Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Brief von Telekom Abuse Team wegen Verdachts auf Hacking

Brief von Telekom Abuse Team wegen Verdachts auf Hacking


Log-Analyse und Auswertung: Brief von Telekom Abuse Team wegen Verdachts auf Hacking

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.06.2013, 09:06   #1
Penicillin
 
Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Standard

Brief von Telekom Abuse Team wegen Verdachts auf Hacking


Hallo,

folgendes zur Situation. Bin Untermieter bei einem älteren Ehepaar und benutze auch den selben Internetanschluss. Die Vermieter haben den im Thema erwähnten Brief bekommen.

Dort stand, dass von dem Anschluss wohl Attacken auf andere Computer ausgeführt wurden ( "Hacking") und evtl auch Passwörter etc. ausgelesen wurden. Leider steht da nichts näheres zu Zeitpunkt etc drinnen.

Kommt mir relativ ungelegen da ich z.Z. sehr sehr viel Stress habe.

Von daher erst mal eine Frage: Könnte ich theoretisch einfach meinen Rechner platt machen und neu aufsetzen, um sicherzugehen , dass die Gefahr zumindest nicht von mir ausgeht und meine Daten etc sicher sind, falls was gefunden wird ? Stelle ich mir schneller vor als Stundenlange Workarounds

Ab und zu hatte ich aber leider eine externe Festplatte sowie das Handy dran, und weiß daher natürlich nicht ob der Virus da evtl übergesprungen ist. Auf der externen Platte befinden sich auch Sicherungen zum Studium, weswegen ich die auch später wieder anschließen müsste.

Aber jetzt zur Systemsituation.

Im WLAN hängen mein Laptop ( Win 7 ), ein MacMini , und die Vermieter haben wohl noch zwei älteren Laptops, die sie wohl auch manchmal benutzen. Besuch haben sie auch häufig von Verwandten, die alle möglichen Geräte mitbringen ( Laptops/Handy/Tablets ) und sich damit ins WLAN einloggen. Auch die letzten Wochen wohl. Über all diese Rechner habe ich auch wenig Handhabe und ehrlich gesagt auch zur Zeit nicht die Lust, geschweige überhaupt Zeit, mich darum zu kümmern. Deswegen hier erst mal alles zu meinem Laptop (win-7 64 bit)


Avast! hat mit der schnellen Systemprüfung was gefunden. Einen Virus namens, HTML:lframe-inf , und diesen in den Container verschoben.
Aufenthaltsort war C:\Users\lui\AppData\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\...
Außerdem konnte es einige Dateien nicht überprüfen ( selber Ordner ).

Eine anschließende komplette Überprüfung hat bis auf die Dateien, auf die Avast nicht zugreifen konnte, nichts mehr ergeben.

Leider finde ich bei Avast nirgends eine Option das Log zu kopieren um es hier einzufügen.


Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.27.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
lui :: LUI-PC [Administrator]

Schutz: Aktiviert

27.06.2013 18:47:50
mbam-log-2013-06-27 (18-47-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 584468
Laufzeit: 2 Stunde(n), 1 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL
Code:
ATTFilter
OTL logfile created on: 28.06.2013 00:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lui\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,48% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 116,20 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
 
