Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Crypt.EPACK.Gen2 in Samsung Recovery Solution (https://www.trojaner-board.de/142951-tr-crypt-epack-gen2-samsung-recovery-solution.html)

chaxiraxi 13.10.2013 06:07
TR/Crypt.EPACK.Gen2 in Samsung Recovery Solution
 
Hallo, Avira hat gestern folgendes gefunden:

In der Datei 'C:\Program Files\Samsung\Samsung Recovery Solution 4\SystemSoftware\SoftwareMedia52.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Der Scan mit Malwarebytes ergab:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.12.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
LUE :: LUE-PC [Administrator]

Schutz: Aktiviert

12.10.2013 13:02:53
mbam-log-2013-10-12 (13-02-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 323696
Laufzeit: 2 Stunde(n), 12 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\LUE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYA7GYXZ\bi_downloader[1].exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\LUE\AppData\Local\Temp\sVyh1EVI.exe.part (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\LUE\AppData\Local\Temp\nsn7C0.tmp (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\LUE\AppData\Local\Temp\nsuF7C9.tmp (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\LUE\AppData\Local\Temp\F6099B53-BAB0-7891-A946-02F7D25F0158\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\LUE\AppData\Local\Temp\F6099B53-BAB0-7891-A946-02F7D25F0158\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\LUE\Downloads\SoftonicDownloader_fuer_stickies.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\LUE\AppData\Roaming\fk1xxx.e2ts (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


OTL:

OTL logfile created on: 10/12/2013 5:19:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LUE\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.78% Memory free
4.97 Gb Paging File | 3.69 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): C:\pagefile.sys 3055 3055 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 17.15 Gb Free Space | 20.17% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 117.89 Gb Free Space | 92.26% Space Free | Partition Type: NTFS

Computer Name: LUE-PC | User Name: LUE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LUE\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (cpuz134) -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_43: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/27 18:33:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/09 11:13:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/10 22:18:35 | 000,000,000 | ---D | M]

