Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mail account gehackt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 27.07.2013, 10:57   #1
Timon93
 
Mail account gehackt? - Standard

Mail account gehackt?



Hallo,
seit drei Tagen bekomme ich bei meinem E-mail account bei GMX in jeweils sehr kurzem Zeitraum, sehr viel Mails mit dem Titel "Mail delivery failed: returning message to sender" vom Absender "mailer-daemon@gmx.de". Der Inhalt der Mails ist jeweils ein wenig unterschiedelich. Hier ein Beispiel:

Zitat:
This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address failed: "wilfredo.rosa@comcast.net": SMTP error from remote server in greeting: host: mx1.comcast.net: imta05.westchester.pa.mail.comcast.net comcast 212.227.17.22 Comcast Blocked for spam. Please see hxxp://postmaster.comcast.net/smtp-error-codes.php#BL000000 --- The header of the original message is following. --- Received: from gmx.de ([101.51.206.83]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0MJjvw-1V3fTa3bV6-0018gg for <wilfredo.rosa@comcast.net>; Fri, 26 Jul 2013 05:48:20 +0200 Date: Fri, 26 Jul 2013 06:46:35 +0300 From: ***@gmx.de To: wilfredo.rosa@comcast.net Subject: Message-ID: <0MeP5b-1Uk4IV2HPT-00QG3B@mail.gmx.com> X-Provags-ID: V03:K0:6Q+s/1SaMiQ/WtYbBHzt6TwK85KF1FW6MouRol/ukRaH09RX8Qt eB4sjo2MrgEFgdZx8buTgpnSVMUw0HpRwXfuvpaKwTs1Pgr7QaM56lqygtVYiNUeZxgCCFU RIvRUadjFZAyh5rG66gbTniwyCUaTKcKrGcr6sehAzKTeb4kmoBvfWXLLNIVgcca1Jj/1xO uirPa9/Xuf1oKMQcKpY+Q==
Ist mein Mail account gehackt?
Was soll ich tun?

Bisher habe ich einen Scan mit der Antivirensoftware "Avira: Antivir" durchgeführt, welcher aber zu keinen Funden geführt hat.
Außerdem habe ich schon die drei in diesem Thread (http://www.trojaner-board.de/69886-a...-beachten.html) beschriebenen Schritte durchgeführt:

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 26.07.2013 12:37:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,91% Memory free
7,73 Gb Paging File | 6,34 Gb Available in Paging File | 82,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,00 Gb Total Space | 101,96 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 344,27 Gb Total Space | 203,82 Gb Free Space | 59,20% Space Free | Partition Type: NTFS
Drive E: | 6,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.26 12:15:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
PRC - [2013.06.24 10:14:57 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.24 10:14:30 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.24 10:14:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010.02.03 15:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.02.03 15:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.06.03 11:57:01 | 002,521,552 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.03 10:40:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.24 10:14:57 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.24 10:14:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.05 14:40:12 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.01.31 09:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.03 15:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.02.03 15:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.28 02:12:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 02:12:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 02:12:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.07 20:27:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.09.07 11:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.05 13:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.11 15:26:20 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.10.11 15:26:20 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.07.08 10:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.02.26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009.04.08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=119776&babsrc=HP_ss_din2g&mntrId=6EAFE811320B720F
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119776&babsrc=HP_ss_din2g&mntrId=6EAFE811320B720F
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 F1 B2 6D 80 FC CC 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=6EAFE811320B720F
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.spox.com"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Simon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Simon\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.07 18:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2013.07.25 22:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\p5c6bd9b.default\extensions
[2013.07.25 22:46:09 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\p5c6bd9b.default\extensions\ich@maltegoetz.de
[2013.07.25 12:04:52 | 000,824,431 | ---- | M] () (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.01 19:59:31 | 000,006,471 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\searchplugins\babylon.xml
[2013.05.01 19:59:31 | 000,006,471 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\searchplugins\BrowserProtect.xml
[2013.03.24 13:22:59 | 000,001,294 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\p5c6bd9b.default\searchplugins\delta.xml
[2013.05.18 21:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.18 20:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.03 10:40:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.24 13:22:38 | 000,006,468 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Simon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A549E86-7573-4F64-AF51-409A5D8FD9BC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF784BCA-BC82-4FC5-8784-94AD0C0DE338}: DhcpNameServer = 141.24.53.248 141.24.53.227
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.05 14:16:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012.09.05 22:17:04 | 000,000,054 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{313318f1-6875-11e1-8f5b-000b6b62c5a8}\Shell - "" = AutoRun
O33 - MountPoints2\{313318f1-6875-11e1-8f5b-000b6b62c5a8}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{d25b58aa-686c-11e1-aa4b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d25b58aa-686c-11e1-aa4b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012.09.07 03:13:42 | 000,298,640 | R--- | M] (2K Sports)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.26 12:15:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2013.07.25 17:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.07.25 17:17:37 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Google
[2013.07.25 17:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.26 12:22:13 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.26 12:15:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2013.07.26 12:12:13 | 000,000,000 | ---- | M] () -- C:\Users\Simon\defogger_reenable
[2013.07.26 11:50:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.26 11:31:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 11:31:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.26 11:23:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.26 11:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.26 11:23:13 | 3111,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.25 16:26:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-562858968-3123787554-3258265573-1000UA.job
[2013.07.25 16:26:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-562858968-3123787554-3258265573-1000Core.job
[2013.07.25 12:00:18 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.25 12:00:18 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.25 12:00:18 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.25 12:00:18 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.25 12:00:18 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 16:50:03 | 000,527,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.07.26 12:12:13 | 000,000,000 | ---- | C] () -- C:\Users\Simon\defogger_reenable