Computer Name: LUI-PC | User Name: lui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.27 19:32:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lui\Desktop\OTL.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.04.11 14:12:03 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013.03.12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.04.13 11:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.11 14:12:03 | 004,288,048 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.26 09:49:06 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 15:10:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.13 11:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.27 23:28:39 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.06.27 23:28:39 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.06.27 23:28:39 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 20 56 C0 C8 6C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.netvibes.com"
FF - prefs.js..extensions.enabledAddons: %7Bb749fc7c-e949-447f-926c-3f4eed6accfe%7D:0.7.1.1
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.4
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.backup.ftp: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.01 13:55:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.16 19:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\Extensions
[2013.06.27 23:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions
[2013.01.15 18:44:19 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2013.05.07 21:30:33 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions\foxyproxy@eric.h.jung
[2013.04.05 17:51:18 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\lui\AppData\Roaming\mozilla\Firefox\Profiles\trxgfzh0.default\extensions\ich@maltegoetz.de
[2013.06.27 23:23:43 | 000,316,574 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.04.18 21:37:24 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\info@maltegoetz.de.xpi
[2013.06.16 19:20:45 | 000,375,787 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.06.20 19:22:45 | 000,069,465 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\mediahint@jetpack.xpi
[2013.06.23 07:53:32 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.30 21:27:39 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2013.05.08 20:39:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\lui\AppData\Roaming\mozilla\firefox\profiles\trxgfzh0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.26 09:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.26 09:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.01 13:55:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google-Suche = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\lui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D411ACB2-76F7-4E50-9EF4-D657431B8458}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.27 19:32:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lui\Desktop\OTL.exe
[2013.06.27 18:43:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\lui\Desktop\HiJackThis204.exe
[2013.06.27 18:42:38 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\lui\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.26 09:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.19 10:08:37 | 000,000,000 | ---D | C] -- C:\Users\lui\Desktop\mathe2 13
[2013.06.06 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\lui\AppData\Local\My Games
[2013.06.04 23:49:20 | 000,000,000 | ---D | C] -- C:\Users\lui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 00:32:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.28 00:11:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 23:29:46 | 000,007,603 | ---- | M] () -- C:\Users\lui\AppData\Local\Resmon.ResmonCfg
[2013.06.27 23:28:39 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.27 23:28:39 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.27 23:28:39 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.27 23:28:39 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 23:28:39 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 23:28:39 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.27 20:51:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.27 19:57:23 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 19:57:23 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 19:39:16 | 000,377,856 | ---- | M] () -- C:\Users\lui\Desktop\gmer_2.1.19163.exe
[2013.06.27 19:32:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lui\Desktop\OTL.exe
[2013.06.27 19:29:46 | 000,000,000 | ---- | M] () -- C:\Users\lui\defogger_reenable
[2013.06.27 19:16:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.27 18:44:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 18:43:25 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\lui\Desktop\HiJackThis204.exe