[2010/12/03 14:32:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUE\AppData\Roaming\mozilla\Extensions
[2012/10/12 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUE\AppData\Roaming\mozilla\Firefox\Profiles\ad35n5hz.default\extensions
[2012/10/12 10:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUE\AppData\Roaming\mozilla\Firefox\Profiles\ad35n5hz.default\extensions\firefox@ghostery.com
[2013/10/10 17:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUE\AppData\Roaming\mozilla\Firefox\Profiles\on15kybo.default-1350029094641\extensions
[2013/04/28 07:01:21 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\LUE\AppData\Roaming\mozilla\firefox\profiles\on15kybo.default-1350029094641\extensions\personas@christopher.beard.xpi
[2013/10/10 17:08:20 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\LUE\AppData\Roaming\mozilla\firefox\profiles\on15kybo.default-1350029094641\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/19 13:17:52 | 000,001,632 | ---- | M] () -- C:\Users\LUE\AppData\Roaming\mozilla\firefox\profiles\on15kybo.default-1350029094641\searchplugins\firefox-add-ons.xml
[2013/05/23 10:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2013/10/05 06:53:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/13 09:27:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C3C07B1-C9CF-4EA2-8AD1-9D3C3FD74EB6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/12 12:57:31 | 000,000,000 | ---D | C] -- C:\Users\LUE\AppData\Roaming\Malwarebytes
[2013/10/12 12:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/12 12:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/12 12:56:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/10/12 12:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/08 20:07:43 | 000,000,000 | ---D | C] -- C:\Users\LUE\Documents\hochsensi
[2013/10/08 18:23:03 | 000,000,000 | ---D | C] -- C:\Users\LUE\AppData\Local\{9F0D2D8A-C40D-42B0-81D4-493492213AAB}
[2013/10/04 08:06:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/10/04 08:06:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/10/04 08:06:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/10/04 08:06:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/10/04 08:06:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/10/04 08:06:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/10/04 08:06:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/10/04 08:05:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/10/02 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\LUE\AppData\Local\{B5265D58-E43E-4172-9EB4-A5B55BA11D79}
[2013/09/22 12:23:09 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ataport.sys
[2013/09/22 12:23:02 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/09/22 12:21:10 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2013/09/22 12:21:10 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2013/09/22 12:21:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/22 12:21:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/22 12:21:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/22 12:21:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/22 12:21:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/22 12:21:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/22 12:21:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/22 12:21:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/22 12:21:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/22 12:21:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/22 12:21:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/22 12:21:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/22 12:21:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/22 12:21:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/22 12:21:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/22 12:21:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/22 12:21:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/22 12:21:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/22 12:21:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/22 12:21:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\LUE\Desktop\*.tmp files -> C:\Users\LUE\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/12 17:07:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/12 15:31:45 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 15:31:45 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 15:22:39 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/12 12:57:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/30 21:33:03 | 000,694,404 | ---- | M] () -- C:\Users\LUE\Desktop\*****.pdf
[2013/09/30 21:25:37 | 012,202,000 | ---- | M] () -- C:\Users\LUE\Desktop\*****.pdf
[2013/09/27 22:28:40 | 258,077,113 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/09/24 09:05:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/09/24 09:05:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/09/23 08:57:36 | 000,438,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/09/22 12:57:09 | 000,654,852 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/09/22 12:57:09 | 000,616,694 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/09/22 12:57:09 | 000,130,434 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/09/22 12:57:09 | 000,106,816 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/09/20 13:25:33 | 000,333,495 | ---- | M] () -- C:\Users\LUE\Desktop\DV_2015_Instructions.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\LUE\Desktop\*.tmp files -> C:\Users\LUE\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/12 12:57:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/30 21:33:02 | 000,694,404 | ---- | C] () -- C:\Users\LUE\Desktop\****.pdf
[2013/09/30 21:23:57 | 012,202,000 | ---- | C] () -- C:\Users\LUE\Desktop\****.pdf
[2013/09/20 13:25:32 | 000,333,495 | ---- | C] () -- C:\Users\LUE\Desktop\DV_2015_Instructions.pdf
[2013/07/19 16:24:07 | 000,002,895 | ---- | C] () -- C:\Users\LUE\photorec.cfg
[2013/04/22 12:36:02 | 000,010,752 | ---- | C] () -- C:\Users\LUE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/01 18:12:22 | 000,001,366 | ---- | C] () -- C:\Users\LUE\AppData\Local\recently-used.xbel
[2011/01/19 21:17:34 | 000,007,605 | ---- | C] () -- C:\Users\LUE\AppData\Local\Resmon.ResmonCfg
[2010/12/03 16:04:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/03 14:00:09 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/18 10:28:40 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\Dropbox
[2013/05/28 20:19:10 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\DVDVideoSoft
[2012/11/02 00:01:30 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\FreePDF
[2011/04/03 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\funkitron
[2010/12/09 21:16:41 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\OpenOffice.org
[2013/09/14 00:26:17 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\SoftGrid Client
[2011/11/20 18:30:46 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\stickies
[2010/12/03 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\TP
[2011/02/28 18:06:28 | 000,000,000 | ---D | M] -- C:\Users\LUE\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/27 21:06:32 | 098,286,374 | ---- | M] ()(C:\windows\System32\???e) -- C:\windows\System32\憐鑻᭔e
[2013/09/27 21:06:32 | 098,286,374 | ---- | C] ()(C:\windows\System32\???e) -- C:\windows\System32\憐鑻᭔e

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E7BA7168
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:268F887D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:5C270C64
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:6FB93194
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8530A643
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2430E4FC

< End of report >


OTL Extras logfile created on: 10/12/2013 5:19:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LUE\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.99 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.78% Memory free
4.97 Gb Paging File | 3.69 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): C:\pagefile.sys 3055 3055 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 17.15 Gb Free Space | 20.17% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 117.89 Gb Free Space | 92.26% Space Free | Partition Type: NTFS

