\swriter.exe
PRC - [2012.07.16 17:49:10 | 000,087,368 | ---- | M] (Nero AG) -- F:\HTC Sync\HSMServiceEntry.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 21:01:16 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.09.26 19:14:10 | 000,168,864 | ---- | M] () -- F:\HTC Sync\HTC Sync\adb.exe
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- F:\Open Office\program\libxml2.dll
MOD - [2012.08.10 17:50:56 | 000,170,496 | ---- | M] () -- F:\Open Office\program\libxslt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.16 10:31:57 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 21:01:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 20:09:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.29 20:09:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.29 09:14:18 | 000,613,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV - [2012.10.08 18:04:18 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.10.01 09:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 17:49:10 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- F:\HTC Sync\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.13 21:53:09 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.04.13 21:53:09 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.03.29 20:09:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 20:09:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 20:09:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.12 10:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.10.12 10:20:38 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.10.12 10:20:38 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.09.25 23:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012.09.18 11:32:44 | 000,042,808 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2012.09.18 11:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.09.18 11:32:32 | 000,015,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.12 16:19:52 | 000,019,840 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2011.12.12 16:19:22 | 000,658,944 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.11.02 12:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.09.10 09:50:26 | 000,527,360 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 2B FF 4D DE EC CD 01  [binary data]
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 31 E4 4F 06 0E CE 01  [binary data]
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3772093366-415461289-3751294527-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.ftp: "178.48.2.237"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "178.48.2.237"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "178.48.2.237"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "178.48.2.237"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: F:\VLC Player\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: F:\amazonMP3downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.01.07 16:28:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.18 21:24:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 21:01:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:01:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 21:01:15 | 000,000,000 | ---D | M]
 
[2013.01.07 15:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.02.01 17:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7p5dpez1.default\extensions
[2013.01.07 21:53:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7p5dpez1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.01.19 21:14:42 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\7p5dpez1.default\extensions\stealthyextension@gmail.com.xpi
[2013.02.01 17:40:44 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\7p5dpez1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 21:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.07 16:28:50 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
[2013.04.12 21:01:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [sketchmanager] C:\Program Files (x86)\Wacom\Inkling Sketch Manager\SketchManager.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Users\Admin\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1004..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3772093366-415461289-3751294527-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = F:\Open Office\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75F0DEC-90A7-4FDA-9C40-9DE0E2634A96}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.18 17:56:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.05.23 20:26:32 | 001,713,448 | R--- | M] () - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006.03.02 18:58:48 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1258b817-621e-11e2-98a0-00241d191b91}\Shell - "" = AutoRun
O33 - MountPoints2\{1258b817-621e-11e2-98a0-00241d191b91}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{e0793777-5e4e-11e2-aa38-00241d191b91}\Shell - "" = AutoRun
O33 - MountPoints2\{e0793777-5e4e-11e2-aa38-00241d191b91}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.14 19:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.14 00:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.04.13 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Anno 1404
[2013.04.13 22:10:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2013.04.13 22:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2013.04.12 21:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.02 23:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.04.02 23:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.04.02 23:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.03.29 20:10:03 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.29 20:10:03 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.29 20:10:03 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 18:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.25 18:40:27 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.04.25 18:28:24 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 18:28:24 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.25 18:25:26 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.25 18:25:26 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.25 18:25:26 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.25 18:25:26 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.25 18:25:26 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 18:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.25 18:21:08 | 535,535,615 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.17 16:23:08 | 004,854,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.13 21:53:09 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.04.13 21:53:09 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.03.29 20:09:53 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.29 20:09:53 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.29 20:09:53 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.25 18:40:27 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.04.13 21:53:09 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.04.13 21:53:09 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.01.08 15:12:24 | 000,001,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013.01.07 23:34:25 | 000,000,679 | ---- | C] () -- C:\Users\Admin\Admin - Verknüpfung.lnk
[2013.01.07 19:51:42 | 000,000,052 | ---- | C] () -- C:\Users\Admin\temppics.adob
[2013.01.07 16:24:05 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.22 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.02.12 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\doublefine
[2013.02.12 18:25:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2013.01.18 21:24:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2013.01.18 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.28 18:17:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla
[2013.01.19 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HTC
[2013.01.19 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HTC Sync
[2013.01.07 16:29:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2013.01.22 11:24:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan
[2013.04.13 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2013.01.08 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2013.03.19 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Amazon
[2013.03.18 17:58:19 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Autodesk
[2013.03.13 23:51:39 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.03.04 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2013.02.09 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Doublefine
[2013.04.25 18:26:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Dropbox
[2013.01.29 15:37:09 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft
[2013.04.03 01:07:34 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FileZilla
[2013.02.25 11:02:27 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HTC
[2013.02.20 10:34:29 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HTC Sync
[2013.02.17 14:36:49 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\OpenOffice.org
[2013.04.25 18:37:09 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\QuickScan
[2013.03.04 13:37:01 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.04.13 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ubisoft
[2013.01.22 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---






Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.04.2013 18:42:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,49 Gb Available Physical Memory | 74,80% Memory free
11,99 Gb Paging File | 10,31 Gb Available in Paging File | 85,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 13,42 Gb Free Space | 18,04% Space Free | Partition Type: NTFS
Drive D: | 323,74 Gb Total Space | 112,53 Gb Free Space | 34,76% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 281,78 Gb Free Space | 96,18% Space Free | Partition Type: NTFS
Drive F: | 314,80 Gb Total Space | 261,97 Gb Free Space | 83,22% Space Free | Partition Type: NTFS
Drive G: | 2,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 1,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- F:\Adobe PS CS 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Users\Admin\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\Admin\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\Admin\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- F:\Adobe PS CS 5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Users\Admin\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\Admin\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\Admin\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B96F402-E75A-411B-82ED-62E287F74655}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{58200025-CE05-48C1-BBC4-34DB62A92E1D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024C4E84-12BA-4F4C-AE9C-D5CBAE20B9C9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{05C8F473-1998-44BA-AFFE-115A43C22D89}" = protocol=6 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"{09A94653-890B-49CB-ACE0-9279F7B25552}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{0BE70DE9-BF99-4F91-9694-79037208B284}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0F824A0B-0FA4-4CCC-AD83-BC9BAFDF5DE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{124D3BF2-161B-40FE-91E8-DE1AF7890466}" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | 
"{18AE5D67-DDC3-47D1-8370-32879BBCA23A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1AAB6B57-10D2-4CAE-8722-F1FCBCAB1F0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20C4A545-301C-4EB4-A8A9-28591BFF6B2C}" = protocol=17 | dir=in | app=d:\anno1404\anno4.exe | 
"{2BF1132C-8A8B-478A-912D-EAC597410CB9}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3348B65E-8393-4537-B725-F00679C1D38E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{344C558D-D50D-489A-A401-EFE7D8A21643}" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | 
"{38B3A06D-D94A-4845-814E-52A37FCC022C}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii.exe | 
"{3CB25CAD-FBC1-428D-B2AF-2496B11EAA92}" = protocol=6 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"{435D50F2-474D-464C-A096-E6FBF37C9215}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B568E9D-A5EE-4E2A-9588-EEA66D097CCD}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii public test.exe | 
"{573F4603-3176-48BC-B32C-0F920254744A}" = protocol=17 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"{64B6C216-DCEF-4BE2-8AD2-2D3FB1EE66AC}" = dir=in | app=f:\htc sync\htcsyncmanager.exe | 
"{64F8C1EA-1B40-40B1-912A-87C0855B0347}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{79571069-A404-4949-949B-FFD58D3FD661}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7A6EE2F4-E63C-4641-9587-256E17782E4D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{830041B7-D8D7-4252-A7E1-A181703B0D7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A9BD55EF-48B2-4D98-9DC0-A6D6FF123429}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{B8907588-426A-4CCC-9BD1-92F3B16BC923}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii.exe | 
"{BDA4C975-68C7-48FA-83F6-51AFA22F0BC4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{C92909C4-B1CD-46C2-B0C7-9445687001E6}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii\starcraft ii public test.exe | 
"{CF32CD0A-FE3B-455E-97FD-3D5E333DB9F7}" = dir=in | app=c:\users\admin\appdata\local\microsoft\skydrive\skydrive.exe | 
"{D6F5543F-DF79-4D13-B84D-3AAF029E0E93}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EA9DC502-64E7-40BB-B3F6-2DFF6E7B665F}" = protocol=6 | dir=in | app=d:\anno1404\anno4.exe | 
"{F607701C-A7FD-4DC3-84E8-A4550C039F2A}" = protocol=17 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"TCP Query User{44C81DA0-AF31-425A-9B2C-2506B5FC4BE2}D:\starcraft ii\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{74F971BB-FF26-4B6E-A70B-0726BFB4246E}F:\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\winamp\winamp.exe | 
"TCP Query User{7F46E9C4-7C10-4D7D-9CB0-1FB07B05A262}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{83DA70E4-74BF-429D-9F72-0623FB76BD5F}D:\anno1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"TCP Query User{E2A9626F-D194-4850-946F-0DB7C2E7466B}C:\users\admin\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\users\admin\winamp\winamp.exe | 
"TCP Query User{EE4F182A-F762-43EF-A4A5-63F08A0A16B8}D:\totalmedia theatre\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=d:\totalmedia theatre\totalmedia server\tm server.exe | 
"UDP Query User{221195CC-A801-4D09-8328-CA8EE887EF82}F:\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\winamp\winamp.exe | 
