Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: Anhang einer Phishing Mail geöffnet

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 14.06.2013, 20:17   #1
Struct
 
Anhang einer Phishing Mail geöffnet - Standard

Anhang einer Phishing Mail geöffnet



Hallo

Ich habe diesen Beitrag:
http://www.trojaner-board.de/136558-...ml#post1085331
... erstellt und man hat mir gesagt, dass ich ein Logfile mit OTL erstellen und posten soll. Ich vermute, dass das hier in diesem Unterforum gemacht wird.

Wenn ich vergessen habe private Stellen zu löschen wäre ich dankbar, wenn ihr mir kurz Bescheid gebt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.06.2013 19:19:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,81% Memory free
5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 193,52 Gb Total Space | 137,53 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
Drive D: | 104,57 Gb Total Space | 98,79 Gb Free Space | 94,47% Space Free | Partition Type: NTFS
Drive F: | 14,40 Gb Total Space | 14,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: xxxx-LAPTOP | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.14 19:16:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.06.30 21:01:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.01 00:06:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) -- C:\Programme2\maxdome\DCBin\DCService.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2013.01.09 18:12:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.30 21:01:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.01 00:06:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.28 12:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.01 18:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Auto | Running] -- C:\Programme2\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.30 21:01:14 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 21:01:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.20 16:30:54 | 000,193,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.12 01:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.08.24 19:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.08.24 19:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.08.24 19:30:40 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2010.08.24 19:30:40 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.04.27 04:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.04.27 04:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.07.10 12:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 3C 1C 3F 95 95 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6EF530F9-6C3A-4178-BAB2-E62D97095CBD}: "URL" = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms}
IE - HKCU\..\SearchScopes\{9790F99F-1AC4-49EE-AC3F-34E9D096FD49}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang=de&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.4
FF - prefs.js..extensions.enabledAddons: leethax@leethax.net:2013.03.16
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:5.5
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.15
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ffext@startpage24:2.0.0.586
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\Program Files\Startpage24\Plugin\Version_586\firefox\plugins\nplink64.dll (Link64 GmbH)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme2\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.07 09:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffext@startpage24: C:\Program Files\Startpage24\Plugin\Version_586\firefox [2011.03.20 01:07:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.09 18:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.27 13:41:32 | 000,000,000 | ---D | M]
 