Computer Name: LUE-PC | User Name: LUE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{791D1357-4097-4BEB-9BC2-84671844DAA8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E8EBF03-8B3B-4EE7-9109-F11EA6F04ED4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8DBBDA1B-21A6-46D4-9A03-5A3065C37BDB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9865CFDA-B1C0-4F6F-B82B-BEB8F60CC937}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{366763A0-6F81-46A0-94C8-87798C4FF6DC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{5FA3525C-1300-4A58-930B-9F04F2397AB7}" = protocol=6 | dir=in | app=c:\users\lue\appdata\roaming\dropbox\bin\dropbox.exe |
"{6E2005B5-355C-4521-862C-7A2C623B3194}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6FB92B0A-5D50-430F-BAC6-A0E25A485105}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7215D78F-E7F0-46D0-928F-A095A695BB59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EDBF5B8-514D-49DE-9535-F9C3401B6D4E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AAC0D557-7E9C-4EF2-BF78-666D4D0B18F7}" = protocol=6 | dir=in | app=c:\users\lue\appdata\roaming\dropbox\bin\dropbox.exe |
"{D899C6C6-65EF-4371-A754-95ACE5181D57}" = protocol=17 | dir=in | app=c:\users\lue\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB33A9CE-DF89-4B9E-AEC4-789729A1A3CA}" = protocol=17 | dir=in | app=c:\users\lue\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{064C5CE4-9EEE-4E07-A521-50F64E4E31C7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{445C7239-D4E2-4A18-B849-D0009F3B6D05}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{47DF5848-2635-4A5A-9614-68A2459DB26A}C:\program files\morun.net\stickerlite\sticker.exe" = protocol=6 | dir=in | app=c:\program files\morun.net\stickerlite\sticker.exe |
"UDP Query User{0BD8C4C2-5A95-4F96-A9C2-D29D366CD19F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{0C508981-999C-4046-90A9-3B28EEAD23FC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8ECFAA7C-869C-427E-847A-041A53508745}C:\program files\morun.net\stickerlite\sticker.exe" = protocol=17 | dir=in | app=c:\program files\morun.net\stickerlite\sticker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{749BDD29-D756-4B9B-8022-3E666A24C13F}" = Samsung Support Center
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{561EE86E-387F-4D24-AFF9-92E9EDAA9483}" =
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"DivX Setup" = DivX-Setup
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.419
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"PROPLUS" = Microsoft Office Professional Plus 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2012 8:46:37 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 7/18/2012 8:47:18 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/18/2012 8:47:20 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/18/2012 8:48:21 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/18/2012 9:06:44 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 7/18/2012 9:07:05 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/18/2012 9:07:06 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/18/2012 9:07:45 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/18/2012 9:08:27 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 7/18/2012 9:08:37 AM | Computer Name = LUE-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

[ System Events ]
Error - 10/11/2013 12:16:48 AM | Computer Name = LUE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 10/11/2013 12:16:48 AM | Computer Name = LUE-PC | Source = DCOM | ID = 10005
Description =

Error - 10/11/2013 4:40:01 AM | Computer Name = LUE-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 10/11/2013 4:12:10 PM | Computer Name = LUE-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.

Error - 10/12/2013 1:10:33 AM | Computer Name = LUE-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 10/12/2013 1:11:03 AM | Computer Name = LUE-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.

Error - 10/12/2013 1:11:07 AM | Computer Name = LUE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053

Error - 10/12/2013 1:11:07 AM | Computer Name = LUE-PC | Source = DCOM | ID = 10005
Description =

Error - 10/12/2013 9:21:07 AM | Computer Name = LUE-PC | Source = DCOM | ID = 10010
Description =

Error - 10/12/2013 9:24:21 AM | Computer Name = LUE-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom


< End of report >

Was muss ich tun? Ist es eventuell ein Fehlalarm? Danke schön schonmal.

schrauber 13.10.2013 06:47
hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


chaxiraxi 13.10.2013 08:58
Hier ist es...