[2013.06.27 18:43:05 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\lui\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.27 15:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.27 15:09:16 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.23 16:20:31 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.23 16:20:31 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.23 16:20:31 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.23 16:20:31 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.23 16:20:31 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.21 18:45:57 | 016,170,387 | ---- | M] () -- C:\Users\lui\Desktop\Daft Punk - Get Lucky (Official Audio) ft. Pharrell Williams (HD).mp4
[2013.06.20 22:00:47 | 002,569,381 | ---- | M] () -- C:\Users\lui\Desktop\4EXTRecoveryUpdater.apk
[2013.06.20 21:55:24 | 000,268,376 | ---- | M] () -- C:\Users\lui\Desktop\winmd5free.zip
[2013.06.20 21:40:18 | 160,111,702 | ---- | M] () -- C:\Users\lui\Desktop\cm-10.1-20130618-UNOFFICIAL-saga.zip
[2013.06.20 21:38:37 | 095,417,279 | ---- | M] () -- C:\Users\lui\Desktop\gapps-jb-20130301-signed.zip
[2013.06.18 15:42:47 | 033,033,759 | ---- | M] () -- C:\Users\lui\Desktop\German Education (SD).mp4
[2013.06.05 10:02:36 | 000,030,531 | ---- | M] () -- C:\Users\lui\Desktop\blatt20.pdf
[2013.06.04 23:49:00 | 000,230,613 | ---- | M] () -- C:\Users\lui\Documents\EVEMon_Settings_4016.xml.bak
[2013.06.02 11:35:32 | 037,693,908 | ---- | M] () -- C:\Users\lui\Desktop\[Electro] - Insan3Lik3 - Bad Pitched (Original Mix) [Monstercat VIP Release] (HD).mp4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.27 23:28:40 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 19:39:11 | 000,377,856 | ---- | C] () -- C:\Users\lui\Desktop\gmer_2.1.19163.exe
[2013.06.27 19:29:46 | 000,000,000 | ---- | C] () -- C:\Users\lui\defogger_reenable
[2013.06.27 18:44:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.27 09:15:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 09:15:59 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.21 18:45:23 | 016,170,387 | ---- | C] () -- C:\Users\lui\Desktop\Daft Punk - Get Lucky (Official Audio) ft. Pharrell Williams (HD).mp4
[2013.06.20 22:00:45 | 002,569,381 | ---- | C] () -- C:\Users\lui\Desktop\4EXTRecoveryUpdater.apk
[2013.06.20 21:55:17 | 000,268,376 | ---- | C] () -- C:\Users\lui\Desktop\winmd5free.zip
[2013.06.20 21:33:36 | 095,417,279 | ---- | C] () -- C:\Users\lui\Desktop\gapps-jb-20130301-signed.zip
[2013.06.20 21:32:19 | 160,111,702 | ---- | C] () -- C:\Users\lui\Desktop\cm-10.1-20130618-UNOFFICIAL-saga.zip
[2013.06.18 15:41:42 | 033,033,759 | ---- | C] () -- C:\Users\lui\Desktop\German Education (SD).mp4
[2013.06.05 10:02:31 | 000,030,531 | ---- | C] () -- C:\Users\lui\Desktop\blatt20.pdf
[2013.06.04 23:50:03 | 000,230,613 | ---- | C] () -- C:\Users\lui\Documents\EVEMon_Settings_4016.xml.bak
[2013.06.02 11:34:16 | 037,693,908 | ---- | C] () -- C:\Users\lui\Desktop\[Electro] - Insan3Lik3 - Bad Pitched (Original Mix) [Monstercat VIP Release] (HD).mp4
[2012.04.05 00:43:01 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.19 13:03:10 | 000,007,603 | ---- | C] () -- C:\Users\lui\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.18 20:06:31 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\.minecraft
[2013.04.08 14:34:24 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\.StarMade
[2013.04.28 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\AnvSoft
[2013.06.02 11:48:54 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Audacity
[2012.12.09 01:42:58 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\EAC
[2013.03.04 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\EveHQ
[2013.06.04 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\EVEMon
[2013.02.13 22:22:29 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\FDRLab
[2012.09.21 12:11:22 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\HTC
[2012.09.21 12:13:04 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2013.04.28 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Imagine
[2012.02.07 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Indicium Technologies
[2012.03.03 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\IrfanView
[2013.04.11 18:48:30 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\LolClient
[2012.01.26 15:48:22 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Miranda
[2012.02.09 10:20:36 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\OpenOffice.org
[2012.12.03 05:43:15 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\Origin
[2013.04.10 00:00:43 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\TS3Client
[2012.05.09 20:07:29 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\ts3overlay
[2013.05.23 00:36:54 | 000,000,000 | ---D | M] -- C:\Users\lui\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 28.06.2013 00:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lui\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,48% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 116,20 Gb Free Space | 38,99% Space Free | Partition Type: NTFS
 
