Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: mms@t-mobile.de Anhang geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.01.2013, 21:58   #1
just-edi
 
mms@t-mobile.de Anhang geöffnet - Standard

mms@t-mobile.de Anhang geöffnet



Guten Tag, wie auch schon einige andere habe ich eine E-Mail von "mms@t-mobile.de" erhalten.
Darin war eine Nummer zu sehen und eine Zip-Datei angehangen.
Diese habe ich dann dummerweise runtergeladen und mit winrar geöffnet.
Die Datei hieß Sybol.jpg.exe wenn ich mich nicht irre. Als ich sie ausgeführt habe passierte nichts. Danach wollte ich Chrome starten, doch anstatt Chrome öffnete sich dann der Internet Explorer und ich wurde aufgefordert java-updates zu installieren, was ich jedoch nicht gemacht habe.
Danach habe ich mich über Firefox informiert und gelesen, dass bei Leuten mit dem selben bzw. ähnlichen Problem Combofix geholfen hat.
Also habe ich das Programm heruntergeladen und ausgeführt mit folgendem Ergebnis:
Code:
ATTFilter
ComboFix 13-01-30.04 - Haus 30.01.2013  22:13:04.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2048.937 [GMT 1:00]
ausgeführt von:: c:\users\Haus\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\users\Haus\AppData\Roaming\videogmon.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-28 bis 2013-01-30  ))))))))))))))))))))))))))))))
.
.
2013-01-28 09:09 . 2013-01-12 02:30	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-27 08:46 . 2013-01-27 08:46	--------	d-----w-	c:\program files\Microsoft Mouse and Keyboard Center
2013-01-26 15:11 . 2013-01-26 15:13	--------	d-----w-	c:\program files\Google
2013-01-15 12:34 . 2013-01-15 12:34	--------	d-----w-	c:\program files\FreeTime
2013-01-09 20:52 . 2012-12-07 12:20	2576384	----a-w-	c:\windows\system32\gameux.dll
2013-01-09 20:50 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 20:49 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-08 16:15 . 2013-01-08 17:09	--------	d-----w-	c:\users\Haus\AppData\Roaming\HandBrake
2013-01-03 22:43 . 2010-10-22 01:01	78336	----a-w-	c:\windows\system32\fwusbnci.dll
2013-01-03 22:43 . 2010-10-22 01:01	586752	----a-w-	c:\windows\system32\drivers\fwlanusbn.sys
2013-01-03 22:43 . 2010-10-22 01:01	4352	----a-w-	c:\windows\system32\drivers\avmeject.sys
2013-01-03 22:43 . 2010-10-22 01:01	15565	----a-w-	c:\windows\system32\drivers\fwlanusbn.bin
2013-01-02 19:51 . 2013-01-02 19:51	--------	d-----w-	C:\Download
2013-01-02 19:49 . 2013-01-02 19:49	--------	d-----w-	c:\users\Haus\AppData\Roaming\Samsung
2013-01-02 19:45 . 2013-01-02 19:45	--------	d-----w-	C:\AllShare
2013-01-02 19:44 . 2013-01-02 19:44	--------	d-----w-	c:\program files\Samsung
2013-01-02 19:25 . 2013-01-02 19:25	--------	d-----w-	c:\users\Haus\AppData\Local\Downloaded Installations
2013-01-02 18:12 . 2012-07-01 23:15	4102656	----a-w-	c:\windows\system32\x264vfw.dll
2013-01-02 18:12 . 2011-12-07 18:32	216064	----a-w-	c:\windows\system32\lagarith.dll
2013-01-02 18:12 . 2004-05-18 19:16	39936	----a-w-	c:\windows\system32\huffyuv.dll
2013-01-02 18:12 . 2011-12-21 18:14	151552	----a-w-	c:\windows\system32\ac3acm.acm
2013-01-02 18:12 . 2011-06-24 15:44	243200	----a-w-	c:\windows\system32\xvidvfw.dll
2013-01-02 18:12 . 2011-06-24 15:28	650752	----a-w-	c:\windows\system32\xvidcore.dll
2013-01-02 18:12 . 2012-06-09 18:21	178688	----a-w-	c:\windows\system32\unrar.dll
2013-01-02 18:12 . 2012-12-24 18:00	112640	----a-w-	c:\windows\system32\ff_vfw.dll
