![]() |
|
Plagegeister aller Art und deren Bekämpfung: Mail account gehackt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 | |
| ![]() Mail account gehackt? Hallo, seit drei Tagen bekomme ich bei meinem E-mail account bei GMX in jeweils sehr kurzem Zeitraum, sehr viel Mails mit dem Titel "Mail delivery failed: returning message to sender" vom Absender "mailer-daemon@gmx.de". Der Inhalt der Mails ist jeweils ein wenig unterschiedelich. Hier ein Beispiel: Zitat:
Was soll ich tun? Bisher habe ich einen Scan mit der Antivirensoftware "Avira: Antivir" durchgeführt, welcher aber zu keinen Funden geführt hat. Außerdem habe ich schon die drei in diesem Thread (http://www.trojaner-board.de/69886-a...-beachten.html) beschriebenen Schritte durchgeführt: OTL.txt: Code:
ATTFilter OTL logfile created on: 26.07.2013 12:37:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,91% Memory free 7,73 Gb Paging File | 6,34 Gb Available in Paging File | 82,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 231,00 Gb Total Space | 101,96 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 344,27 Gb Total Space | 203,82 Gb Free Space | 59,20% Space Free | Partition Type: NTFS Drive E: | 6,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.26 12:15:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe PRC - [2013.06.24 10:14:57 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.24 10:14:30 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.24 10:14:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2010.02.03 15:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.02.03 15:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ========== Services (SafeList) ========== SRV - [2013.07.03 10:40:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.24 10:14:57 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.24 10:14:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.05 14:40:12 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.01.31 09:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.03 15:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.02.03 15:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.28 02:12:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 02:12:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 02:12:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.07 20:27:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.09.07 11:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.05 13:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.11 15:26:20 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.10.11 15:26:20 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.07.08 10:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.02.26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2009.04.08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=119776&babsrc=HP_ss_din2g&mntrId=6EAFE811320B720F IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119776&babsrc=HP_ss_din2g&mntrId=6EAFE811320B720F IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 F1 B2 6D 80 FC CC 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=6EAFE811320B720F IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.spox.com" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Simon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Simon\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.07 18:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions [2013.07.25 22:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\p5c6bd9b.default\extensions [2013.07.25 22:46:09 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\p5c6bd9b.default\extensions\ich@maltegoetz.de [2013.07.25 12:04:52 | 000,824,431 | ---- | M] () (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.01 19:59:31 | 000,006,471 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\searchplugins\babylon.xml [2013.05.01 19:59:31 | 000,006,471 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\searchplugins\BrowserProtect.xml [2013.03.24 13:22:59 | 000,001,294 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\searchplugins\delta.xml [2013.05.18 21:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.05.18 20:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.03 10:40:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.03.24 13:22:38 | 000,006,468 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [Facebook Update] C:\Users\Simon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A549E86-7573-4F64-AF51-409A5D8FD9BC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF784BCA-BC82-4FC5-8784-94AD0C0DE338}: DhcpNameServer = 141.24.53.248 141.24.53.227 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.10.05 14:16:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012.09.05 22:17:04 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{313318f1-6875-11e1-8f5b-000b6b62c5a8}\Shell - "" = AutoRun O33 - MountPoints2\{313318f1-6875-11e1-8f5b-000b6b62c5a8}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{d25b58aa-686c-11e1-aa4b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d25b58aa-686c-11e1-aa4b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012.09.07 03:13:42 | 000,298,640 | R--- | M] (2K Sports) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.26 12:15:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2013.07.25 17:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.07.25 17:17:37 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Google [2013.07.25 17:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google ========== Files - Modified Within 30 Days ========== [2013.07.26 12:22:13 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.26 12:15:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe [2013.07.26 12:12:13 | 000,000,000 | ---- | M] () -- C:\Users\Simon\defogger_reenable [2013.07.26 11:50:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.26 11:31:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.26 11:31:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.26 11:23:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.26 11:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.26 11:23:13 | 3111,444,480 | -HS- | M] () -- C:\hiberfil.sys [2013.07.25 16:26:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-562858968-3123787554-3258265573-1000UA.job [2013.07.25 16:26:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-562858968-3123787554-3258265573-1000Core.job [2013.07.25 12:00:18 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.25 12:00:18 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.25 12:00:18 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.25 12:00:18 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.25 12:00:18 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.11 16:50:03 | 000,527,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.07.26 12:12:13 | 000,000,000 | ---- | C] () -- C:\Users\Simon\defogger_reenable [2013.07.25 17:17:45 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.25 17:17:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.07 16:00:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.06.26 11:44:36 | 000,000,058 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\AVSDVDPlayer.m3u [2012.06.26 11:41:12 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.06.26 11:41:12 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.03.14 18:34:01 | 001,599,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.13 00:35:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\2K Sports [2012.10.19 12:40:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Autodesk [2013.03.24 13:23:17 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BabSolution [2013.03.24 13:22:13 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Babylon [2013.01.18 15:59:06 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\CADClick [2013.02.20 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Canon [2012.03.07 21:01:17 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite [2013.07.17 17:44:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Dropbox [2013.06.20 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\File Scout [2012.03.07 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Trillian ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.07.2013 12:37:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,91% Memory free 7,73 Gb Paging File | 6,34 Gb Available in Paging File | 82,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 231,00 Gb Total Space | 101,96 Gb Free Space | 44,14% Space Free | Partition Type: NTFS Drive D: | 344,27 Gb Total Space | 203,82 Gb Free Space | 59,20% Space Free | Partition Type: NTFS Drive E: | 6,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Simon\AppData\Roaming\File Scout\filescout.exe" /open "%1" () Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Simon\AppData\Roaming\File Scout\filescout.exe" /open "%1" () Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{161D85DA-226F-4F17-8D44-D91552300529}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{17531D83-6E0B-4468-8855-CBEBC868BA73}" = rport=138 | protocol=17 | dir=out | app=system | "{1A11A304-302B-4B63-9F0A-AB65197B3E26}" = rport=10243 | protocol=6 | dir=out | app=system | "{278DFD7C-9F34-46A1-8EA0-8B07B5E52A73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{279DEFBB-9DD9-45D3-B307-C8DCB27E7FF3}" = lport=445 | protocol=6 | dir=in | app=system | "{28F1A02F-9EA1-44FD-BCFC-D8C7FF8A0AE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2FB98104-AC58-4E99-A076-02486D7A2891}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{32000A4C-F056-4AB0-9BB9-DA562FB9EE25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{449C4404-9999-44F3-A484-4732B0CC8BD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4D0C4B5F-F5C9-478D-9204-6B83B50701CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{50FDB541-1E9F-4E99-ABA2-F59456C782E2}" = lport=139 | protocol=6 | dir=in | app=system | "{525DCE7D-7C97-449F-94D4-F29EAEDAB3C3}" = lport=10243 | protocol=6 | dir=in | app=system | "{5313BD5C-963C-4729-A286-35EA726C1852}" = lport=137 | protocol=17 | dir=in | app=system | "{543FD2DC-15AC-4813-8CEF-CD2A6FDCADF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5BF0DD54-B569-4F0B-A448-866803FE0FE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{741A7698-0A6D-41BC-95E7-D600495EF388}" = rport=137 | protocol=17 | dir=out | app=system | "{869D3ACE-2EB4-40E3-AFBE-0E08E9A971AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{998F8080-DBFB-4CB4-9C0E-8617D59C08F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{99C14B2A-46DE-443A-A9B6-3CE90F148FBF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{A6117FB6-B665-43D6-8234-35E6AA0A9F38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AACE4C2C-FF6D-4481-A07B-7028409627E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AC3F4A41-95DC-4156-A171-8570B4E2E91B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B346AB3C-30E4-4F1D-8848-53FF33061BE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B3A85205-16D4-4760-880B-FFCFCFEA10B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D136E579-BE1D-4545-B904-8AFE7A06A842}" = lport=138 | protocol=17 | dir=in | app=system | "{DD216CCE-6673-4EB7-9A71-E38634E0D576}" = rport=445 | protocol=6 | dir=out | app=system | "{EDEC3793-9126-42A3-8319-46E49457E6C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF435F15-19BC-4BC8-8CAA-1B6033330D64}" = rport=139 | protocol=6 | dir=out | app=system | "{F04CCCE9-EB35-4E59-9D09-C1935955F225}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F7C7D2AE-3736-4049-9016-C7D0C384F2B6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FE93D0DC-148C-456B-B6AF-931599539766}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FEC6D34F-41EE-46C2-9876-999CAD7F2BB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FFCC01A4-FD74-41BE-AF54-D48F5E209F31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{007A9D99-E009-42BD-814A-46A70F020E41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{066ABA83-D2CA-4777-9FEC-AAB7FF718F61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1205B051-D820-4A07-B6C8-B3705356F3CC}" = protocol=6 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | "{176FAEF8-464A-4B53-8A97-068821534865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{190996E4-26FD-4F48-BA9F-E383B098BEE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1FAE222C-BD68-4174-932F-C17B37026D15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{27186CA8-3348-458B-979D-80A987AB0D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2FA3A5B6-3BB9-4F52-B2C1-927FE4A10408}" = protocol=17 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | "{38BF3CA3-83F7-46BD-840F-4D6763BEBDEC}" = protocol=17 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | "{39C1AB34-91C6-4170-9D2D-A96885540456}" = protocol=17 | dir=in | app=d:\spiele\pes2012.exe | "{3B4BE076-9063-4D49-85E8-3F37E3565F5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A006ECB-EB2B-4361-825A-C4A74E034CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{5D50A1C4-3747-4761-BA59-D4ABCA5C64B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{734B8D6C-94CC-47EA-B90C-C7F09D98FAD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7827ABC8-3977-4AAC-AB77-A058AFD6AE57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7CFCE543-6FEC-4914-B1B4-A35BF70E8754}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8E14A283-B022-4121-92D1-F7EBE393DEFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9015D322-424D-45C9-B260-BB927ACA05CF}" = protocol=17 | dir=in | app=d:\spiele\pes2012.exe | "{9550F8C8-EE2A-4B2B-9691-97474C247954}" = dir=in | app=c:\users\simon\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{A188EBBB-128B-4B5D-A8B9-7212DE136BB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A1A36F90-FFAF-4DB2-9CF6-6DF2A89E43B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{B0BDA5BD-5659-44F2-A675-F68F15DB1C56}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B8D8FCA4-191A-424B-9DD1-00B8E5BAD404}" = protocol=6 | dir=in | app=d:\spiele\pes2012.exe | "{BB1AF004-C14B-475E-BB66-E0A91C17D48A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BBB85200-6F4E-4564-BB4E-ED7865D5CB61}" = protocol=17 | dir=in | app=d:\spiele\2k sports\nba2k13.exe | "{C25086D8-6946-47B3-B3A9-D40A8DFAA544}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C48BA561-AA75-4165-A2D4-7AE20F3420A6}" = protocol=6 | dir=in | app=d:\spiele\pes2012.exe | "{C4C20563-872B-4826-8BBC-B9CAEF759A7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C78D91F9-B18D-453A-AC5A-77D1F28A320B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D29C041A-1646-434E-9B25-BC94D0EC8D46}" = protocol=6 | dir=out | app=system | "{D6180382-312C-49A9-A922-DACFAB795408}" = protocol=17 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | "{D83409FB-2551-4F8D-9F7E-102AE4F05720}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | "{D97335C1-F504-4B60-913F-787B9C1DE676}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1E22491-0B4B-4FBB-9632-3DC52D630D07}" = protocol=6 | dir=in | app=d:\spiele\2k sports\nba2k13.exe | "{E46963ED-FB91-4CDE-8250-BD554CF8788C}" = protocol=6 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | "{E86C3D17-B8D6-4514-A915-B13F11E38002}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EA643289-74E4-4542-91CE-799E1342A580}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | "{EF7F4554-75FF-48CA-85EB-04E2C4084391}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F6B58531-B27C-4C7E-A612-A8D35F15DB53}" = protocol=6 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | "{FFBCD866-BECA-4EFC-872F-47306A35E8C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "TCP Query User{2FC051B7-797D-46F6-9CF6-CDBECE751EDF}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | "TCP Query User{466D9872-B77E-4BC9-9610-5EB89E2DC65C}D:\spiele\modern warfare 2\iw4mp.dat" = protocol=6 | dir=in | app=d:\spiele\modern warfare 2\iw4mp.dat | "TCP Query User{626EC7E9-C053-46E7-B0CF-7CB9CA56B40C}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | "TCP Query User{78D857E6-45A7-46D7-B683-84FB9677E60E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "TCP Query User{B35F96BD-1F60-4DB7-80EB-C46E4A998915}D:\spiele\age of empires iii\age3.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires iii\age3.exe | "TCP Query User{CD66A38C-DC4F-4B59-B3DC-32B09FDDD6D9}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "TCP Query User{EFABF768-86A0-4A0F-ADCF-B84C19C1C279}D:\spiele\age of empires iii\age3.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires iii\age3.exe | "TCP Query User{F759A681-5688-4037-A330-963E5F9BE765}D:\spiele\2k sports\nba 2k12\nba2k12.exe" = protocol=6 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | "UDP Query User{0BEE57C5-D728-4F55-88F2-30D825D19D25}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | "UDP Query User{2FB9C924-4AD2-4FFA-82A3-D7AD2804D9E4}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | "UDP Query User{71D21351-C274-4099-8AF1-6C903AD62D2C}D:\spiele\2k sports\nba 2k12\nba2k12.exe" = protocol=17 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | "UDP Query User{823AFB47-4307-44BB-86DF-78B4D8AC946D}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | "UDP Query User{86FBF453-D04C-450C-A0A4-D94EE292AE2E}D:\spiele\age of empires iii\age3.