Computer Name: LUI-PC | User Name: lui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067571AE-B73F-4E91-A617-624C7DD9CD56}" = rport=139 | protocol=6 | dir=out | app=system | 
"{19557127-C6E1-4050-900A-9C5AD243CB80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1AD2966D-39B9-4308-9983-56174DC9EF39}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F888D55-802E-4EFD-BD8E-687923074831}" = rport=137 | protocol=17 | dir=out | app=system | 
"{28E28A3E-471E-49BA-B837-9BCB479FCFFB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C3D7347-702F-4FDB-B0B6-7EC246F6D88B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3882FE75-4AA8-4CAC-979B-65D432306020}" = rport=138 | protocol=17 | dir=out | app=system | 
"{42BB55DC-27B3-43F4-A37D-DE83028B90E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{44D97CBC-1865-45A9-8073-0A70F27057E2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{45D530D9-5801-4F43-89F9-5C7E4CF3EF32}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5319C9EA-C69F-4FCD-A185-122B11769788}" = lport=58403 | protocol=17 | dir=in | name=pando media booster | 
"{53C0DB24-2252-42CE-98FF-8A1EBF378412}" = lport=58403 | protocol=17 | dir=in | name=pando media booster | 
"{5888C16E-314B-43F5-924E-3622944C609B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6BFF31A0-5F1D-4C6A-88AE-7106670C7A6D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6E7E79DE-8D3C-4903-B7C4-E846021392C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{72AEC516-0AB8-46CD-88FE-E96EE58FE180}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8ADAF6D4-3AAB-44A7-AC55-5ABB7F450FAB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9415FFDE-A05B-482B-A151-A1E24E64CFB1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{96E81057-881B-4C3C-BA09-F5B58629A5BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3B83A7F-8D82-4578-9258-3C572E567B9A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C5274EBE-D9C0-4258-A851-98CEB6165DA4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C67C6C9C-2CA4-49D6-BA98-3447C4D44EFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9F6029C-DC3A-4233-965B-391B47447786}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6829C65-A4B9-4C4C-B0D6-38E7BAC372AF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D72A516C-CBDE-4517-B4A1-838B32821B8B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2B2A201-5929-479C-BBF2-701F47AF7FC8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FCEB000D-DCEA-4820-9790-9A1EC18F01F6}" = lport=58403 | protocol=6 | dir=in | name=pando media booster | 
"{FEE8ED0F-AEEF-4BA4-AC7B-2274C9D1A5D8}" = lport=58403 | protocol=6 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0591EC3F-CBF6-4F3D-B594-2E87A8963B64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0951295C-E7DD-423B-8D11-7D9E58C14717}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{1BC2536B-DAF1-46C7-9B20-B75DA19A4232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe | 
"{1C870241-C0AD-44B0-AF6F-508D5420A989}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{21A2BE19-DC70-4799-A403-FC82CD25E135}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{2476F010-818D-44A1-BF73-C9713B2FD8BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{24C9608F-BEDF-4E85-B3E7-664AF0972555}" = protocol=6 | dir=out | app=system | 
"{24EE1A2C-308A-4677-BCF2-ADD01F5BC74A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A76F6C4-F99E-414B-A546-45599630E13C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{307F4E33-B3CB-43C3-85A4-6669DF85A5E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{31C93FB9-1C07-486F-BBF7-81B9677B16F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32AB04AA-D573-460B-8B46-07CBFC65F343}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{33D2545A-E442-4453-BC44-D08D1A2A8233}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3A88AD73-615D-4AC8-99B7-5E537ED6B3FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3CBC4F85-93D8-4E78-818A-AB3126B31520}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{47AB54F5-5194-4628-B794-68FFD667DA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe | 
"{4E1A8C51-21ED-4501-BBB0-CCAA8EDEFC72}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{50489535-7504-4BCB-BAAB-25EF4F4F412F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{51E6B994-AF08-481E-BCE2-DCD5FF92EA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{528A127B-6C21-47FB-B807-1B32B52528EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{54FBA04E-0AFB-4760-A7E0-53E3A1680241}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5C869545-DC4E-4340-949D-E52F5BC77DAD}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{5C89FD2F-DD13-46D8-9425-BE0D1A96E76E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{5E973B3F-023A-4098-8AF9-0ABF1CBE6EA0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{659CAFC3-E70C-4916-AAF4-EF1B6A6AA595}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{66F2946B-E88D-4E5C-A607-23A4BDF86EF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{6904A5AF-BF36-4265-9270-FEC1B0E28292}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe | 
"{69E2FE67-E9A7-433F-BA35-F698F3BF56B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6A1EBF73-E863-467A-8CF5-DA501DB23858}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{74438AF5-F558-4383-8B64-CD77CA88732F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7E72B6E2-F6FD-4D5B-AA8B-8F0B136E0E55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8454C1C3-72F6-439B-B04D-C41B528CB6CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E68F39F-E323-4224-9D89-8B6A9D3A601E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe | 
"{9B987F12-5F70-4981-90EE-958D71384BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{A4DF4870-F9B9-4C9E-983A-7C8BE675812E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A760DA8D-82D8-4656-AD5B-47E8383B4AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{ADDAB324-0A68-4FEB-8274-F5319AF8E67B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B772FC00-8588-41DE-88BE-89C07EBB34C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{BE78533F-ADA9-40B3-928E-25252589794F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe | 