2013-01-02 18:12 . 2013-01-02 18:12	--------	d-----w-	c:\program files\K-Lite Codec Pack
2013-01-02 18:06 . 2013-01-02 18:06	--------	d-----w-	c:\users\Haus\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 22:00 . 2012-03-28 18:18	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-08 22:00 . 2011-08-06 20:07	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-21 15:32	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:32	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-11-12 11:52 . 2012-12-12 12:16	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 12:16	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 14:37 . 2012-11-02 14:37	862664	----a-w-	c:\windows\system32\msvcr110.dll
2012-11-02 14:37 . 2012-11-02 14:37	534480	----a-w-	c:\windows\system32\msvcp110.dll
2012-11-02 14:37 . 2012-11-02 14:37	44184	----a-w-	c:\windows\system32\drivers\point32.sys
2012-11-02 14:37 . 2012-11-02 14:37	251864	----a-w-	c:\windows\system32\vccorlib110.dll
2012-11-02 14:37 . 2012-11-02 14:37	2122392	----a-w-	c:\windows\system32\coin92.dll
2012-11-02 05:11 . 2012-12-12 12:16	376832	----a-w-	c:\windows\system32\dpnet.dll
2007-03-12 16:59 . 2007-03-12 16:59	299008	----a-w-	c:\program files\navigram_register.exe
2013-01-19 17:03 . 2013-01-19 17:03	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Questler Bonusfinder"="c:\users\Haus\Desktop\bonusfinder.exe" [2011-08-11 1122304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1093232]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 1668720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AVMWlanClient"=c:\program files\avmwlanstick\FRITZWLANMini.exe
"Eraser"="c:\progra~1\Eraser\Eraser.exe" --atRestart
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccSetx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130129.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604000.009\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 SystemStore;System Store;c:\program files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S2 SystemStoreService;System Store Service;c:\program files\SelfUpdater\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\DRIVERS\Ph6xIB32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-26 15:13	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 22:00]
.
2011-08-05 c:\windows\Tasks\autokms.job
- c:\windows\AutoKMS.exe [2011-08-05 19:13]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 15:11]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 15:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = fritz.box
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Haus\AppData\Roaming\Mozilla\Firefox\Profiles\p9th0j0p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.questler.de/index.php?site=history
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-{EF53DD60-C4E2-11DB-3D6C-167690F54AE1} - c:\program files\Notation\Uninst_Notation Composer 2.6.3
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files\SelfUpdater\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\SelfUpdater\SystemStore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-30  22:30:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-30 21:30
.
Vor Suchlauf: 10 Verzeichnis(se), 85.410.258.944 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 85.173.698.560 Bytes frei
.
- - End Of File - - DC8EFCF86661988CB5A017814992FFD7
         
