Guten Tag!
Seite heute morgen erhalte ich Mails von mailer-daemon@gmx.de. Ich weiß, dass man diese Mails überlicherweise erhält, wenn eine E-Mail, die man abgeschickt hat, nicht zugestellt werden konnten. Ich habe jedoch niemals Mails an die in der daemon-Nachricht genannten Empfänger geschickt. Auch verwende ich sicherlich nicht den dort angegebenen Betreff "Aufforderung von Anwaltschaft Mandantschaft" und ich selbst bin nicht - wie angegeben - "Inkasso-Buro Jason Albrecht".

Mit ist klar: Vermutlich werden mit meiner E-Mail-Adresse Spam-Mails geschickt. Ich frage mich nur: Wurde dazu mein Account geknackt?

Im Bereich "X-Authenticated" wird meine GMX-Kungennummer aufgeführt. Das spricht doch wohl für einen Hack, oder?

Außerdem stelle ich gerade fest, dass auch eine zweite, von der ersten unabhängige Mail-Adresse bei gmx betroffen ist.

Wie gehe ich am besten vor? Von einem sauberen Rechner die Passwörter ändern?

Ist der Laptop meiner Freundin, der sich mit meinem eigenen Rechner per WLAN den Internetanschluss teilt, ein sauberer Rechner? Ein Netzwerk zwischen den PCs besteht, aber nur mit Druckerfreigabe.

Ich bedanke mich schon einmal für eure Hilfe!

Gruß!

Edit: In meinem "Gesendet"-Ordner tauchen keine E-Mails auf.

Hi,

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).

• Doppelklick auf die OTL.exe
• Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Hier die Logfiles:

OTL.txt:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 06.06.2013 09:30:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 57,51% Memory free
7,45 Gb Paging File | 5,77 Gb Available in Paging File | 77,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 112,21 Gb Total Space | 75,17 Gb Free Space | 66,99% Space Free | Partition Type: NTFS
Drive F: | 112,30 Gb Total Space | 72,39 Gb Free Space | 64,45% Space Free | Partition Type: NTFS
Drive G: | 128,85 Gb Total Space | 55,71 Gb Free Space | 43,24% Space Free | Partition Type: NTFS
Drive H: | 112,30 Gb Total Space | 85,69 Gb Free Space | 76,30% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - F:\PDF24\pdf24.exe (Geek Software GmbH)
PRC - F:\Phonostar-Player\phonostarTimer.exe ()
PRC - F:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - F:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - F:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - F:\Firefox\mozjs.dll ()
MOD - F:\Phonostar-Player\phonostarTimer.exe ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledAddons: keyscrambler@qfx.software.corporation:2.9.2.0
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.1
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: F:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: F:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: F:\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar-Player: F:\Phonostar-Player\npphonostarDetectNP.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: F:\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: F:\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: F:\Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: F:\Firefox\plugins
 
[2012.08.10 18:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.03.05 16:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions
[2012.08.12 17:22:40 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.08.12 17:22:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.12 17:22:40 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions\keyscrambler@qfx.software.corporation
[2013.03.05 16:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions\staged
[2013.05.30 17:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\s5rg80w4.default\extensions
[2012.08.12 17:24:58 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\s5rg80w4.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013.05.30 17:17:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\s5rg80w4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.12 17:00:30 | 000,340,132 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\qr8dsc75.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.07.30 18:34:26 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\qr8dsc75.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.14 11:45:11 | 000,350,626 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\s5rg80w4.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.26 15:59:26 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\s5rg80w4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\FlashGet\getflash.dll (www.flashget.com)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeyScrambler] F:\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [PDFPrint] F:\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [VirtualCloneDrive] F:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [phonostar-PlayerTimer] F:\Phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - F:\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - F:\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - F:\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - F:\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F67563F-C7C6-4119-9D48-F763D2B5372F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.16 17:27:25 | 000,000,000 | ---D | M] - H:\Auto -- [ NTFS ]
O33 - MountPoints2\{e660568a-c4fc-11e2-b39a-8e844fa6962d}\Shell - "" = AutoRun
O33 - MountPoints2\{e660568a-c4fc-11e2-b39a-8e844fa6962d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 09:29:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.06.05 20:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.05.09 19:49:28 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.09 12:31:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Stick Schwarz
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 09:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.06.06 08:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.06 07:40:45 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 07:40:45 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 07:37:44 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.06 07:37:44 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.06 07:37:44 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.06 07:37:44 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.06 07:37:44 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.06 07:33:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.06 07:33:26 | 3001,536,512 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 20:25:53 | 000,000,610 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.28 17:09:45 | 000,788,271 | ---- | M] () -- C:\Users\Admin\Desktop\Informationen zur Hochzeit von Anja und Volker.pdf
[2013.05.19 18:35:21 | 000,443,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.13 16:00:56 | 000,094,871 | ---- | M] () -- C:\Users\Admin\Desktop\ESt2012_Bauer_Janine.elfo
[2013.05.09 19:49:18 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.06.05 20:25:53 | 000,000,610 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.28 17:09:45 | 000,788,271 | ---- | C] () -- C:\Users\Admin\Desktop\Informationen zur Hochzeit von Anja und Volker.pdf
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.28 18:54:59 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini
[2012.11.28 18:45:17 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\qttask.exe
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.08.16 18:45:56 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.20 11:03:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Android
[2012.08.16 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2013.02.20 10:12:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular
[2012.08.21 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet
[2013.04.24 19:01:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Foxit Software
[2012.10.20 12:07:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2013.02.17 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\phonostar GmbH
[2012.08.16 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QFX Software
[2013.06.03 00:13:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\Users\Admin\Desktop\Beurteilung Facharbeit.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         