"{C21638FC-158A-449B-B3E9-A8F830287D1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CDF2CF74-3512-483C-9692-4C3010961A6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D69912B8-26EB-4C9A-BB7B-24923A8E87D0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{D6C5B878-713C-43AE-8FA7-29781F526054}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DFA8FEB4-9D2B-4059-B812-FB1AD75E1AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | 
"{E2ACE61D-EE44-4CC2-9627-4039C42F0685}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E3547413-D807-495D-8533-E96D093287C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E952D60D-5864-439F-8402-9CB41B951D4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EEF1AA87-BBBB-4525-A43F-0C0965191E28}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F077C1A7-042F-4E82-9937-AB37C27E42DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{F308E984-140C-4F23-BC32-8475C248D9A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\flyn demo\source\flyn.exe | 
"{F682F84C-01DF-4FF8-B3CA-6BEF83608F2A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F7B10B3E-4A2E-47BA-ABAB-BFE2536AF515}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FB3863EF-FCF5-4ACD-84F5-AD3210CB5990}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm | 
"{FB9307F5-366C-4756-892F-EC910AD537B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{0E35F312-CD81-4CA4-A523-788537D88DE4}C:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe | 
"TCP Query User{14E1DBF6-BFCD-406C-A7DC-28CF648F1019}C:\program files (x86)\ccp\eve - kopie\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve - kopie\bin\exefile.exe | 
"TCP Query User{506E5605-B1C0-4E41-A34F-71177C93CDC6}C:\program files (x86)\ccp\singularity\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\singularity\bin\exefile.exe | 
"TCP Query User{50C5EAB5-72E9-449D-9E75-4768EF367595}C:\program files (x86)\mass effect 2\binaries\eacoreserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\eacoreserver.exe | 
"TCP Query User{5B0A90BB-7A9E-434F-81B5-88074010E6DA}C:\program files (x86)\fdrlab\anytv\anytv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fdrlab\anytv\anytv.exe | 
"TCP Query User{77645CDA-AFDB-4D58-952E-D229611A04AB}C:\games\mass effect 2\binaries\eacoreserver.exe" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\eacoreserver.exe | 
"TCP Query User{9FA417B0-6774-4706-8D36-4586B8FC4D3C}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{A4867638-0814-46CA-9E85-9A18670E8E62}C:\program files (x86)\ccp\buckungham\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\buckungham\bin\exefile.exe | 
"TCP Query User{AD38140B-CBDE-4F73-BB19-823CB8B8ED2A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{BF9D7C9F-CD57-4099-9E28-BF2F3BD1F13D}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{C36E46AB-2F69-41E0-9D60-5A56D7711AA7}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"TCP Query User{E4AB6C2D-55A1-4D9A-BEA1-6F56EB2FA527}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{EB3ED7CB-11B6-41D8-934C-FDB460215ABC}C:\program files (x86)\ccp\duality\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\duality\bin\exefile.exe | 
"UDP Query User{1A4CBB15-1E8A-485E-BEA0-7BA129C01188}C:\program files (x86)\mass effect 2\binaries\eacoreserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\eacoreserver.exe | 
"UDP Query User{374F58F0-F5BA-4AC9-86F1-DF31677763D3}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{3AFF78E1-A79B-46AA-B4CE-9200E644747C}C:\program files (x86)\fdrlab\anytv\anytv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fdrlab\anytv\anytv.exe | 
"UDP Query User{7E7E8977-1339-411D-81A7-21B8929BD955}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A8A72941-2BA6-4A27-B53B-A8BFEE0D6520}C:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\lui\desktop\neverwinter_nw.1.20130416a.6.exe | 
"UDP Query User{BC79B44C-DB40-46F5-915D-FA15C929561C}C:\program files (x86)\ccp\buckungham\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\buckungham\bin\exefile.exe | 
"UDP Query User{BCDCAE7E-971D-468D-A674-1B359984A0C5}C:\program files (x86)\ccp\singularity\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\singularity\bin\exefile.exe | 
"UDP Query User{D2D58A1D-02EB-42A3-B0FB-D14EF7000217}C:\games\mass effect 2\binaries\eacoreserver.exe" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\eacoreserver.exe | 
"UDP Query User{D713794A-A065-4175-AD0E-BBB6A9C7699C}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{E0EC86C6-90BE-43E0-A490-FA46C0355B62}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"UDP Query User{E1D08A0A-10C2-4A94-9A32-5646C1136631}C:\program files (x86)\ccp\eve - kopie\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve - kopie\bin\exefile.exe | 
"UDP Query User{EFC93121-A2A7-4C3B-8B99-BD482E132331}C:\program files (x86)\ccp\duality\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\duality\bin\exefile.exe | 
"UDP Query User{FB685353-5885-465C-A481-A5F938B19EAF}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0613D880-939E-4C9D-AD7C-A10DF7D7D5E9}" = EveHQ
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C71F947D-C500-4C00-AF0A-8B397A3F9DE5}" = HTC Sync
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{EDF6CEF3-8415-4868-8B1F-8D9E5FF8FC23}" = Microsoft Expression Design 4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Audio Converter_is1" = Any Audio Converter 4.0.1
"AnyTV Free_is1" = AnyTV Free 2.63
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"BOSS" = BOSS
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Design_8.0.31217.1" = Microsoft Expression Design 4
"EA Installer.1760404899" = EA Installer
"EA Installer.-2099549384" = EA Installer
"EVEMon" = EVEMon
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Maxima-5.25.1_is1" = Maxima 5.25.1
"Miranda IM" = Miranda IM 0.9.42
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0
"Neverwinter" = Neverwinter
"Origin" = Origin
"SpeedFan" = SpeedFan (remove only)
"Steam App 17410" = Mirror's Edge
"Steam App 202480" = Creation Kit
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"UltraISO_is1" = UltraISO Premium V9.53
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
"Imagine" = Imagine
"Network Addon Mod" = Network Addon Mod 31.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 07:30:25 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00032f02  ID des fehlerhaften
 Prozesses: 0x13fc  Startzeit der fehlerhaften Anwendung: 0x01ce521e0352a09c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 004edda8-be1c-11e2-8f0a-00197ef16f14
 