Nach dem Durchlaufen dieses Programms konnte ich keine Dateien oder Programme mehr öffnen, weil mir angeblich die Rechte gefehlt haben.
Doch nach einem Neustart hat sich das alles wieder geregelt. Somit konnte ich auch Chrome wieder nutzen, ohne dass der IE startete.
Jetzt habe ich jedoch Angst, dass da noch was ist, was nicht entfernt wurde.
(Norton konnte da nicht helfen, weil es nichts fand)
So habe ich auch hierher gefunden.
Wie in der Forenanleitung beschrieben habe ich die drei Programme durchlaufen lassen mit folgenden Logs:
OTL
Code:
ATTFilter
OTL logfile created on: 30.01.2013 23:40:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Haus\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,56% Memory free
4,00 Gb Paging File | 2,69 Gb Available in Paging File | 67,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 79,07 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 82,33 Gb Free Space | 55,24% Space Free | Partition Type: NTFS
 
Computer Name: HAUS-PC | User Name: Haus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.30 23:35:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Haus\Desktop\OTL.exe
PRC - [2013.01.25 17:03:23 | 000,462,848 | ---- | M] () -- C:\Programme\SelfUpdater\SystemStore.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012.11.02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012.05.21 14:42:44 | 000,050,176 | ---- | M] () -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareAgent.exe
PRC - [2011.08.11 21:22:55 | 001,122,304 | ---- | M] (Questler) -- C:\Users\Haus\Desktop\bonusfinder.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 12:04:36 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a45ad5e78dd84714738ac500e1412a9d\WindowsFormsIntegration.ni.dll
MOD - [2013.01.10 12:04:08 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
MOD - [2013.01.10 12:00:31 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\08c6c4697818c7c8fb4491469dc5daa1\UIAutomationProvider.ni.dll
MOD - [2013.01.10 12:00:30 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 12:00:15 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 23:47:35 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.09 23:47:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 23:47:09 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.09 23:47:04 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll
MOD - [2013.01.09 23:46:50 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.09 23:46:48 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.01.09 23:46:43 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.09 23:46:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 23:46:34 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.09 23:46:30 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 23:46:19 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.25 17:03:23 | 000,462,848 | ---- | M] () [Auto | Running] -- C:\Programme\SelfUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.01.19 18:03:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 23:00:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012.05.21 14:42:44 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore)
SRV - [2012.03.12 17:28:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Programme\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Haus\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.01.16 12:14:48 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130130.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.16 12:14:48 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130130.004\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.11.01 21:52:48 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.09.06 03:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130129.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 08:16:51 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 08:16:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.22 11:13:28 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.03.29 07:28:38 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symnets.sys -- (SymNetS)
DRV - [2012.03.29 07:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2012.03.29 07:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2011.12.04 12:23:19 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.20 01:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011.07.19 22:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.22 02:01:00 | 000,586,752 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2010.10.22 02:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.08.13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.07.13 23:54:15 | 001,277,952 | ---- | M] (NXP Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph6xIB32.sys -- (Ph6xIB32)
DRV - [2008.07.26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 14:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 14:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006.02.23 16:16:36 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3D 80 76 1A 29 FF CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.questler.de/index.php?site=history"
FF - prefs.js..extensions.enabledAddons: %7Bc2921baa-9930-4d73-a203-f69db688f139%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.04.06 13:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.07.22 11:14:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013.01.30 22:58:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 18:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 18:03:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 18:03:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 18:03:43 | 000,000,000 | ---D | M]
 