[2010.12.07 00:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions
[2013.06.13 22:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions
[2013.01.09 18:12:36 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.09.27 13:20:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.06.13 22:36:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\ejm50llh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.18 17:30:00 | 000,021,579 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\extensions\leethax@leethax.net.xpi
[2013.06.12 19:51:00 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013.03.13 18:55:47 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.06.23 23:42:20 | 000,005,248 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\mozilla\firefox\profiles\ejm50llh.default\searchplugins\Startpage24.xml
[2012.04.03 14:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.09 18:12:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.09 18:12:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.09 18:12:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.09 18:12:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.09 18:12:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.09 18:12:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.09 18:12:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Startpage24) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\Programme\Startpage24\Plugin\Version_586\link64_plugin.dll (Link64 GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [mixerxg] C:\Users\xxxx\AppData\Roaming\mixerxg.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6FC371A-76B7-4E47-907A-6CF51C121652}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF1D08D3-8994-4CF2-B2CB-23D9207DED51}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F29978D8-AFC5-4CEF-BFA5-623864B62C7A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\startpage24 {879506D7-73DF-8D45-BBDD-123467926D12} - C:\Programme\Startpage24\Plugin\Version_586\link64_plugin.dll (Link64 GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5ad0a7b2-8ed6-11e0-8659-001f160bd76a}\Shell - "" = AutoRun
O33 - MountPoints2\{5ad0a7b2-8ed6-11e0-8659-001f160bd76a}\Shell\AutoRun\command - "" = F:\NPSAI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2EB3FE2C-D1A6-65F2-61CA-0D299031B992} - Java (Sun)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^xxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme2\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Programme2\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme2\Home Cinema\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Programme2\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Programme2\Home Cinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: Ulead Photo Express 5 SE Calendar Checker - hkey= - key= -  File not found
MsConfig - StartUpReg: ulutclbu - hkey= - key= - C:\Users\xxxx\AppData\Roaming\Tswvdpj\osmhclbu.exe (Bloodshed Software)
MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Programme2\Home Cinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Programme2\Home Cinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.14 19:16:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2013.06.14 17:38:43 | 000,000,000 | ---D | C] -- C:\d6af526708e6e9ddbfffdbd8fbc6bf
[2013.06.14 17:15:34 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes
[2013.06.14 17:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.14 17:15:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.14 17:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.14 17:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.06.14 17:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.06.14 17:15:07 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.06.14 17:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.06.14 17:14:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Programs
[2013.06.14 17:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.06.14 17:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013.06.14 17:05:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.13 22:24:30 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Tswvdpj
[2013.06.11 21:57:25 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Saved Games
[2013.05.19 14:46:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8100CF49-B584-4762-9002-E1877B4E6602}
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.14 19:19:51 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.14 19:19:51 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.14 19:19:26 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.14 19:19:26 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.14 19:19:26 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.14 19:19:26 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.14 19:16:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2013.06.14 19:11:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.14 19:11:40 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.14 17:15:24 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.14 17:15:12 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.06.14 17:09:18 | 314,125,949 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.11 21:56:32 | 000,443,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.14 17:15:24 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.14 17:15:12 | 000,002,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.06.14 17:15:12 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.06.14 17:05:42 | 314,125,949 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.10.19 13:44:40 | 000,166,152 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.10 08:19:46 | 000,003,584 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.07 18:44:08 | 000,055,302 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.12.07 09:06:50 | 000,055,302 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.07.14 01:11:09 | 000,265,216 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\mixerxg.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.03.29 15:39:58 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Ashampoo