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires iii\age3.exe | "UDP Query User{8E09CB4D-A7EF-43A0-9D8E-D334E9860056}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{C27009D3-D192-416F-8BE5-B11277496EF6}D:\spiele\age of empires iii\age3.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires iii\age3.exe | "UDP Query User{CF762A4E-9A57-4098-AC8C-E1420C85E5BF}D:\spiele\modern warfare 2\iw4mp.dat" = protocol=17 | dir=in | app=d:\spiele\modern warfare 2\iw4mp.dat | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013 "{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013 "{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content) "{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client) "{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013 "{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013 "Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013 "Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German) "DWG TrueView 2013" = DWG TrueView 2013 "MatlabR2010a" = MATLAB R2010a "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12 "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013 "{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013 "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0 "{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FE7EA637-9C65-4D57-9342-DDD98315AA58}" = Gemalto PKCS#11 For .NET Smart Cards V2+ "1ClickDownload" = Movie2KDownloader "5513-1208-7298-9440" = JDownloader 0.9 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Athens 2004" = Athens 2004 "Autodesk Design Review 2013" = Autodesk Design Review 2013 "Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client) "Avira AntiVir Desktop" = Avira Free Antivirus "AVS DVD Player_is1" = AVS DVD Player version 2.4 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2 "DAEMON Tools Lite" = DAEMON Tools Lite "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1 "InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III "Marvell Miniport Driver" = Marvell Miniport Driver "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "VLC media player" = VLC media player 2.0.0 "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.12.2012 11:17:49 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 31.12.2012 15:17:37 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 01.01.2013 20:27:30 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 02.01.2013 15:15:06 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 02.01.2013 20:57:55 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 03.01.2013 08:18:12 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 03.01.2013 11:01:25 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 05.01.2013 08:20:30 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 05.01.2013 11:02:41 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = Error - 05.01.2013 13:55:37 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316 Description = [ System Events ] Error - 28.06.2013 16:42:33 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Peernetzwerkidentitäts-Manager" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 04.07.2013 10:23:35 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Acrobat Update Service erreicht. Error - 07.07.2013 04:30:33 | Computer Name = Simon-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 11.07.2013 12:25:10 | Computer Name = Simon-PC | Source = bowser | ID = 8003 Description = Error - 21.07.2013 07:07:06 | Computer Name = Simon-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 25.07.2013 05:58:49 | Computer Name = Simon-PC | Source = SCardSvr | ID = 610 Description = Error - 25.07.2013 05:58:49 | Computer Name = Simon-PC | Source = WudfUsbccidDriver | ID = 6 Description = Error - 25.07.2013 06:10:01 | Computer Name = Simon-PC | Source = SCardSvr | ID = 610 Description = Error - 25.07.2013 06:10:01 | Computer Name = Simon-PC | Source = SCardSvr | ID = 610 Description = Error - 25.07.2013 06:10:01 | Computer Name = Simon-PC | Source = WudfUsbccidDriver | ID = 12 Description = < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-26 14:28:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM641JI rev.2AJ10002 596,17GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Simon\AppData\Local\Temp\agloypog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031fe000 44 bytes [00, 00, 16, 02, 4E, 53, 49, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031fe02f 16 bytes [00, 58, 90, 2C, 07, 80, FA, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1372] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1676] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2020] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2080] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Windows\SysWOW64\schtasks.exe[3980] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\Windows\SysWOW64\schtasks.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Windows\SysWOW64\schtasks.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1356] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Simon\Desktop\gmer_2.1.19163.exe[2440] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007681cfca 5 bytes JMP 0000000172e64bb0 .text C:\Users\Simon\Desktop\gmer_2.1.19163.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Simon\Desktop\gmer_2.1.19163.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b6b62c5a8 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b6b62c5a8 (not active ControlSet) ---- EOF - GMER 2.1 ---- Ich würde mich sehr über Hilfe freuen und bedanke mich schonmal im Voraus. |