[2011.08.03 12:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\Extensions
[2012.12.11 14:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\Firefox\Profiles\p9th0j0p.default\extensions
[2011.08.30 14:37:57 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Haus\AppData\Roaming\mozilla\Firefox\Profiles\p9th0j0p.default\extensions\ffxtlbr@Facemoods.com
[2012.12.11 14:17:30 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\p9th0j0p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.05.18 17:00:59 | 000,003,714 | ---- | M] () (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\p9th0j0p.default\extensions\{c2921baa-9930-4d73-a203-f69db688f139}.xpi
[2010.10.10 15:46:56 | 000,004,669 | ---- | M] () (No name found) -- C:\Users\Haus\AppData\Roaming\mozilla\firefox\profiles\p9th0j0p.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
[2013.01.19 18:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.19 18:03:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.01.19 18:03:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.19 18:03:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.01.19 18:03:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.23 08:21:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 08:39:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 08:21:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 08:21:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 08:21:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 08:21:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - Extension: Google Docs = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Klicken, um Gutscheine f\u00FCr die aktuelle Seite anzuzeigen = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjacnemeogppppmlcoafbiacilcpngh\1.1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Users\Haus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.01.30 22:25:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Questler Bonusfinder] C:\Users\Haus\Desktop\bonusfinder.exe (Questler)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E0ED5CB-DC57-4AD4-8ECD-A53D4CD1D4F8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{402363ED-B8D6-45AD-8950-C0F9BE9A6C74}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.30 23:35:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Haus\Desktop\OTL.exe
[2013.01.30 23:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.30 22:29:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.30 22:23:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.30 22:10:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.30 22:10:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.30 22:10:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.30 22:07:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.30 22:06:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.30 22:02:38 | 005,028,065 | R--- | C] (Swearware) -- C:\Users\Haus\Desktop\ComboFix.exe
[2013.01.27 09:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.01.27 09:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.01.26 16:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.01.19 18:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.15 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013.01.15 13:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2013.01.08 17:15:13 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Roaming\HandBrake
[2013.01.05 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Haus\Desktop\Samsung ChannelListPCEditor 1.09
[2013.01.03 23:43:04 | 000,586,752 | ---- | C] (AVM GmbH) -- C:\Windows\System32\drivers\fwlanusbn.sys
[2013.01.03 23:43:04 | 000,078,336 | ---- | C] (AVM Berlin) -- C:\Windows\System32\fwusbnci.dll
[2013.01.03 23:43:04 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmeject.sys
[2013.01.02 20:51:55 | 000,000,000 | ---D | C] -- C:\Download
[2013.01.02 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Haus\Documents\My Videos
[2013.01.02 20:49:59 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Roaming\Samsung
[2013.01.02 20:45:37 | 000,000,000 | ---D | C] -- C:\AllShare
[2013.01.02 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.01.02 20:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013.01.02 20:36:20 | 000,000,000 | ---D | C] -- C:\Users\Haus\Documents\Meine Paletten
[2013.01.02 20:25:38 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Local\Downloaded Installations
[2013.01.02 19:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.01.02 19:12:33 | 004,102,656 | ---- | C] (x264vfw project) -- C:\Windows\System32\x264vfw.dll
[2013.01.02 19:12:33 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\Windows\System32\huffyuv.dll
[2013.01.02 19:12:32 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2013.01.02 19:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2013.01.02 19:06:35 | 000,000,000 | ---D | C] -- C:\Users\Haus\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.30 23:35:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Haus\Desktop\OTL.exe
[2013.01.30 23:34:34 | 000,000,000 | ---- | M] () -- C:\Users\Haus\defogger_reenable
[2013.01.30 23:33:47 | 000,050,477 | ---- | M] () -- C:\Users\Haus\Desktop\Defogger.exe
[2013.01.30 23:08:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.30 23:08:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.30 23:06:32 | 000,032,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.30 23:06:32 | 000,032,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.30 22:59:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.30 22:58:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.30 22:58:06 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.30 22:51:23 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.30 22:51:23 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.30 22:51:23 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.30 22:51:23 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.30 22:25:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.30 22:06:03 | 005,028,065 | R--- | M] (Swearware) -- C:\Users\Haus\Desktop\ComboFix.exe
[2013.01.30 12:06:10 | 000,000,264 | ---- | M] () -- C:\Users\Haus\Desktop\data.qst