[2010.12.12 17:31:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Boomzap
[2011.01.14 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Gaijin Ent
[2011.06.18 16:00:39 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\GARMIN
[2011.06.01 22:36:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Leadertech
[2010.12.08 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Lexmark Productivity Studio
[2011.06.08 00:06:23 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ML
[2011.03.27 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Opera
[2010.12.12 17:58:53 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Runes of Avalon 2
[2011.08.12 00:32:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Samsung
[2010.12.08 15:40:02 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ScreenSeven
[2011.06.14 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Startpage24
[2013.06.13 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Tswvdpj
[2010.12.11 22:19:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TuneUp Software
[2010.12.20 19:43:15 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.12.09 00:50:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.02.25 08:52:33 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.06.14 17:28:11 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2013.06.14 17:38:45 | 000,000,000 | ---D | M] -- C:\d6af526708e6e9ddbfffdbd8fbc6bf
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.06 23:28:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.19 14:54:41 | 000,000,000 | ---D | M] -- C:\Intel
[2011.06.22 15:29:28 | 000,000,000 | ---D | M] -- C:\Medion
[2010.12.07 23:29:01 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.29 15:52:54 | 000,000,000 | ---D | M] -- C:\PlugIns
[2013.06.14 17:27:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.14 17:15:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.06 23:28:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.09.27 13:41:06 | 000,000,000 | ---D | M] -- C:\Programme2
[2010.12.06 23:28:30 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.20 01:03:09 | 000,000,000 | ---D | M] -- C:\startpage24
[2013.06.14 19:21:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.14 00:13:36 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.14 17:05:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme2\Home Cinema\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2013.05.16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.12.20 16:31:08 | 000,435,736 | R--- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Medion\[02] AHCI\f6flpy-x86\iaStor.sys
[2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010.12.20 16:31:08 | 000,540,696 | R--- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Medion\[02] AHCI\f6flpy-x64\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.02.25 15:58:44 | 000,000,068 | -HS- | M] () -- C:\Users\xxxx\desktop.ini
[2013.06.14 19:33:20 | 004,980,736 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat
[2013.06.14 19:33:20 | 000,262,144 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat.LOG1
[2010.12.06 23:28:44 | 000,000,000 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat.LOG2
[2010.12.06 23:31:05 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.12.06 23:31:05 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.12.06 23:31:05 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.06.14 16:56:36 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{90bf9e35-d502-11e2-9a74-001f160bd76a}.TM.blf
[2013.06.14 16:56:36 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{90bf9e35-d502-11e2-9a74-001f160bd76a}.TMContainer00000000000000000001.regtrans-ms
[2013.06.14 16:56:36 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{90bf9e35-d502-11e2-9a74-001f160bd76a}.TMContainer00000000000000000002.regtrans-ms
[2013.06.14 17:07:01 | 000,065,536 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{daae2454-d503-11e2-a596-ea975c9c1fc5}.TM.blf
[2013.06.14 17:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{daae2454-d503-11e2-a596-ea975c9c1fc5}.TMContainer00000000000000000001.regtrans-ms
[2013.06.14 17:07:01 | 000,524,288 | -HS- | M] () -- C:\Users\xxxx\ntuser.dat{daae2454-d503-11e2-a596-ea975c9c1fc5}.TMContainer00000000000000000002.regtrans-ms
[2010.12.06 23:28:44 | 000,000,020 | -HS- | M] () -- C:\Users\xxxx\ntuser.ini
[2011.06.22 14:36:49 | 000,024,576 | -HS- | M] () -- C:\Users\xxxx\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2013 19:19:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,81% Memory free
5,99 Gb Paging File | 4,91 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 193,52 Gb Total Space | 137,53 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
Drive D: | 104,57 Gb Total Space | 98,79 Gb Free Space | 94,47% Space Free | Partition Type: NTFS
Drive F: | 14,40 Gb Total Space | 14,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: xxxx-LAPTOP | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Value error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme2\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme2\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030A659D-410B-4F5F-B511-04D722BB44BA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{03754F17-452F-40DA-9F30-D17F9D523FCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06B67EBB-E2B7-4926-BEAB-9E9FFF426EEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{09317976-D20A-429F-8EF7-FA437BF6CECE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1542E7CB-0899-45DC-9118-0D6A218917CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{257FD803-98E3-499D-B458-22037EE2AF65}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{35C49F7D-6A98-4575-B713-E1D9D1FFB0EF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3F249D69-C1A1-49EC-96AA-D8CF7E32161A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{54FFC2B5-11D3-4A95-B5B4-59954C342D17}" = rport=137 | protocol=17 | dir=out | app=system | 