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by LUE (administrator) on LUE-PC on 13-10-2013 09:46:34
Running from C:\Users\LUE\Downloads
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SFB\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [1891720 2010-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [APLangApp] - C:\Program Files\AnyPC Client\APLangApp.exe [13312 2009-11-20] (DoctorSoft)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\LUE\AppData\Roaming\Mozilla\Firefox\Profiles\on15kybo.default-1350029094641
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_43 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\LUE\AppData\Roaming\Mozilla\Firefox\Profiles\on15kybo.default-1350029094641\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: personas - C:\Users\LUE\AppData\Roaming\Mozilla\Firefox\Profiles\on15kybo.default-1350029094641\Extensions\personas@christopher.beard.xpi
FF Extension: No Name - C:\Users\LUE\AppData\Roaming\Mozilla\Firefox\Profiles\on15kybo.default-1350029094641\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [286248 2010-03-06] (Broadcom Corporation.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 cpuz134; C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109056 2010-04-01] (ELAN Microelectronics Corp.)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-07-20] (Windows (R) 2003 DDK 3790 provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-13 09:46 - 2013-10-13 09:46 - 00000000 ____D C:\FRST
2013-10-13 09:44 - 2013-10-13 09:44 - 01087213 _____ (Farbar) C:\Users\LUE\Downloads\FRST.exe
2013-10-12 17:52 - 2013-10-12 17:52 - 00055446 _____ C:\Users\LUE\Desktop\OTL.Txt
2013-10-12 17:52 - 2013-10-12 17:52 - 00050554 _____ C:\Users\LUE\Desktop\Extras.Txt
2013-10-12 17:43 - 2013-10-12 17:43 - 00050554 _____ C:\Users\LUE\Downloads\Extras.Txt
2013-10-12 17:39 - 2013-10-12 17:39 - 00055446 _____ C:\Users\LUE\Downloads\OTL.Txt
2013-10-12 17:15 - 2013-10-12 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\LUE\Downloads\OTL.exe
2013-10-12 12:57 - 2013-10-12 12:57 - 00000000 ____D C:\Users\LUE\AppData\Roaming\Malwarebytes
2013-10-12 12:56 - 2013-10-12 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 12:55 - 2013-10-12 12:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\LUE\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-08 20:07 - 2013-10-08 20:07 - 00000000 ____D C:\Users\LUE\Documents\hochsensi
2013-10-08 18:23 - 2013-10-08 18:23 - 00000000 ____D C:\Users\LUE\AppData\Local\{9F0D2D8A-C40D-42B0-81D4-493492213AAB}
2013-10-08 18:07 - 2013-10-08 18:07 - 00606352 _____ C:\Users\LUE\Downloads\Passbild-36aGenerator.exe
2013-10-04 08:06 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-04 08:06 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-04 08:06 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-10-04 08:06 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-04 08:06 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-04 08:06 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-10-04 08:06 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-10-04 08:06 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-04 08:06 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-04 08:06 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-04 08:06 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-10-04 08:06 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-04 08:05 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-04 08:05 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-04 08:05 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-04 08:05 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-10-02 17:15 - 2013-10-02 17:15 - 00000000 ____D C:\Users\LUE\AppData\Local\{B5265D58-E43E-4172-9EB4-A5B55BA11D79}
2013-09-27 22:28 - 2013-09-27 22:29 - 00183264 _____ C:\windows\Minidump\092713-21684-01.dmp
2013-09-27 21:06 - 2013-09-27 21:06 - 98286374 _____ C:\windows\system32\憐鑻᭔e
2013-09-22 12:23 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-22 12:23 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-22 12:23 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-22 12:23 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-22 12:21 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-22 12:21 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-22 12:21 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-22 12:21 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-22 12:21 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified Files and Folders =======