[2013.07.25 17:17:45 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.25 17:17:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 16:00:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.06.26 11:44:36 | 000,000,058 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\AVSDVDPlayer.m3u
[2012.06.26 11:41:12 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.06.26 11:41:12 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.14 18:34:01 | 001,599,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.13 00:35:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\2K Sports
[2012.10.19 12:40:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Autodesk
[2013.03.24 13:23:17 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BabSolution
[2013.03.24 13:22:13 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Babylon
[2013.01.18 15:59:06 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\CADClick
[2013.02.20 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Canon
[2012.03.07 21:01:17 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite
[2013.07.17 17:44:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Dropbox
[2013.06.20 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\File Scout
[2012.03.07 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Trillian
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 26.07.2013 12:37:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,91% Memory free
7,73 Gb Paging File | 6,34 Gb Available in Paging File | 82,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,00 Gb Total Space | 101,96 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
Drive D: | 344,27 Gb Total Space | 203,82 Gb Free Space | 59,20% Space Free | Partition Type: NTFS
Drive E: | 6,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Simon\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Simon\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{161D85DA-226F-4F17-8D44-D91552300529}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17531D83-6E0B-4468-8855-CBEBC868BA73}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1A11A304-302B-4B63-9F0A-AB65197B3E26}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{278DFD7C-9F34-46A1-8EA0-8B07B5E52A73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{279DEFBB-9DD9-45D3-B307-C8DCB27E7FF3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{28F1A02F-9EA1-44FD-BCFC-D8C7FF8A0AE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FB98104-AC58-4E99-A076-02486D7A2891}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32000A4C-F056-4AB0-9BB9-DA562FB9EE25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{449C4404-9999-44F3-A484-4732B0CC8BD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4D0C4B5F-F5C9-478D-9204-6B83B50701CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50FDB541-1E9F-4E99-ABA2-F59456C782E2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{525DCE7D-7C97-449F-94D4-F29EAEDAB3C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5313BD5C-963C-4729-A286-35EA726C1852}" = lport=137 | protocol=17 | dir=in | app=system | 
"{543FD2DC-15AC-4813-8CEF-CD2A6FDCADF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5BF0DD54-B569-4F0B-A448-866803FE0FE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{741A7698-0A6D-41BC-95E7-D600495EF388}" = rport=137 | protocol=17 | dir=out | app=system | 
"{869D3ACE-2EB4-40E3-AFBE-0E08E9A971AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{998F8080-DBFB-4CB4-9C0E-8617D59C08F8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99C14B2A-46DE-443A-A9B6-3CE90F148FBF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{A6117FB6-B665-43D6-8234-35E6AA0A9F38}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AACE4C2C-FF6D-4481-A07B-7028409627E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AC3F4A41-95DC-4156-A171-8570B4E2E91B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B346AB3C-30E4-4F1D-8848-53FF33061BE4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B3A85205-16D4-4760-880B-FFCFCFEA10B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D136E579-BE1D-4545-B904-8AFE7A06A842}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DD216CCE-6673-4EB7-9A71-E38634E0D576}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EDEC3793-9126-42A3-8319-46E49457E6C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF435F15-19BC-4BC8-8CAA-1B6033330D64}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F04CCCE9-EB35-4E59-9D09-C1935955F225}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F7C7D2AE-3736-4049-9016-C7D0C384F2B6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FE93D0DC-148C-456B-B6AF-931599539766}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FEC6D34F-41EE-46C2-9876-999CAD7F2BB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FFCC01A4-FD74-41BE-AF54-D48F5E209F31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007A9D99-E009-42BD-814A-46A70F020E41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{066ABA83-D2CA-4777-9FEC-AAB7FF718F61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1205B051-D820-4A07-B6C8-B3705356F3CC}" = protocol=6 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | 
"{176FAEF8-464A-4B53-8A97-068821534865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{190996E4-26FD-4F48-BA9F-E383B098BEE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1FAE222C-BD68-4174-932F-C17B37026D15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{27186CA8-3348-458B-979D-80A987AB0D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2FA3A5B6-3BB9-4F52-B2C1-927FE4A10408}" = protocol=17 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | 
"{38BF3CA3-83F7-46BD-840F-4D6763BEBDEC}" = protocol=17 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | 
"{39C1AB34-91C6-4170-9D2D-A96885540456}" = protocol=17 | dir=in | app=d:\spiele\pes2012.exe | 