--- --- ---


Extras.txt: OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 06.06.2013 09:30:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 57,51% Memory free
7,45 Gb Paging File | 5,77 Gb Available in Paging File | 77,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 112,21 Gb Total Space | 75,17 Gb Free Space | 66,99% Space Free | Partition Type: NTFS
Drive F: | 112,30 Gb Total Space | 72,39 Gb Free Space | 64,45% Space Free | Partition Type: NTFS
Drive G: | 128,85 Gb Total Space | 55,71 Gb Free Space | 43,24% Space Free | Partition Type: NTFS
Drive H: | 112,30 Gb Total Space | 85,69 Gb Free Space | 76,30% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049820B0-8503-48C6-9E3A-14CF2E409FCC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1486787D-2433-41B3-92F6-F6EC0D52201B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{284BAFE3-7151-474F-9AE3-F59827A8D0BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EEF4960-59FF-4A73-A2B4-6C34F0C3FAAE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3D8C9AB8-A16B-4245-9BD5-35D21EC43B05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F433A38-447A-4ABD-A808-8F9260E46D62}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C57B3D8-C9EC-4700-9FD2-FAAB0CDDA2A4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{523BBDB6-9D52-4D63-B4F8-AAB3A597CD71}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5BD68741-CE40-48B0-B09A-ECA43628B2A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8B0EC890-346E-40D5-978C-C6329EDE5575}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9613589D-966E-4EF1-86A2-2F4704889085}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9CCF5E53-BF9E-4E80-9724-82B53352B012}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA261D02-27EB-4F3E-9163-CBC3907CF831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC738FCE-D718-4240-AAD6-737A68DDE388}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B5993219-B36E-4204-A528-DFF08E198A9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C44DBE5F-A6CD-452E-9217-0F9E5B69C94D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C5DD4691-D259-49DB-BF25-F3E02E0BF665}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFE0D180-41E7-4579-A653-7AB00BEA9B63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D26CE23E-C497-4D89-804D-AE0E7AFB2915}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D37ADB75-FA33-4859-A9FF-884A319BC805}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ED1E3C31-94DE-4A5C-BA0B-350B38F20208}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EE363F35-3552-4FB8-BF6B-40AA431E7D9C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6ABDA54-DED3-4CA5-9CA2-DAB7E372C2B6}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06745863-9CA3-4C44-AAC4-C2BE3DBD33E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E6890A6-9613-4E62-8332-B4766AA4F97D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{189E4C1A-AAD8-4EC1-83EE-ACEEB86F26C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3E6A130F-8CB6-4189-A051-2072951F8558}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F5CEDDB-8A93-4BB3-B4FF-B6DE205D55CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{404F3860-6D53-4660-A0A1-E76F80106B55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6742D970-3D2C-4BA9-ABB8-50E9885E43DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6AD7CAF9-E168-49C1-81A8-3D863EE7094E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{95932DB4-C268-454E-BDBB-C6AA1CC3093B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A56535B8-B39E-4F66-8FDF-5F06DF673E54}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B507CCCD-1F79-4D26-8592-C8E90993656B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9136F34-4044-4658-8F7B-8445A5859070}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD11BC99-8F3D-451B-8765-F1815A45FDC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CE5235A8-1DCE-4F63-A930-4C81D188068D}" = protocol=6 | dir=out | app=system | 
"{D64288B2-AACD-4636-ABC9-3964F461828E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA1C5F56-086E-4F1C-86B1-D555F965DE76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DDF0E7C7-4B4F-4644-987E-02FEFA44E770}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB71CDEE-0868-4D04-983C-36B0C85B6FB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EC70775C-DA8F-4861-914F-BF28CDC4A169}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{11AD5387-4F8E-4C53-A5E4-C515FB18133B}F:\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"TCP Query User{2F77B952-EDD6-4429-83CF-B39BA3478605}F:\flashget\flashget.exe" = protocol=6 | dir=in | app=f:\flashget\flashget.exe | 
"TCP Query User{86793626-66EF-4348-881D-DAD92ECC4E6B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A815673A-DAFF-4AE5-8F3B-1EE1A76FF71C}F:\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"UDP Query User{236BF9F9-4D9F-4A93-891C-E9F1D44B9422}F:\flashget\flashget.exe" = protocol=17 | dir=in | app=f:\flashget\flashget.exe | 
"UDP Query User{5D74AF27-CCE2-49F7-93BA-EC6A2E029DFE}F:\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"UDP Query User{7CA49921-7D77-4054-83A8-53BF631510B4}F:\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"UDP Query User{D02369CF-6F67-4DBB-9FAC-8313C219799A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TL-WN851ND Driver
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Foxit Reader_is1" = Foxit Reader
"freeocr_is1" = FreeOCR v4.2
"KeyScrambler" = KeyScrambler
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.8
"QuickTime" = QuickTime
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.6
"xplorer2l" = xplorer² lite 32 bit
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.05.2013 14:19:54 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "f:\phonostar-player\phonostar.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 21.05.2013 14:20:02 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - 
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 26.05.2013 11:11:32 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "f:\phonostar-player\phonostar.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 26.05.2013 11:11:40 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - 
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 29.05.2013 15:48:17 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "f:\phonostar-player\phonostar.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.05.2013 15:48:25 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - 
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.05.2013 14:08:50 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "f:\phonostar-player\phonostar.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.05.2013 14:09:00 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - 
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 02.06.2013 12:35:02 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "f:\phonostar-player\phonostar.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 02.06.2013 12:35:11 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\spybot - 
search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "f:\spybot
 - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ OSession Events ]
Error - 08.01.2013 17:24:39 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16507
 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2013 13:31:46 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2820
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.01.2013 16:30:56 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 10.01.2013 17:06:56 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.01.2013 06:36:28 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description = 
 