2013-10-13 09:46 - 2013-10-13 09:46 - 00000000 ____D C:\FRST
2013-10-13 09:44 - 2013-10-13 09:44 - 01087213 _____ (Farbar) C:\Users\LUE\Downloads\FRST.exe
2013-10-13 09:43 - 2010-04-28 07:31 - 01163424 _____ C:\windows\WindowsUpdate.log
2013-10-13 06:02 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-13 06:02 - 2009-07-14 06:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-13 05:53 - 2009-07-14 06:53 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-13 05:53 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-13 05:53 - 2009-07-14 06:39 - 00177505 _____ C:\windows\setupact.log
2013-10-12 17:52 - 2013-10-12 17:52 - 00055446 _____ C:\Users\LUE\Desktop\OTL.Txt
2013-10-12 17:52 - 2013-10-12 17:52 - 00050554 _____ C:\Users\LUE\Desktop\Extras.Txt
2013-10-12 17:43 - 2013-10-12 17:43 - 00050554 _____ C:\Users\LUE\Downloads\Extras.Txt
2013-10-12 17:39 - 2013-10-12 17:39 - 00055446 _____ C:\Users\LUE\Downloads\OTL.Txt
2013-10-12 17:15 - 2013-10-12 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\LUE\Downloads\OTL.exe
2013-10-12 15:22 - 2010-04-28 08:20 - 00382148 _____ C:\windows\PFRO.log
2013-10-12 15:20 - 2009-07-14 06:52 - 00000000 ____D C:\windows\Performance
2013-10-12 12:57 - 2013-10-12 12:57 - 00000000 ____D C:\Users\LUE\AppData\Roaming\Malwarebytes
2013-10-12 12:56 - 2013-10-12 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-12 12:55 - 2013-10-12 12:55 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\LUE\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-12 08:22 - 2013-06-18 11:13 - 00000000 ____D C:\Users\LUE\AppData\Roaming\vlc
2013-10-10 13:40 - 2012-07-10 21:11 - 00000000 ____D C:\Users\LUE\Documents\BA
2013-10-10 12:39 - 2012-04-04 12:20 - 00000000 ____D C:\Users\LUE\Documents\CareerService
2013-10-10 12:38 - 2013-05-01 12:22 - 00000000 ____D C:\Users\LUE\Documents\STATA
2013-10-08 20:07 - 2013-10-08 20:07 - 00000000 ____D C:\Users\LUE\Documents\hochsensi
2013-10-08 18:30 - 2012-11-01 23:46 - 00000000 ____D C:\Users\LUE\Documents\DiversityLottery
2013-10-08 18:23 - 2013-10-08 18:23 - 00000000 ____D C:\Users\LUE\AppData\Local\{9F0D2D8A-C40D-42B0-81D4-493492213AAB}
2013-10-08 18:22 - 2012-07-08 06:03 - 00000000 ____D C:\Users\LUE\Documents\Tripti
2013-10-08 18:09 - 2012-10-28 20:17 - 00000000 ____D C:\Users\LUE\AppData\Local\Passbild_Generator
2013-10-08 18:07 - 2013-10-08 18:07 - 00606352 _____ C:\Users\LUE\Downloads\Passbild-36aGenerator.exe
2013-10-05 06:54 - 2010-12-03 14:32 - 00000000 ____D C:\Users\LUE\AppData\Local\Mozilla
2013-10-05 06:53 - 2013-04-13 09:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-04 12:21 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-04 07:13 - 2011-05-07 12:14 - 00000000 ____D C:\Users\LUE\AppData\Local\FreePDF_XP
2013-10-03 20:26 - 2010-12-03 15:09 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-10-02 17:15 - 2013-10-02 17:15 - 00000000 ____D C:\Users\LUE\AppData\Local\{B5265D58-E43E-4172-9EB4-A5B55BA11D79}
2013-09-30 18:44 - 2013-07-20 14:49 - 00000000 ____D C:\Users\LUE\STAta
2013-09-30 18:37 - 2009-07-14 06:52 - 00000000 ____D C:\windows\system32\FxsTmp
2013-09-27 22:29 - 2013-09-27 22:28 - 00183264 _____ C:\windows\Minidump\092713-21684-01.dmp
2013-09-27 22:28 - 2012-01-20 18:18 - 258077113 _____ C:\windows\MEMORY.DMP
2013-09-27 22:28 - 2011-11-26 20:08 - 00000000 ____D C:\windows\Minidump
2013-09-27 21:06 - 2013-09-27 21:06 - 98286374 _____ C:\windows\system32\憐鑻᭔e
2013-09-24 14:05 - 2013-03-06 13:53 - 00000000 ____D C:\Users\LUE\Documents\****
2013-09-24 13:50 - 2011-04-18 20:32 - 00000000 ____D C:\Users\LUE\Documents\****
2013-09-24 12:29 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-24 09:05 - 2013-05-19 02:15 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-09-24 09:05 - 2013-05-19 02:15 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 08:57 - 2009-07-14 06:33 - 00438168 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-22 22:43 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-09-22 12:57 - 2010-12-03 14:18 - 00000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2013-09-22 12:57 - 2009-07-26 22:06 - 01527912 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-22 12:56 - 2011-02-24 19:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-15 21:20 - 2011-04-18 20:23 - 00000000 ____D C:\Users\LUE\Documents\StatistikPsycho
2013-09-15 11:33 - 2010-12-03 16:03 - 00000000 ____D C:\Users\LUE\AppData\Roaming\Skype
2013-09-14 00:26 - 2010-12-03 14:20 - 00000000 ____D C:\Users\LUE\AppData\Roaming\SoftGrid Client
2013-09-13 20:32 - 2010-12-03 14:04 - 00115088 _____ C:\Users\LUE\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-13 19:03 - 2013-08-04 11:59 - 00000000 ____D C:\Users\LUE\Desktop\floral elements