"UDP Query User{39060FC0-4FA9-4ECF-96B8-85DFF3C3BE0E}C:\users\admin\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\users\admin\winamp\winamp.exe | 
"UDP Query User{5796D409-C2AE-4D9D-AD68-DC131654C436}D:\anno1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\anno1404\tools\anno4web.exe | 
"UDP Query User{7CDD673F-621E-42BC-B53F-976D26A0F7F3}C:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\standard\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{B8B9C4F9-7591-4CA4-8A61-FBDCF25C7CE6}D:\totalmedia theatre\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=d:\totalmedia theatre\totalmedia server\tm server.exe | 
"UDP Query User{E4ABCE88-3E19-452C-B936-DA004A136127}D:\starcraft ii\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii\versions\base24944\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{F857B02C-B22C-42BC-9C78-F18BB7C6A55A}" = InklingSketchManager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"sp6" = Logitech SetPoint 6.51
"VLC media player" = VLC media player 2.0.5
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}" = IPTInstaller
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7477F26F-CC6A-4F68-8C9D-496DBFF45E05}" = HTC Sync Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EB87378B-E64A-4D27-8AB6-0786BAB3AC84}" = Autodesk SketchBook Express 2011
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON Scanner" = EPSON Scan
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"StarCraft II" = StarCraft II
"Steam App 207170" = Legend of Grimrock
"Steam App 221810" = The Cave
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.6.0.2
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.04.2013 10:24:50 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2013 10:53:09 | Computer Name = PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 19.04.2013 11:38:23 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 08:41:42 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.04.2013 09:46:58 | Computer Name = PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 21.04.2013 04:23:48 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.04.2013 04:33:20 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2013 03:16:58 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.04.2013 10:38:24 | Computer Name = PC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\WinZip\adxloader.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\WinZip\adxloader.dll.Manifest"
 in Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 24.04.2013 03:35:50 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2013 12:12:32 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2013 12:23:01 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 09.03.2013 13:28:45 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 18:28:45 - Fehler beim Herstellen der Internetverbindung.  18:28:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.03.2013 13:28:53 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 18:28:50 - Fehler beim Herstellen der Internetverbindung.  18:28:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.03.2013 14:27:10 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:27:10 - Fehler beim Herstellen der Internetverbindung.  19:27:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.03.2013 14:27:21 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:27:15 - Fehler beim Herstellen der Internetverbindung.  19:27:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 05:26:15 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 11:26:10 - Fehler beim Herstellen der Internetverbindung.  11:26:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 06:26:23 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 12:26:20 - Fehler beim Herstellen der Internetverbindung.  12:26:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 07:26:29 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 13:26:27 - Fehler beim Herstellen der Internetverbindung.  13:26:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.03.2013 08:26:36 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 14:26:34 - Fehler beim Herstellen der Internetverbindung.  14:26:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.04.2013 13:24:48 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:24:48 - Fehler beim Herstellen der Internetverbindung.  19:24:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.04.2013 13:24:59 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 19:24:53 - Fehler beim Herstellen der Internetverbindung.  19:24:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 19.04.2013 11:36:44 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 20.04.2013 08:40:03 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 21.04.2013 04:22:10 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 21.04.2013 04:31:39 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 21.04.2013 07:15:40 | Computer Name = PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 22.04.2013 03:15:18 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 22.04.2013 09:00:58 | Computer Name = PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 24.04.2013 03:34:12 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 24.04.2013 12:10:53 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
Error - 25.04.2013 12:21:19 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ArcCtrl  archlp
 