Error - 17.02.2013 11:09:30 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.04.2013 15:52:41 | Computer Name = Admin-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.4  registriert werden. Der Computer mit IP-Adresse 192.168.1.6
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 06.05.2013 11:50:07 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description = 
 
Error - 25.05.2013 02:43:52 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.
 
Error - 25.05.2013 02:43:53 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.
 
Error - 25.05.2013 02:43:53 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.
 
Error - 25.05.2013 02:43:54 | Computer Name = Admin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR5 gefunden.
 
 
< End of report >
         

--- --- ---

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo,

danke für die Antworten. Hier endlich das Combofix-Log:

[Spoiler]
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-06-06.04 - Admin 06.06.2013  20:13:55.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3817.2774 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-06 bis 2013-06-06  ))))))))))))))))))))))))))))))
.
.
2013-06-06 18:16 . 2013-06-06 18:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-15 16:03 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 16:03 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 16:03 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 16:03 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 16:03 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 16:03 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 16:03 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 16:03 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 16:03 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 16:03 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-09 17:49 . 2013-05-09 17:49	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 16:46 . 2012-08-21 08:58	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 16:46 . 2012-08-21 08:58	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 16:07 . 2012-08-12 14:13	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-04-12 14:45 . 2013-05-01 10:03	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-28 17:05	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-29 22:19 . 2013-03-29 22:19	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-29 22:19 . 2013-03-29 22:19	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-29 22:19 . 2013-03-29 22:19	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-25 09:07 . 2013-03-25 09:07	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-25 09:07 . 2013-03-25 09:07	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-25 09:07 . 2013-03-25 09:07	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-25 09:07 . 2013-03-25 09:07	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-25 09:07 . 2013-03-25 09:07	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-25 09:07 . 2013-03-25 09:07	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-25 09:07 . 2013-03-25 09:07	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-25 09:07 . 2013-03-25 09:07	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-25 09:07 . 2013-03-25 09:07	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-25 09:07 . 2013-03-25 09:07	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-25 09:07 . 2013-03-25 09:07	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-25 09:07 . 2013-03-25 09:07	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-25 09:07 . 2013-03-25 09:07	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-25 09:07 . 2013-03-25 09:07	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-25 09:07 . 2013-03-25 09:07	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-25 09:07 . 2013-03-25 09:07	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-25 09:07 . 2013-03-25 09:07	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-25 09:07 . 2013-03-25 09:07	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-25 09:07 . 2013-03-25 09:07	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-25 09:07 . 2013-03-25 09:07	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-25 09:07 . 2013-03-25 09:07	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-25 09:07 . 2013-03-25 09:07	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-25 09:07 . 2013-03-25 09:07	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-25 09:07 . 2013-03-25 09:07	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-25 09:07 . 2013-03-25 09:07	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-25 09:07 . 2013-03-25 09:07	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-25 09:07 . 2013-03-25 09:07	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-25 09:07 . 2013-03-25 09:07	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-25 09:07 . 2013-03-25 09:07	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-25 09:07 . 2013-03-25 09:07	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-25 09:07 . 2013-03-25 09:07	441856	----a-w-	c:\windows\system32\html.iec
2013-03-25 09:07 . 2013-03-25 09:07	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-25 09:07 . 2013-03-25 09:07	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-25 09:07 . 2013-03-25 09:07	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-25 09:07 . 2013-03-25 09:07	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-25 09:07 . 2013-03-25 09:07	235008	----a-w-	c:\windows\system32\url.dll
2013-03-25 09:07 . 2013-03-25 09:07	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-25 09:07 . 2013-03-25 09:07	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-25 09:07 . 2013-03-25 09:07	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-25 09:07 . 2013-03-25 09:07	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-25 09:07 . 2013-03-25 09:07	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-25 09:07 . 2013-03-25 09:07	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-25 09:07 . 2013-03-25 09:07	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-25 09:07 . 2013-03-25 09:07	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-25 09:07 . 2013-03-25 09:07	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-25 09:07 . 2013-03-25 09:07	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-25 09:07 . 2013-03-25 09:07	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-25 09:07 . 2013-03-25 09:07	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-25 09:07 . 2013-03-25 09:07	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-10 15:28	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:28	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:28	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:28	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:28	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:28	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-17 18:17 . 2012-08-21 17:09	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-17 18:17 . 2012-08-21 17:09	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SpybotSD TeaTimer"="f:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"phonostar-PlayerTimer"="f:\phonostar-player\phonostarTimer.exe" [2012-10-13 42496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-09 345312]
"PDFPrint"="f:\pdf24\pdf24.exe" [2012-12-12 163000]
"KeyScrambler"="f:\keyscrambler\keyscrambler.exe" [2013-02-10 534160]
"VirtualCloneDrive"="f:\virtualclonedrive\VCDDaemon.exe" [2009-06-17 85160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;f:\spybot - search & destroy\SDWinSec.exe;f:\spybot - search & destroy\SDWinSec.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 16:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Alles mit FlashGet laden - f:\flashget\jc_all.htm
IE: &Mit FlashGet laden - f:\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5rg80w4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-06  20:18:11
ComboFix-quarantined-files.txt  2013-06-06 18:18
.
Vor Suchlauf: 9 Verzeichnis(se), 81.707.712.512 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 81.471.504.384 Bytes frei
.
- - End Of File - - 63ECCC23DF15AAAEC8E095C377B38B0D
         

--- --- ---


Das Gefühl, dass der eigene E-Mail-Account nicht mehr sicher ist, ist gar nicht gut...

Beste Grüße!

Passwörter von anderem System aus ändern.