"{625B1F86-CA57-466C-B684-90E95D4066CF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6CACD5C9-AA2E-44AA-BC3C-54B425EBE4C9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{72354DB2-471A-4F1F-8F71-8CF6FC4415FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77B91F04-8D3B-497F-98B8-B560878F3CF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7DCE56E0-1AC8-4D99-B2F0-760272664C8A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{93CA5423-F597-4631-A99D-F224821D1C7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96ECFDC2-C1B8-4D81-8F71-5516928025C0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A82CF7A0-E391-4C10-AA89-3888E0ED51CA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ABF83973-87CB-428B-BB26-AB89A1E73E39}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AEBF8162-7DE7-4121-B0F0-D2EDB2024A3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B3500120-D640-4ED9-BF0D-32E76E7CB547}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BEE9C603-42BD-4E25-8E04-016B9E350CF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5AE2446-0939-47CC-92F4-0E03625622FC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F85F0CF1-50E5-490C-B456-47935AD07AA4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0359F-AD03-4DC6-B919-573190B58A6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{173C1A67-4B5A-42D0-9DFE-7C8443C7346B}" = dir=in | app=c:\programme2\home cinema\powerdirector\pdr.exe | 
"{1C127D0C-1830-4A47-B7C8-C97ED4194C1A}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{217FDAA1-1D00-41D0-B267-E41BBFE427AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2689889B-F9DA-4362-B2D6-BB1DF0D27844}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{301D55E1-F710-43BC-BFB5-FAEF5CAD4742}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{33C97A31-4D9A-4919-B7E3-4734187E6ED2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41565D94-10BD-4132-9F91-C6A07EF9E7BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49A0AA4D-14DE-4BB6-B91B-B9843EA3142C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6384186A-5554-44F8-B6DF-8E912E9CC2F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{68CE7A8E-F9BB-42A2-9EBD-9054AD73AF8C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{6E1CFCBE-EC08-44C0-9EE3-ADDE2C0193D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{76666B47-88D6-4F69-8F10-4A5139F48AB4}" = dir=in | app=c:\programme2\home cinema\makedisc\makedisc.exe | 
"{7A740734-8FEE-4EE4-9300-EF4CD269F963}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{7B0068AE-2BF3-4CB2-8290-7F780DF61A79}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{82DDC07C-9BD8-420E-B834-970E0CB97DDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{89AA73A7-BF89-48AA-A829-BE0A9064E180}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9C254811-D043-4F38-AB4C-5765198195A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A99CD1E3-5BEB-4ABB-BFFA-DD19B43B23D3}" = protocol=6 | dir=out | app=system | 
"{AEC104F8-D628-4B86-958B-E76F90EDF62F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{C9E4E7E9-17E4-4C32-8ECA-78AE219085DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCD44D1C-00F5-4E44-8EFA-A6B0104E3415}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D8FA1A3F-A36D-4699-B756-8840D94C9165}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0F917C6-30E1-4AF8-A0C9-0E3EB65E4FC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E181C0EA-F939-4385-AEBA-FC6E465DCC85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2B3C887-E279-463E-9152-F698D411C1E3}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E55EC7D8-4144-40AF-9BF8-310EA14448F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E7D4D6FD-6416-42D8-844B-FF7845C8C4A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB9938A6-977C-4CC9-9C5E-292F31CBD15F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{EE46C667-2031-471C-BF17-5F11914B8D3B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{F1C786FB-1670-482B-A448-CF8CF5AECD6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F464BCCC-FC3D-408B-940F-28DDF4B4C79E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F96F2974-9C99-47CD-ADB2-A471F98CCA6E}" = dir=in | app=c:\programme2\home cinema\powerdvd\powerdvd.exe | 
"TCP Query User{ECF4BA0E-7A85-4BBD-99AF-36042BD1C065}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{BAB381E8-E909-4E87-A8AB-3C90279B88D4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E7446C2-CB1F-41CC-88E3-126760717473}" = Nero Kwik Media
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Kwik Themes 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Kwik Themes 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Kwik Themes 4
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Kwik Themes 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0
"Ashampoo Photo Commander Plugin Pack_is1" = Ashampoo Photo Commander Plugin Pack
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.60
"Gekko Mahjongg (Weihnachts-Edition)" = Gekko Mahjongg (Weihnachts-Edition)
"Great Mahjong Special" = Great Mahjong Special
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neptunia Vollversion" = Neptunia Vollversion
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealPlayer 12.0" = RealPlayer
"saver3" = saver3
"sp6" = Logitech SetPoint 6.22
"Startpage24" = Startpage24
"Treiber-Studio 2011" = Treiber-Studio 2011 7.0.3.112 
"VLC media player" = VLC media player 1.1.8
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.7.0
"WinLiveSuite" = Windows Live Essentials
"World Mosaics 2" = World Mosaics 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.03.2013 11:21:21 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14883
 