Error - 16.05.2013 07:30:36 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004ff4b  ID des fehlerhaften
 Prozesses: 0x13fc  Startzeit der fehlerhaften Anwendung: 0x01ce521e0352a09c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 06649277-be1c-11e2-8f0a-00197ef16f14
 
Error - 16.05.2013 10:16:36 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002aafac  ID des fehlerhaften
 Prozesses: 0xe88  Startzeit der fehlerhaften Anwendung: 0x01ce523fb9ff0526  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Berichtskennung:
 3728626a-be33-11e2-8f0a-00197ef16f14
 
Error - 16.05.2013 11:34:01 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00060bf0  ID des fehlerhaften
 Prozesses: 0x107c  Startzeit der fehlerhaften Anwendung: 0x01ce523fff529e04  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Berichtskennung:
 07f92bea-be3e-11e2-8f0a-00197ef16f14
 
Error - 25.05.2013 13:07:07 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0x89c  Startzeit der fehlerhaften Anwendung: 0x01ce595c1a1fea30  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 8713a1ef-c55d-11e2-89f0-00197ef16f14
 
Error - 31.05.2013 07:13:42 | Computer Name = lui-PC | Source = Application Hang | ID = 1002
Description = Programm Morrowind.exe, Version 1.6.0.1820 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e1c    Startzeit: 
01ce5ded39332c51    Endzeit: 7    Anwendungspfad: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe

Berichts-ID:
   
 
Error - 31.05.2013 10:18:53 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033c5c  ID des fehlerhaften
 Prozesses: 0xc90  Startzeit der fehlerhaften Anwendung: 0x01ce5df74163e7e9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 050c1e02-c9fd-11e2-8fea-00197ef16f14
 
Error - 08.06.2013 13:00:00 | Computer Name = lui-PC | Source = BugSplat | ID = 1
Description = 
 