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Hallo,

tut mir leid, dass ich erst jetzt antworte; ich konnte über das Wochenende nicht an den PC. Hier die Logs:

Malwarebytes Anti-Malware :

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Admin :: ADMIN-PC [Administrator]

09.06.2013 18:08:17
mbam-log-2013-06-09 (18-08-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207893
Laufzeit: 2 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

AdwCleaner[S1].txt:
AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.303 - Datei am 09/06/2013 um 18:18:57 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qr8dsc75.default\extensions\staged

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qr8dsc75.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5rg80w4.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1212 octets] - [09/06/2013 18:18:57]

########## EOF - C:\AdwCleaner[S1].txt - [1272 octets] ##########
         

--- --- ---


JRT.txt:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 09.06.2013 at 18:24:53,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.06.2013 at 18:26:36,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Vielen Dank!

Sehr schön. Noch Probleme mit dem Account?


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches OTL Log bitte.

Nach PW-Wechsel keine Probleme mehr mit dem Account, bin bisher aber nicht mit dem betroffenen Rechner reingegangen.

Werde die nächsten Schritte natürlich ausführen, schaffe das aber heute leider nicht mehr.

Wie immer bisher:

Alles klar

Hallo,
leider konnte ich längere Zeit nicht an meinem PC arbeiten, aber jetzt geht es weiter. Ich bitte um Entschuldigung für die lange Stille.

Hier das Logfile vom ESET Online Scanner:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c297cd6d0a3c04896491133037a16ba
# engine=14075
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-14 08:01:47
# local_time=2013-06-14 10:01:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 865 236663397 0 0
# compatibility_mode=5893 16776573 100 94 515 122869957 0 0
# scanned=192
# found=0
# cleaned=0
# scan_time=19
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c297cd6d0a3c04896491133037a16ba
# engine=14075
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-14 10:42:13
# local_time=2013-06-15 12:42:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10491 236673023 3273 0
# compatibility_mode=5893 16776573 100 94 10141 122879583 0 0
# scanned=320526
# found=0
# cleaned=0
# scan_time=9478
         

Hier die Ergebnisse von Security Check:

Code: Alles auswählenAufklappen

ATTFilter

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox 14.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Und zum Abschluss die Logs von OTL:
OTL.txt:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 16.06.2013 16:19:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 62,15% Memory free
7,45 Gb Paging File | 5,87 Gb Available in Paging File | 78,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 112,21 Gb Total Space | 75,30 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive F: | 112,30 Gb Total Space | 72,39 Gb Free Space | 64,45% Space Free | Partition Type: NTFS
Drive G: | 128,85 Gb Total Space | 55,71 Gb Free Space | 43,24% Space Free | Partition Type: NTFS
Drive H: | 112,30 Gb Total Space | 85,70 Gb Free Space | 76,31% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - F:\PDF24\pdf24.exe (Geek Software GmbH)
PRC - F:\Phonostar-Player\phonostarTimer.exe ()
PRC - F:\XPlorer2Lite\xplorer2_lite.exe (ZabKat)
PRC - F:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - F:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - F:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - F:\Firefox\mozjs.dll ()
MOD - F:\Phonostar-Player\phonostarTimer.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys (QFX Software Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledAddons: keyscrambler@qfx.software.corporation:2.9.2.0
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.1
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: F:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: F:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: F:\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar-Player: F:\Phonostar-Player\npphonostarDetectNP.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: F:\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: F:\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: F:\Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: F:\Firefox\plugins
 