[2013.01.29 20:41:36 | 000,999,795 | ---- | M] () -- C:\Users\Haus\Desktop\Bild (14).jpg
[2013.01.29 01:05:16 | 005,427,151 | ---- | M] () -- C:\Users\Haus\Desktop\Bedienungsanleitung_Deutz_D15.pdf
[2013.01.27 09:47:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2013.01.27 09:37:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.01.15 13:35:16 | 000,001,156 | ---- | M] () -- C:\Users\Haus\Desktop\Format Factory.lnk
[2013.01.10 07:50:57 | 003,852,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.02 20:49:58 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.30 23:34:34 | 000,000,000 | ---- | C] () -- C:\Users\Haus\defogger_reenable
[2013.01.30 23:33:47 | 000,050,477 | ---- | C] () -- C:\Users\Haus\Desktop\Defogger.exe
[2013.01.30 23:03:25 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.30 23:03:23 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.30 22:10:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.30 22:10:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.30 22:10:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.30 22:10:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.30 22:10:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.29 20:41:28 | 000,999,795 | ---- | C] () -- C:\Users\Haus\Desktop\Bild (14).jpg
[2013.01.29 01:05:16 | 005,427,151 | ---- | C] () -- C:\Users\Haus\Desktop\Bedienungsanleitung_Deutz_D15.pdf
[2013.01.27 09:47:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01011.Wdf
[2013.01.27 09:37:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01011.Wdf
[2013.01.15 13:35:14 | 000,001,156 | ---- | C] () -- C:\Users\Haus\Desktop\Format Factory.lnk
[2013.01.03 23:43:07 | 000,013,202 | ---- | C] () -- C:\Windows\instwcli.inf
[2013.01.03 23:43:04 | 000,015,565 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2013.01.02 20:49:58 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2013.01.02 19:12:33 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013.01.02 19:12:32 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013.01.02 19:12:32 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013.01.02 19:12:31 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013.01.02 19:12:26 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.09.28 14:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.05.18 17:23:09 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.03.09 05:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.03.09 05:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.12.27 20:43:41 | 002,261,764 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2011.12.27 20:43:17 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.10.12 11:25:02 | 000,000,054 | ---- | C] () -- C:\Windows\Composer.INI
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.05 20:13:17 | 000,614,400 | ---- | C] () -- C:\Windows\autokms.exe
[2011.08.04 17:27:03 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.08.04 17:27:03 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.08.04 17:27:03 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.08.04 17:27:03 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.08.04 17:27:03 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.08.04 17:27:03 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.08.04 17:27:03 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.08.04 17:27:03 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.08.04 17:27:03 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.08.04 17:27:03 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.08.04 17:27:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.08.04 17:27:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.08.04 17:27:03 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.08.04 17:27:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.08.04 17:27:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.08.04 17:27:03 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.08.04 17:27:03 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.08.04 17:27:03 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.08.04 17:27:03 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.08.04 13:37:41 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.07.14 18:13:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.14 17:45:16 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.04.12 02:30:05 | 000,654,150 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,130,022 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.12 17:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.01 19:03:07 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\.minecraft
[2012.04.06 20:22:29 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.06 13:54:01 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\com.adobe.dmp.contentviewer
[2012.04.02 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.27 09:42:02 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\DAEMON Tools Lite
[2013.01.26 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Dropbox
[2012.12.22 21:51:08 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\DVDVideoSoft
[2011.09.04 13:41:52 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.22 22:26:46 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\EPSON
[2012.06.26 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Freemium
[2013.01.08 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\HandBrake
[2012.03.28 11:34:58 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Leadertech
[2012.05.18 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\PrimoPDF
[2013.01.02 20:49:59 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\Samsung
[2012.11.26 20:10:26 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\TuneUp Software
[2012.07.03 21:41:12 | 000,000,000 | ---D | M] -- C:\Users\Haus\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.12.27 10:33:27 | 000,016,886 | ---- | M] ()(C:\Users\Haus\Desktop\??? ????????????????? ?????????? ?????????????.docx) -- C:\Users\Haus\Desktop\Для последовательного соединения аккумуляторов.docx
[2012.12.27 10:33:25 | 000,016,886 | ---- | C] ()(C:\Users\Haus\Desktop\??? ????????????????? ?????????? ?????????????.docx) -- C:\Users\Haus\Desktop\Для последовательного соединения аккумуляторов.docx