"{3B4BE076-9063-4D49-85E8-3F37E3565F5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A006ECB-EB2B-4361-825A-C4A74E034CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5D50A1C4-3747-4761-BA59-D4ABCA5C64B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{734B8D6C-94CC-47EA-B90C-C7F09D98FAD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7827ABC8-3977-4AAC-AB77-A058AFD6AE57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7CFCE543-6FEC-4914-B1B4-A35BF70E8754}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8E14A283-B022-4121-92D1-F7EBE393DEFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9015D322-424D-45C9-B260-BB927ACA05CF}" = protocol=17 | dir=in | app=d:\spiele\pes2012.exe | 
"{9550F8C8-EE2A-4B2B-9691-97474C247954}" = dir=in | app=c:\users\simon\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{A188EBBB-128B-4B5D-A8B9-7212DE136BB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1A36F90-FFAF-4DB2-9CF6-6DF2A89E43B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B0BDA5BD-5659-44F2-A675-F68F15DB1C56}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B8D8FCA4-191A-424B-9DD1-00B8E5BAD404}" = protocol=6 | dir=in | app=d:\spiele\pes2012.exe | 
"{BB1AF004-C14B-475E-BB66-E0A91C17D48A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BBB85200-6F4E-4564-BB4E-ED7865D5CB61}" = protocol=17 | dir=in | app=d:\spiele\2k sports\nba2k13.exe | 
"{C25086D8-6946-47B3-B3A9-D40A8DFAA544}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C48BA561-AA75-4165-A2D4-7AE20F3420A6}" = protocol=6 | dir=in | app=d:\spiele\pes2012.exe | 
"{C4C20563-872B-4826-8BBC-B9CAEF759A7F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C78D91F9-B18D-453A-AC5A-77D1F28A320B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D29C041A-1646-434E-9B25-BC94D0EC8D46}" = protocol=6 | dir=out | app=system | 
"{D6180382-312C-49A9-A922-DACFAB795408}" = protocol=17 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | 
"{D83409FB-2551-4F8D-9F7E-102AE4F05720}" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D97335C1-F504-4B60-913F-787B9C1DE676}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E1E22491-0B4B-4FBB-9632-3DC52D630D07}" = protocol=6 | dir=in | app=d:\spiele\2k sports\nba2k13.exe | 
"{E46963ED-FB91-4CDE-8250-BD554CF8788C}" = protocol=6 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | 
"{E86C3D17-B8D6-4514-A915-B13F11E38002}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA643289-74E4-4542-91CE-799E1342A580}" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EF7F4554-75FF-48CA-85EB-04E2C4084391}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F6B58531-B27C-4C7E-A612-A8D35F15DB53}" = protocol=6 | dir=in | app=d:\spiele\pro evo 13\pes2013.exe | 
"{FFBCD866-BECA-4EFC-872F-47306A35E8C6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"TCP Query User{2FC051B7-797D-46F6-9CF6-CDBECE751EDF}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | 
"TCP Query User{466D9872-B77E-4BC9-9610-5EB89E2DC65C}D:\spiele\modern warfare 2\iw4mp.dat" = protocol=6 | dir=in | app=d:\spiele\modern warfare 2\iw4mp.dat | 
"TCP Query User{626EC7E9-C053-46E7-B0CF-7CB9CA56B40C}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | 
"TCP Query User{78D857E6-45A7-46D7-B683-84FB9677E60E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{B35F96BD-1F60-4DB7-80EB-C46E4A998915}D:\spiele\age of empires iii\age3.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires iii\age3.exe | 
"TCP Query User{CD66A38C-DC4F-4B59-B3DC-32B09FDDD6D9}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{EFABF768-86A0-4A0F-ADCF-B84C19C1C279}D:\spiele\age of empires iii\age3.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires iii\age3.exe | 
"TCP Query User{F759A681-5688-4037-A330-963E5F9BE765}D:\spiele\2k sports\nba 2k12\nba2k12.exe" = protocol=6 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | 
"UDP Query User{0BEE57C5-D728-4F55-88F2-30D825D19D25}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | 
"UDP Query User{2FB9C924-4AD2-4FFA-82A3-D7AD2804D9E4}D:\spiele\call of duty- modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty- modern warfare 3\iw5mp.exe | 
"UDP Query User{71D21351-C274-4099-8AF1-6C903AD62D2C}D:\spiele\2k sports\nba 2k12\nba2k12.exe" = protocol=17 | dir=in | app=d:\spiele\2k sports\nba 2k12\nba2k12.exe | 
"UDP Query User{823AFB47-4307-44BB-86DF-78B4D8AC946D}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{86FBF453-D04C-450C-A0A4-D94EE292AE2E}D:\spiele\age of empires iii\age3.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires iii\age3.exe | 
"UDP Query User{8E09CB4D-A7EF-43A0-9D8E-D334E9860056}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{C27009D3-D192-416F-8BE5-B11277496EF6}D:\spiele\age of empires iii\age3.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires iii\age3.exe | 
"UDP Query User{CF762A4E-9A57-4098-AC8C-E1420C85E5BF}D:\spiele\modern warfare 2\iw4mp.dat" = protocol=17 | dir=in | app=d:\spiele\modern warfare 2\iw4mp.dat | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"DWG TrueView 2013" = DWG TrueView 2013
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE7EA637-9C65-4D57-9342-DDD98315AA58}" = Gemalto PKCS#11 For .NET Smart Cards V2+
"1ClickDownload" = Movie2KDownloader
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Athens 2004" = Athens 2004
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.12.2012 11:17:49 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 31.12.2012 15:17:37 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 01.01.2013 20:27:30 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 02.01.2013 15:15:06 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 02.01.2013 20:57:55 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 03.01.2013 08:18:12 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 03.01.2013 11:01:25 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 05.01.2013 08:20:30 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 05.01.2013 11:02:41 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 05.01.2013 13:55:37 | Computer Name = Simon-PC | Source = MsiInstaller | ID = 11316
Description = 
 