Error - 18.03.2013 11:22:45 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.03.2013 11:22:45 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 99342
 
Error - 18.03.2013 11:22:45 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 99342
 
Error - 18.03.2013 11:22:46 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.03.2013 11:22:46 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 100387
 
Error - 18.03.2013 11:22:46 | Computer Name = xxxx-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 100387
 
Error - 09.04.2013 05:02:03 | Computer Name = xxxx-Laptop | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Publisher.
 
Error - 09.04.2013 05:03:45 | Computer Name = xxxx-Laptop | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Users\xxxx\Pictures\Downloads\paket2_alle\paket2_alle\IMG_3443_janette_manu.jpg.

 [ACCESS_VIOLATION Exception!! EIP = 0xd77462]   Bitte Avira informieren und die obige
 Datei übersenden!
 
Error - 14.06.2013 11:36:28 | Computer Name = xxxx-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x01a90fef  ID des fehlerhaften
 Prozesses: 0x754  Startzeit der fehlerhaften Anwendung: 0x01ce6910ee04cd52  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 2d831934-d508-11e2-8729-001f160bd76a
 
[ System Events ]
Error - 14.06.2013 11:05:47 | Computer Name = xxxx-Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.06.2013 11:05:47 | Computer Name = xxxx-Laptop | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  ssmdrv  tdx  Wanarpv6  WfpLwf
 
Error - 14.06.2013 11:05:54 | Computer Name = xxxx-Laptop | Source = BugCheck | ID = 1001
Description = 
 
Error - 14.06.2013 11:07:32 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2839894)
 
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2813430)
 
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2839229)
 
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
 9 unter Windows 7 (KB2838727)
 
Error - 14.06.2013 11:12:01 | Computer Name = xxxx-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0816 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2845690)
 
Error - 14.06.2013 13:11:56 | Computer Name = xxxx-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?06.?2013 um 17:39:29 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

--- --- ---

Alt 14.06.2013, 20:20   #2
markusg
/// Malware-holic
 
Anhang einer Phishing Mail geöffnet - Standard

Anhang einer Phishing Mail geöffnet



hi du hast doch schon ein thema, dein Log da rein bitte
__________________

__________________

Alt 14.06.2013, 20:26   #3
Struct
 
Anhang einer Phishing Mail geöffnet - Standard

Anhang einer Phishing Mail geöffnet



Ok dachte man MUSS es hier immer posten, hab es nun im anderen Beitrag gepostet. Bitte den Beitrag hier löschen
__________________

 

Themen zu Anhang einer Phishing Mail geöffnet
adobe, antivir, avira, bho, bonjour, defender, error, explorer, firefox, format, install.exe, logfile, löschen, mozilla, nodrives, nvidia, object, phishing, phishing mail, programme, realtek, registry, required, rundll, safer networking, scan, senden, software, windows, winlogon.exe



Ähnliche Themen: Anhang einer Phishing Mail geöffnet


  1. Phishing-Mail-Anhang geöffnet: checken ob ich etwas habe
    Log-Analyse und Auswertung - 26.08.2015 (3)
  2. Paypal-Phishing Mail: Anhang mit iphone 5 geoeffnet
    Smartphone, Tablet & Handy Security - 10.08.2015 (2)
  3. Paypal-Phishing Mail: Anhang mit iphone 5 geoeffnet
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (5)
  4. DHL Phishing Mail Anhang (PDF) geöffnet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (11)
  5. Anhang einer fake DHL Mail geöffnet. Avira und mailwarebytes finden nichts!
    Plagegeister aller Art und deren Bekämpfung - 22.05.2015 (9)
  6. Anhang Phishing Mail auf iPhone geöffnet
    Smartphone, Tablet & Handy Security - 12.05.2015 (1)
  7. Amazon-Phishing Mail-Anhang .rtf geöffnet
    Log-Analyse und Auswertung - 18.11.2014 (15)
  8. Anhang einer (Ebay-)Spammail geöffnet
    Alles rund um Windows - 14.10.2014 (2)
  9. Anhang einer eindeutig unseriösen Mail runtergeladen und geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 28.08.2014 (3)
  10. Anhang von Phishing-Mail geöffnet - jetzt unauthorisierter Zugriff auf Email-Konto
    Log-Analyse und Auswertung - 17.08.2014 (8)
  11. Anhang einer Pishing Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (1)
  12. E-Mail von Media Center GmbH - Abo 39€ - E-Mail, nicht Anhang geöffnet, Antivirenprogramm meldet sich.
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (5)
  13. Phishing-Mail (Paypal) - Anhang geöffnet !
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (5)
  14. Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus
    Plagegeister aller Art und deren Bekämpfung - 23.01.2014 (5)
  15. PDF Anhang aus Phishing mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 21.11.2013 (11)
  16. Zip-Anhang einer E-Mail dummerweise geöffnet, nicht entpackt , Angst vor Virus/Trojaner o.ä.
    Plagegeister aller Art und deren Bekämpfung - 26.09.2013 (4)
  17. Verdächtiger Anhang einer Mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (2)

Zum Thema Anhang einer Phishing Mail geöffnet - Hallo Ich habe diesen Beitrag: http://www.trojaner-board.de/136558-...ml#post1085331 ... erstellt und man hat mir gesagt, dass ich ein Logfile mit OTL erstellen und posten soll. Ich vermute, dass das hier in diesem - Anhang einer Phishing Mail geöffnet...
Archiv
Du betrachtest: Anhang einer Phishing Mail geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.