< End of report >
         
Extra
Code:
ATTFilter
OTL Extras logfile created on: 30.01.2013 23:40:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Haus\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,56% Memory free
4,00 Gb Paging File | 2,69 Gb Available in Paging File | 67,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 79,07 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 82,33 Gb Free Space | 55,24% Space Free | Partition Type: NTFS
 
Computer Name: HAUS-PC | User Name: Haus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1650022D-67BF-4DA0-9ED9-D51973FA3212}" = rport=138 | protocol=17 | dir=out | app=system | 
"{23B5CBB7-7896-49FC-9A82-B71B615CA54E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{245D27CC-63F4-4A20-B0D2-8FD55A93E3AA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{371B1762-F8C2-471F-801A-A67873E5C391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{41C56FF1-9850-42D5-A366-032160C91512}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4835210B-AAE3-41B9-90B7-11BEB7F61BCF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4D090177-EF12-426C-9483-B5EC668B5551}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6787C61B-8CD5-45A3-BFBA-8D57FFDE3C25}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6CD4503D-A411-45E9-ADC9-5258FBE14F61}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75F91104-A9DC-41E0-8587-67EB63F60E6E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{78377DB7-9194-41CB-85B0-2EFE3D006BDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8A7E1F67-AAB1-4E46-BF83-BAB54D12DDCE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9EDEC71E-42A4-4D92-B273-3E603EB5B4EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A0B87852-804B-46D3-80C3-27985F9E0A0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4DF8F73-FDD0-4F78-B8B7-50084A55C6F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA6CA66D-ACC2-459E-AF0B-1D950724833B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ABEEBDC5-2869-49B6-A45D-E4BCF6DAD686}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{B67C8387-4379-4E1D-92FF-77636E42BF3A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C66FE199-B77F-4FE8-840D-6040AD83A4FB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D3E723F7-7641-4DFA-BBF6-0D5D8A7CADC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D53854DD-7264-4B4C-A30A-746F2FA1A918}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E6E214F1-1BBC-40AD-B7B4-D4216FF10E23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E8896F83-6AF8-4894-A0E8-D8E20B1CFAB2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ECC91C7A-44CC-4500-BA25-281A47EBBED5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F00F5F20-3FC0-4135-A718-426D8F855793}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F1BB99A2-AE75-453D-BF6B-DD911617C05A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{130AC8B3-6BD8-4035-B1F1-7E88AB739DE2}" = protocol=17 | dir=in | app=c:\users\haus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2B111F32-C4A6-4ECA-98B5-F34C8360131D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2D2C7AF3-0272-4E30-B991-3BE67DFA024E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E74C3A0-8851-489F-AD20-B5A1345F45F0}" = protocol=6 | dir=in | app=c:\users\haus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{34B676AC-2F09-4B46-BC13-531532079DF5}" = protocol=6 | dir=out | app=system | 
"{3808ECB1-F1BF-43DF-B1EF-BCFB3A3B7625}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{3AA9F0CF-5343-42B8-99ED-01F98FA71262}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe | 
"{3ED1794B-D6AE-4306-9EF4-E208A22C9D06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3FF08098-A929-4C9D-9850-C725AE6E0B2A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{43474906-E326-49E3-B975-2147E2C56017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4B3D06A8-8B64-483F-BFC3-769A04932F96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B91ACA0-8FDF-4439-A0B3-E7A07E83C3CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5391ADC0-0246-48D2-B46C-01DA037EAA62}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe | 
"{543C393B-B4F3-4FE2-B1F6-64055F7F7D5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D4812C4-E3BD-4E1E-8EFB-CE1363569757}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{6B02BFFB-B76E-4F0B-923F-315DDBFEEA74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A6523BC-B175-40EE-8E53-A8AFF83EFB45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A330C5E2-4480-40BB-9EA8-B1F096A66ECC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBBC1FB4-B27C-4C82-8781-181AB2214F5B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BCDFD469-1FD6-486E-ACB8-8E997FF396BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C433E621-15BC-45CC-9335-95161AC95770}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe | 
"{DD169238-5A8A-4EDD-8518-7FBCAE068F5D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DDC40324-D129-4E9F-8F9A-0E0D2E7D7F4C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{E0D5E3CB-178B-4CB0-9974-6BBAFED614C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED060374-B0B1-4454-A71D-C3F880A7230A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EDC1F23A-E2DC-42C7-B563-9A6CACA2C807}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EF00C3D6-6E01-4FEB-9F4E-A687E2C14384}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EF046734-2DFF-43E1-B550-F21BCB4007C6}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe | 
"{F030AE29-09F1-4CD4-9DD2-883D4560348F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F78DEE11-44E2-4ED3-8981-A7CB0466363E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{FCDA192A-A460-4AC0-8689-39E80D00CCE6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3E7D839E-A6E7-B6F8-F855-CF69756E6331}" = AMD Media Foundation Decoders
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5180FB30-2AC7-1627-9856-AA0AE6ACB7E7}" = ccc-utility
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft-Maus- und Tastatur-Center
"{876B50AF-D46A-ED35-C625-20F326FE0C49}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A90D527A-B49D-439E-80FF-15676AB8AA35}_is1" = shopping-preise.de - AddOn für Chrome
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF595A9D-325A-0B86-4BFA-F2D90553A9FC}" = AMD Drag and Drop Transcoding
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068813-9F8D-9F7A-92C0-A3EECBA2D82B}" = AMD Catalyst Install Manager
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVMWLANCLI" = AVM FRITZ!WLAN
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W Benutzerhandbuch" = Epson Stylus SX510W_TX550W Handbuch
"EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series
"FormatFactory" = FormatFactory 3.0.1
"Google Chrome" = Google Chrome
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinDjView" = WinDjView 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2012 05:35:15 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.08.2012 02:57:28 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.08.2012 03:37:51 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.08.2012 16:11:51 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.08.2012 17:08:55 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.08.2012 02:38:37 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.08.2012 07:44:50 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.08.2012 11:38:27 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.08.2012 12:57:17 | Computer Name = Haus-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.08.2012 15:09:03 | Computer Name = Haus-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.01.2013 04:23:57 | Computer Name = Haus-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.01.2013 07:06:12 | Computer Name = Haus-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.01.2013 14:18:24 | Computer Name = Haus-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.01.2013 17:07:07 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "EPSON V5 Service4(01)" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 30.01.2013 17:07:07 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "EPSON V3 Service4(01)" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 30.01.2013 17:07:10 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.01.2013 17:12:27 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 30.01.2013 17:18:27 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 30.01.2013 17:23:25 | Computer Name = Haus-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 30.01.2013 17:24:30 | Computer Name = Haus-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?01.?2013 um 22:23:05 unerwartet heruntergefahren.
 