 
< End of report >
--- --- ---



GMER

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-25 19:29:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 INTEL_SSDSA2CW080G3 rev.4PC10302 74,53GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fgldapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          00000000764a1465 2 bytes [4A, 76]
.text   C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000764a14bb 2 bytes [4A, 76]
.text   ...                                                                                                                                     * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000764a1465 2 bytes [4A, 76]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000764a14bb 2 bytes [4A, 76]
.text   ...                                                                                                                                     * 2
.text   F:\Open Office\program\soffice.bin[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000764a1465 2 bytes [4A, 76]
.text   F:\Open Office\program\soffice.bin[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764a14bb 2 bytes [4A, 76]
.text   ...                                                                                                                                     * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1632:3648]                                                                                             000007feeedf9688

---- EOF - GMER 2.1 ----
Geändert von Mr.Green (25.04.2013 um 19:54 Uhr) Grund: gmer.txt eingefügt

 

Themen zu Mail Account gehackt?
adobe reader xi, antivir, autorun, avg, avira, battle.net, bho, converter, desktop, error, fehler, firefox, flash player, format, helper, home, install.exe, mozilla, msvcrt, port, problem, realtek, registry, richtlinie, rundll, scan, security, software, tablet, udp, windows


« Trojan.Agent.ED und Trojan.FakeMS.zb | Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter »


Ähnliche Themen: Mail Account gehackt?


  1. E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 28.10.2015 (57)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. Email Account gehackt? Mail Delivery
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (24)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. E-Mail-Account auf Mac gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  6. Mail account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (11)
  7. E-Mail Account gehackt? mailer-daemon@gmx.de
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (17)
  8. AOL E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 08.07.2013 (23)
  9. Gmx Mail Account gehackt? Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (38)
  10. Amazon + E-mail account gehackt
    Log-Analyse und Auswertung - 26.02.2013 (13)
  11. E- Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (82)
  12. Mail Account gehackt? Was ist tokenserver?
    Überwachung, Datenschutz und Spam - 10.06.2012 (87)
  13. AOL E-Mail Account gehackt? Nr. 2
    Überwachung, Datenschutz und Spam - 14.02.2012 (0)
  14. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  15. E-Mail Account gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (28)
  16. Web.de Account gehackt? (Mail Delivery System)
    Überwachung, Datenschutz und Spam - 27.02.2009 (4)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mail Account gehackt? - Hallo, ich beschreibe mal mein Problem: Ich hatte mich gerade auf meinem Mailaccount eingeloggt, da sehe ich, dass der letzte Login zu einer Uhrzeit stattgefunden hat, zu der ich mich - Mail Account gehackt?...
Archiv
Du betrachtest: Mail Account gehackt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131