[2012.08.10 18:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.06.09 18:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions
[2012.08.12 17:22:40 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.08.12 17:22:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.12 17:22:40 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\qr8dsc75.default\extensions\keyscrambler@qfx.software.corporation
[2013.05.30 17:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\s5rg80w4.default\extensions
[2012.08.12 17:24:58 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\s5rg80w4.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013.05.30 17:17:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\s5rg80w4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.12 17:00:30 | 000,340,132 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\qr8dsc75.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.07.30 18:34:26 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\qr8dsc75.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.14 11:45:11 | 000,350,626 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\s5rg80w4.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.26 15:59:26 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\s5rg80w4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\FlashGet\jccatch.dll (FlashGet(??)-Best Download Manager)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\FlashGet\getflash.dll (FlashGet(??)-Best Download Manager)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeyScrambler] F:\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [PDFPrint] F:\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [VirtualCloneDrive] F:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [phonostar-PlayerTimer] F:\Phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - F:\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - F:\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit FlashGet laden - F:\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - F:\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F67563F-C7C6-4119-9D48-F763D2B5372F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.16 17:27:25 | 000,000,000 | ---D | M] - H:\Auto -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.14 21:51:40 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.14 21:51:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.14 21:51:40 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.14 21:51:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.14 21:51:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.14 21:51:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.14 21:51:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.14 21:51:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.14 21:51:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.14 21:51:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.14 21:51:39 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.14 21:51:39 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.14 21:51:39 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.14 21:51:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.14 21:51:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.14 21:50:12 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.14 21:50:12 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.14 21:50:12 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.14 21:50:12 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.14 21:50:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.14 21:50:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.14 21:50:07 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.14 21:50:07 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.14 21:48:07 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2013.06.09 18:24:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.09 18:24:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.09 18:23:36 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Admin\Desktop\JRT.exe
[2013.06.09 18:06:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.06.09 18:06:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.09 18:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.09 18:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.09 18:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.09 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Programs
[2013.06.09 18:05:18 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.09 17:57:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.06 20:18:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.06 20:09:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.06 20:09:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.06 20:09:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.06 20:09:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.06 20:09:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.06 20:07:38 | 005,077,996 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2013.06.06 09:29:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.06.05 20:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.16 16:03:21 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 16:03:21 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 16:00:32 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.16 16:00:32 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.16 16:00:32 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.16 16:00:32 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.16 16:00:32 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.16 15:56:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 15:56:01 | 3001,536,512 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.15 00:46:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.14 21:59:10 | 000,890,839 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2013.06.14 21:48:08 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2013.06.09 18:23:37 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Admin\Desktop\JRT.exe
[2013.06.09 18:18:35 | 000,648,201 | ---- | M] () -- C:\Users\Admin\Desktop\adwcleaner.exe
[2013.06.09 18:06:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.09 18:05:21 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Admin\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.06 20:07:40 | 005,077,996 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2013.06.06 09:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2013.06.05 20:25:53 | 000,000,610 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.28 17:09:45 | 000,788,271 | ---- | M] () -- C:\Users\Admin\Desktop\Informationen zur Hochzeit von Anja und Volker.pdf
[2013.05.19 18:35:21 | 000,443,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.14 21:59:08 | 000,890,839 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2013.06.09 18:18:35 | 000,648,201 | ---- | C] () -- C:\Users\Admin\Desktop\adwcleaner.exe
[2013.06.09 18:06:08 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.06 20:09:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.06 20:09:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.06 20:09:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.06 20:09:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.06 20:09:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.05 20:25:53 | 000,000,610 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.05.28 17:09:45 | 000,788,271 | ---- | C] () -- C:\Users\Admin\Desktop\Informationen zur Hochzeit von Anja und Volker.pdf
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.28 18:54:59 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini
[2012.11.28 18:45:17 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\qttask.exe
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.08.16 18:45:56 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\Users\Admin\Desktop\Beurteilung Facharbeit.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
         