 
< End of report >
         
und gmer
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-31 18:19:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160023AS rev.3.00 149,05GB
Running: gmer_2.0.18454 (5).exe; Driver: C:\Users\Haus\AppData\Local\Temp\kxldipoc.sys


---- System - GMER 2.0 ----

SSDT   86547CC0                                                                                         ZwAlertResumeThread
SSDT   86547DA0                                                                                         ZwAlertThread
SSDT   87007880                                                                                         ZwAllocateVirtualMemory
SSDT   86417C00                                                                                         ZwAlpcConnectPort
SSDT   86547468                                                                                         ZwAssignProcessToJobObject
SSDT   86547A10                                                                                         ZwCreateMutant
SSDT   86547188                                                                                         ZwCreateSymbolicLinkObject
SSDT   87007D68                                                                                         ZwCreateThread
SSDT   86547278                                                                                         ZwCreateThreadEx
SSDT   86547548                                                                                         ZwDebugActiveProcess
SSDT   87007A50                                                                                         ZwDuplicateObject
SSDT   87007638                                                                                         ZwFreeVirtualMemory
SSDT   86547B00                                                                                         ZwImpersonateAnonymousToken
SSDT   86547BE0                                                                                         ZwImpersonateThread
SSDT   86416678                                                                                         ZwLoadDriver
SSDT   87007538                                                                                         ZwMapViewOfSection
SSDT   86547930                                                                                         ZwOpenEvent
SSDT   87007C30                                                                                         ZwOpenProcess
SSDT   87007970                                                                                         ZwOpenProcessToken
SSDT   86547770                                                                                         ZwOpenSection
SSDT   87007B40                                                                                         ZwOpenThread
SSDT   86547378                                                                                         ZwProtectVirtualMemory
SSDT   86547E80                                                                                         ZwResumeThread
SSDT   87007288                                                                                         ZwSetContextThread
SSDT   87007368                                                                                         ZwSetInformationProcess
SSDT   86547628                                                                                         ZwSetSystemInformation
SSDT   86547850                                                                                         ZwSuspendProcess
SSDT   86547008                                                                                         ZwSuspendThread
SSDT   86FD29E8                                                                                         ZwTerminateProcess
SSDT   870071A8                                                                                         ZwTerminateThread
SSDT   87007458                                                                                         ZwUnmapViewOfSection
SSDT   87007728                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         8327EA49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           832B84D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10DB                                                              832BF510 8 Bytes  [C0, 7C, 54, 86, A0, 7D, 54, ...]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                              832BF528 4 Bytes  [80, 78, 00, 87] {CMP BYTE [EAX+0x0], 0x87}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                              832BF534 4 Bytes  [00, 7C, 41, 86] {ADD [ECX+EAX*2-0x7a], BH}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                              832BF588 4 Bytes  [68, 74, 54, 86]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                              832BF604 4 Bytes  [10, 7A, 54, 86]
.text  ...                                                                                              
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x95A32000, 0x130E98, 0xE8000020]