[ System Events ]
Error - 28.06.2013 16:42:33 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Peernetzwerkidentitäts-Manager" Korrekturmaßnahmen (Neustart des 
Diensts) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 04.07.2013 10:23:35 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Adobe Acrobat Update Service erreicht.
 
Error - 07.07.2013 04:30:33 | Computer Name = Simon-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 11.07.2013 12:25:10 | Computer Name = Simon-PC | Source = bowser | ID = 8003
Description = 
 
Error - 21.07.2013 07:07:06 | Computer Name = Simon-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 25.07.2013 05:58:49 | Computer Name = Simon-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 25.07.2013 05:58:49 | Computer Name = Simon-PC | Source = WudfUsbccidDriver | ID = 6
Description = 
 
Error - 25.07.2013 06:10:01 | Computer Name = Simon-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 25.07.2013 06:10:01 | Computer Name = Simon-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 25.07.2013 06:10:01 | Computer Name = Simon-PC | Source = WudfUsbccidDriver | ID = 12
Description = 
 
 
< End of report >
         
Gmer.txt:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-26 14:28:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM641JI rev.2AJ10002 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Simon\AppData\Local\Temp\agloypog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                   fffff800031fe000 44 bytes [00, 00, 16, 02, 4E, 53, 49, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                                   fffff800031fe02f 16 bytes [00, 58, 90, 2C, 07, 80, FA, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                    000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           00000000764b1465 2 bytes [4B, 76]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1372] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                 000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        00000000764b1465 2 bytes [4B, 76]
.text     C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe[1372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1676] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000764b1465 2 bytes [4B, 76]
.text     C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2020] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                  000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000764b1465 2 bytes [4B, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2080] C:\Windows\syswow64\USER32.dll!DialogBoxParamW            000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000764b1465 2 bytes [4B, 76]
.text     C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2376] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000764b1465 2 bytes [4B, 76]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Windows\SysWOW64\schtasks.exe[3980] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\Windows\SysWOW64\schtasks.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                       00000000764b1465 2 bytes [4B, 76]
.text     C:\Windows\SysWOW64\schtasks.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                      00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1356] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                  000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000764b1465 2 bytes [4B, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2
.text     C:\Users\Simon\Desktop\gmer_2.1.19163.exe[2440] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                       000000007681cfca 5 bytes JMP 0000000172e64bb0
.text     C:\Users\Simon\Desktop\gmer_2.1.19163.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              00000000764b1465 2 bytes [4B, 76]
.text     C:\Users\Simon\Desktop\gmer_2.1.19163.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             00000000764b14bb 2 bytes [4B, 76]
.text     ...                                                                                                                                                                  * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000b6b62c5a8                                                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000b6b62c5a8 (not active ControlSet)                                                                      

---- EOF - GMER 2.1 ----
         

Ich würde mich sehr über Hilfe freuen und bedanke mich schonmal im Voraus.

 

Themen zu Mail account gehackt?
7-zip, acrobat update, adware.bprotector, avira, delta chrome toolbar, e-mail, failed, filescout.exe, flash player, gmx.de, iexplore.exe, install.exe, mail delivery, mailer-daemon@gmx.de, msiinstaller, nemesis, plug-in, security, senden, svchost.exe, win32/adware.1clickdownload.w, win32/conficker.z, win32/packed.vmprotect.aah, win32/startpage.oph




Ähnliche Themen: Mail account gehackt?


  1. E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 28.10.2015 (57)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. Email Account gehackt? Mail Delivery
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (24)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. E-Mail-Account auf Mac gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (5)
  6. E-Mail Account gehackt? mailer-daemon@gmx.de
    Plagegeister aller Art und deren Bekämpfung - 24.07.2013 (17)
  7. AOL E-Mail Account gehackt?
    Überwachung, Datenschutz und Spam - 08.07.2013 (23)
  8. Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (23)
  9. Gmx Mail Account gehackt? Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (38)
  10. Amazon + E-mail account gehackt
    Log-Analyse und Auswertung - 26.02.2013 (13)
  11. E- Mail Account gehackt?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (82)
  12. Mail Account gehackt? Was ist tokenserver?
    Überwachung, Datenschutz und Spam - 10.06.2012 (87)
  13. AOL E-Mail Account gehackt? Nr. 2
    Überwachung, Datenschutz und Spam - 14.02.2012 (0)
  14. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  15. E-Mail Account gehackt
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (28)
  16. Web.de Account gehackt? (Mail Delivery System)
    Überwachung, Datenschutz und Spam - 27.02.2009 (4)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema Mail account gehackt? - Hallo, seit drei Tagen bekomme ich bei meinem E-mail account bei GMX in jeweils sehr kurzem Zeitraum, sehr viel Mails mit dem Titel "Mail delivery failed: returning message to sender" - Mail account gehackt?...
Archiv
Du betrachtest: Mail account gehackt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.