--- --- ---


Extras.txt:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 16.06.2013 16:19:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 62,15% Memory free
7,45 Gb Paging File | 5,87 Gb Available in Paging File | 78,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 112,21 Gb Total Space | 75,30 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive F: | 112,30 Gb Total Space | 72,39 Gb Free Space | 64,45% Space Free | Partition Type: NTFS
Drive G: | 128,85 Gb Total Space | 55,71 Gb Free Space | 43,24% Space Free | Partition Type: NTFS
Drive H: | 112,30 Gb Total Space | 85,70 Gb Free Space | 76,31% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049820B0-8503-48C6-9E3A-14CF2E409FCC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1486787D-2433-41B3-92F6-F6EC0D52201B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{284BAFE3-7151-474F-9AE3-F59827A8D0BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EEF4960-59FF-4A73-A2B4-6C34F0C3FAAE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3D8C9AB8-A16B-4245-9BD5-35D21EC43B05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F433A38-447A-4ABD-A808-8F9260E46D62}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C57B3D8-C9EC-4700-9FD2-FAAB0CDDA2A4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{523BBDB6-9D52-4D63-B4F8-AAB3A597CD71}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5BD68741-CE40-48B0-B09A-ECA43628B2A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8B0EC890-346E-40D5-978C-C6329EDE5575}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9613589D-966E-4EF1-86A2-2F4704889085}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9CCF5E53-BF9E-4E80-9724-82B53352B012}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA261D02-27EB-4F3E-9163-CBC3907CF831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC738FCE-D718-4240-AAD6-737A68DDE388}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B5993219-B36E-4204-A528-DFF08E198A9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C44DBE5F-A6CD-452E-9217-0F9E5B69C94D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C5DD4691-D259-49DB-BF25-F3E02E0BF665}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFE0D180-41E7-4579-A653-7AB00BEA9B63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D26CE23E-C497-4D89-804D-AE0E7AFB2915}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D37ADB75-FA33-4859-A9FF-884A319BC805}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ED1E3C31-94DE-4A5C-BA0B-350B38F20208}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EE363F35-3552-4FB8-BF6B-40AA431E7D9C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6ABDA54-DED3-4CA5-9CA2-DAB7E372C2B6}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06745863-9CA3-4C44-AAC4-C2BE3DBD33E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E6890A6-9613-4E62-8332-B4766AA4F97D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{189E4C1A-AAD8-4EC1-83EE-ACEEB86F26C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3E6A130F-8CB6-4189-A051-2072951F8558}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F5CEDDB-8A93-4BB3-B4FF-B6DE205D55CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{404F3860-6D53-4660-A0A1-E76F80106B55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6742D970-3D2C-4BA9-ABB8-50E9885E43DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6AD7CAF9-E168-49C1-81A8-3D863EE7094E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{95932DB4-C268-454E-BDBB-C6AA1CC3093B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A56535B8-B39E-4F66-8FDF-5F06DF673E54}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B507CCCD-1F79-4D26-8592-C8E90993656B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C9136F34-4044-4658-8F7B-8445A5859070}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD11BC99-8F3D-451B-8765-F1815A45FDC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CE5235A8-1DCE-4F63-A930-4C81D188068D}" = protocol=6 | dir=out | app=system | 