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a77b59                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060a77b59@0025e7b1123e         0xE8 0xB9 0xBC 0x9C ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060a77b59 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060a77b59@0025e7b1123e             0xE8 0xB9 0xBC 0x9C ...

---- EOF - GMER 2.0 ----
         
Ich hoffe ihr könnt mir weiterhelfen. Ansonsten würde mir nur noch das formatieren bleiben.
Ich danke euch schonmal im voraus.

Geändert von just-edi (31.01.2013 um 22:30 Uhr)

Alt 03.02.2013, 10:53   #2
M-K-D-B
/// TB-Ausbilder
 
mms@t-mobile.de Anhang geöffnet - Standard

mms@t-mobile.de Anhang geöffnet



Servus,



Aus deiner Logdatei:
Zitat:
2011-08-05 c:\windows\Tasks\autokms.job
- c:\windows\AutoKMS.exe [2011-08-05 19:13]
Bitte lesen: Cracks, Keygens und andere illegale Software

Dateien, wie crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.

Außerdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten.

Damit ist das Thema beendet.
__________________

__________________

Antwort

Themen zu mms@t-mobile.de Anhang geöffnet
bho, combofix, desktop, e-mail, error, firefox, flash player, freemium, helper, internet explorer, intranet, jdownloader, logfile, lws.exe, mms@t-mobile.de, mozilla, nodrives, problem, programm, realtek, registry, scan, security, senden, software, starten, stick, svchost.exe, symantec, system, visual studio, windows



Ähnliche Themen: mms@t-mobile.de Anhang geöffnet


  1. DHL-Mail Anhang geöffnet
    Log-Analyse und Auswertung - 02.06.2015 (9)
  2. DHL Spam-Anhang mit Mac geöffnet?
    Alles rund um Mac OSX & Linux - 29.05.2015 (1)
  3. DHL Spam-Anhang mit Mac geöffnet
    Alles rund um Mac OSX & Linux - 28.05.2015 (8)
  4. Bei Rechnungsaufforderung Anhang geöffnet.
    Log-Analyse und Auswertung - 10.05.2015 (9)
  5. DHL Paketankündigung Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (19)
  6. DHL Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (9)
  7. UPS-Mail anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (9)
  8. Anhang mit Trojaner geöffnet
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (19)
  9. ZIP Anhang in Mahnungsmail geöffnet
    Log-Analyse und Auswertung - 07.05.2013 (7)
  10. Email-Anhang (ZIP) geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (1)
  11. Mydirtyhobby.de Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (13)
  12. T-mobile mms mit Anhang foto_{symbol}.zip
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (6)
  13. Mail von noreply@t-mobile (Urheberrechtsverletzung) geöffnet
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (1)
  14. Email Anhang geöffnet!
    Log-Analyse und Auswertung - 11.03.2013 (44)
  15. Zip-Anhang von Rechnungsmail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (8)
  16. zip. Anhang geöffnet TR/Matsnu.EB.101
    Log-Analyse und Auswertung - 21.02.2013 (19)
  17. NACHA anhang geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (15)

Zum Thema mms@t-mobile.de Anhang geöffnet - Guten Tag, wie auch schon einige andere habe ich eine E-Mail von "mms@t-mobile.de" erhalten. Darin war eine Nummer zu sehen und eine Zip-Datei angehangen. Diese habe ich dann dummerweise runtergeladen - mms@t-mobile.de Anhang geöffnet...
Archiv
Du betrachtest: mms@t-mobile.de Anhang geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.