Some content of TEMP:
====================
C:\Users\LUE\AppData\Local\Temp\AskSLib.dll
C:\Users\LUE\AppData\Local\Temp\bitool.dll
C:\Users\LUE\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\LUE\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\LUE\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\LUE\AppData\Local\Temp\SkypeSetup.exe
C:\Users\LUE\AppData\Local\Temp\Tsu-0E9C.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 14:03

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by LUE at 2013-10-13 09:48:23
Running from C:\Users\LUE\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20
AC3Filter 2.5b (Version: 2.5b)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05)
AnyPC Client (Version: 1.0.0.25)
Atheros Client Installation Program (Version: 1.0.2.1119)
Avira Free Antivirus (Version: 13.0.0.4052)
BatteryLifeExtender (Version: 1.0.1)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
Cake Mania
ChargeableUSB (Version: 1.0.0.0)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6)
D3DX10 (Version: 15.4.2368.0902)
DivX-Setup (Version: 2.6.1.5)
Dropbox (HKCU Version: 1.6.18)
Easy Content Share (Version: 1.0.0.13)
Easy Display Manager (Version: 3.1)
Easy Network Manager (Version: 4.3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 2.1.0.10)
EasyBatteryManager (Version: 4.0.0.4)
EasyFileShare (Version: 1.0.2)
ETDWare PS/2-x86 7.0.7.0_WHQL (Version: 7.0.7.0)
Fast Booting SW (Version: 1.5.0.0)
Free Audio CD to MP3 Converter version 1.3.12.1228 (Version: 1.3.12.1228)
Free YouTube Download version 3.2.2.430 (Version: 3.2.2.430)
Free YouTube to MP3 Converter version 3.12.2.419 (Version: 3.12.2.419)
FreePDF (Remove only)
GPL Ghostscript (Version: 9.02)
Intel(R) Graphics Media Accelerator Driver (Version: 8.14.10.2108)
Intel® Matrix Storage Manager
Junk Mail filter update (Version: 15.4.3502.0922)
Marvell Miniport Driver (Version: 11.22.3.3)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 6-9 Converter (Version: 9.7.0000)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
PC Wizard 2010.1.96
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
REALTEK PCIE Wireless LAN Software (Version: 0136.10.0325)
RedMon - Redirection Port Monitor
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.1.3)
Skype™ 6.6 (Version: 6.6.106)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
User Guide (Version: 1.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.8 (Version: 2.0.8)
WIDCOMM Bluetooth Software (Version: 6.3.0.4500)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