"{D64288B2-AACD-4636-ABC9-3964F461828E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA1C5F56-086E-4F1C-86B1-D555F965DE76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DDF0E7C7-4B4F-4644-987E-02FEFA44E770}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB71CDEE-0868-4D04-983C-36B0C85B6FB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EC70775C-DA8F-4861-914F-BF28CDC4A169}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{11AD5387-4F8E-4C53-A5E4-C515FB18133B}F:\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"TCP Query User{2F77B952-EDD6-4429-83CF-B39BA3478605}F:\flashget\flashget.exe" = protocol=6 | dir=in | app=f:\flashget\flashget.exe | 
"TCP Query User{86793626-66EF-4348-881D-DAD92ECC4E6B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A815673A-DAFF-4AE5-8F3B-1EE1A76FF71C}F:\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"UDP Query User{236BF9F9-4D9F-4A93-891C-E9F1D44B9422}F:\flashget\flashget.exe" = protocol=17 | dir=in | app=f:\flashget\flashget.exe | 
"UDP Query User{5D74AF27-CCE2-49F7-93BA-EC6A2E029DFE}F:\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"UDP Query User{7CA49921-7D77-4054-83A8-53BF631510B4}F:\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=f:\java\jre7\bin\javaw.exe | 
"UDP Query User{D02369CF-6F67-4DBB-9FAC-8313C219799A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TL-WN851ND Driver
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Foxit Reader_is1" = Foxit Reader
"freeocr_is1" = FreeOCR v4.2
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.8
"QuickTime" = QuickTime
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.6
"xplorer2l" = xplorer² lite 32 bit
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2013 15:48:08 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 15:48:14 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 15:48:14 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 15:48:18 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 15:59:23 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 15:59:23 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 15:59:26 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 16:03:41 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 16:03:42 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.06.2013 16:03:44 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ OSession Events ]
Error - 08.01.2013 17:24:39 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16507
 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error - 09.03.2013 13:31:46 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2820
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
 
< End of report >
         

--- --- ---


Vielen Dank!

Firefox bitte updaten. Noch Probleme?

Hallo,

Firefox (Version 21.0) meldet, ich hätte die neueste Version. Bisher keine neuen Probleme, ich habe mich nach dem Passwortwechsel aber auch nicht mehr über den betroffenen PC bei meinem Mail-Account eingeloggt. Von einer Infektion hatte ich ja ohnehin nichts bemerkt, nur dass von meinem Account aus offensichtlich irgendwelche Mails verschickt worden waren.

Soll ich mich trauen und wieder von dem PC in das Postfach gehen?

Dank und Gruß!

Klar

Hallo,

nutze den Rechner wieder ganz normal. Es scheint keine Probleme mehr zu geben. Ich bin ein glücklicher Mensch...

Ein riesengroßes Dankeschön für die Hilfe!

Beste Grüße,

Ocar_Wilde