Error - 10.06.2013 06:38:11 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x2454892c  ID des fehlerhaften
 Prozesses: 0xf1c  Startzeit der fehlerhaften Anwendung: 0x01ce65c6534a3c34  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d84d44d7-d1b9-11e2-8615-00197ef16f14
 
Error - 23.06.2013 07:48:17 | Computer Name = lui-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Name des fehlerhaften Moduls: Morrowind.exe, Version: 1.6.0.1820,
 Zeitstempel: 0x72456542  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002aafc9  ID des fehlerhaften
 Prozesses: 0xadc  Startzeit der fehlerhaften Anwendung: 0x01ce70071a46b64a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind.exe
Berichtskennung:
 cb083798-dbfa-11e2-9680-00197ef16f14
 
[ System Events ]
Error - 31.05.2013 04:06:15 | Computer Name = lui-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31.05.2013 06:16:36 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?05.?2013 um 12:15:10 unerwartet heruntergefahren.
 
Error - 02.06.2013 03:54:29 | Computer Name = lui-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.06.2013 07:19:13 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?06.?2013 um 12:49:32 unerwartet heruntergefahren.
 
Error - 06.06.2013 09:23:34 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2013 um 15:21:37 unerwartet heruntergefahren.
 
Error - 07.06.2013 11:54:52 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?06.?2013 um 16:59:42 unerwartet heruntergefahren.
 
Error - 10.06.2013 02:46:03 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?06.?2013 um 00:06:03 unerwartet heruntergefahren.
 
Error - 25.06.2013 14:43:07 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?06.?2013 um 16:22:43 unerwartet heruntergefahren.
 
Error - 26.06.2013 06:45:54 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?06.?2013 um 12:02:42 unerwartet heruntergefahren.
 
Error - 27.06.2013 09:09:21 | Computer Name = lui-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?06.?2013 um 15:06:53 unerwartet heruntergefahren.
 
 
< End of report >


Ich hätte auch noch einen Log von Gmer, aber der Post wäre zu lang und Anhänge soll ich ja erst posten wenn vom Helfer gefordert. Steht aber wie gesagt auf Abruf bereit.

Schon mal Danke und freundliche Grüße
Penicillin

 

Themen zu Brief von Telekom Abuse Team wegen Verdachts auf Hacking
7-zip, adblock, antivirus, bho, brief, computer, converter, education, error, festplatte, firefox, flash player, frage, helper, hijack, hijackthis, hängen, install.exe, logfile, mozilla, mp3, nexus, ntdll.dll, plug-in, registry, rundll, s3.amazonaws.com, scan, security, software, svchost.exe, teamspeak, virus, windows


« Tdss Killer Log | Interpolvirus auf Windows 7. Abgesicherte Modus fährt immer sofort herunter. »


Ähnliche Themen: Brief von Telekom Abuse Team wegen Verdachts auf Hacking


  1. Windows 7: Telekom Abuse-Team Mail wegen Zeus/ZBot
    Log-Analyse und Auswertung - 07.10.2015 (12)
  2. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  3. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  4. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  5. Telekom Abuse Team - generic Trojaner/Virus
    Log-Analyse und Auswertung - 03.06.2015 (37)
  6. Deutsche Telekom Abuse-Team - Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (19)
  7. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  8. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  9. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  10. Telekom Abuse Team E-Mail - generic Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (9)
  11. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  12. Telekom Abuse Team Sicherheitswarnung: Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  13. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  14. Brief von Telekom Abuse Team erhalten- Spamversand.
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (18)
  15. Email von Telekom-Abuse-Team | Log-File anbei
    Log-Analyse und Auswertung - 14.02.2013 (11)
  16. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  17. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Brief von Telekom Abuse Team wegen Verdachts auf Hacking - Hallo, folgendes zur Situation. Bin Untermieter bei einem älteren Ehepaar und benutze auch den selben Internetanschluss. Die Vermieter haben den im Thema erwähnten Brief bekommen. Dort stand, dass von dem - Brief von Telekom Abuse Team wegen Verdachts auf Hacking...
Archiv
Du betrachtest: Brief von Telekom Abuse Team wegen Verdachts auf Hacking auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131