==================== Restore Points  =========================

04-10-2013 06:05:03 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {061F9612-9EFD-42FA-BF8B-502B6FE1FA92} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SFB\SmartRestarter.exe [2010-04-29] (Samsung Electronics Co., Ltd.)
Task: {0F355E06-1ECD-46BD-AD8D-44642B3F60FB} - System32\Tasks\{A29C2877-BD93-4889-A488-AF541616196C} => C:\Program Files\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {201BA125-83A4-4CFC-A0BE-F774E0CD92E8} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2010-04-07] (Samsung Electronics Co., Ltd.)
Task: {31FA0A14-EED5-44BD-93B8-21A8D243627E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {42C8DD44-273C-4757-823A-9AB8F693DA00} - System32\Tasks\APSchedulerC => C:\Program Files\AnyPC Client\APLanMgrC.exe [2009-11-20] (DoctorSoft)
Task: {464C0066-429B-4F9D-AC5B-88254FF72557} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.)
Task: {4AAA9F3A-821D-45C0-8149-0828BB66075A} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {4EEF360C-0FA6-4E91-8C32-24FE0F04B006} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {58BAFB13-69FE-4FCF-8CF3-2B9BD58FB708} - System32\Tasks\{C29579B8-6A82-428E-80C7-25C79BF5CE4A} => C:\Program Files\Skype\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {65EE0B06-A383-42BE-B0F3-1BD1D8EE9AC6} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {CF2B4002-D18E-4576-9A79-8E28C897F242} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {E685D404-EEE1-4F04-9193-1CF2A4C059DA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-12-14] (SAMSUNG Electronics)

==================== Loaded Modules (whitelisted) =============

2010-04-28 07:45 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-05-23 10:19 - 2013-10-05 06:53 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-24 09:05 - 2013-09-24 09:05 - 16177544 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:2430E4FC
AlternateDataStreams: C:\ProgramData\Temp:268F887D
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:5C270C64
AlternateDataStreams: C:\ProgramData\Temp:6FB93194
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8530A643
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:E7BA7168

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2013 08:56:47 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/09/2013 08:56:45 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/09/2013 08:56:28 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/09/2013 08:53:05 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/09/2013 08:52:35 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/09/2013 08:52:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/08/2013 07:22:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/08/2013 02:13:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xe88
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (10/07/2013 03:04:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/07/2013 03:04:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/13/2013 05:55:08 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (10/12/2013 03:24:21 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (10/12/2013 03:21:07 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/12/2013 07:11:07 AM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/12/2013 07:11:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (10/12/2013 07:11:03 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (10/12/2013 07:10:33 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (10/11/2013 10:12:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (10/11/2013 10:40:01 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (10/11/2013 06:16:48 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2037.3 MB
Available physical RAM: 1186.15 MB
Total Pagefile: 5092.3 MB
Available Pagefile: 3823.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:85 GB) (Free:16.98 GB) NTFS
Drive d: () (Fixed) (Total:127.79 GB) (Free:117.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: CE41A31C)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=85 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=128 GB) - (Type=OF Extended)

==================== End Of Log ============================

schrauber 13.10.2013 14:16
Lass besagte Datei bitte bei virustotal.de scannen und poste hier den Link zum Ergebnis.

chaxiraxi 13.10.2013 14:55
Sieht unauffällig aus...
hxxp://https://www.virustotal.com/de/file/634eb24e079f0020a47b65105c63ba90ad085f9942b789e32905ce7e7ec7b1d9/analysis/1381672226/

schrauber 14.10.2013 08:13
Immer wenn Antivir langeweile hat wird irgendwas als Crypt.Xpack.Gen oder dergleichen benannt.

Ignorieren, fertig :)

chaxiraxi 14.10.2013 08:33
Alles klar, na immernoch besser als ein echtes Problem, danke für deine Hilfe :)

schrauber 14.10.2013 19:39
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131