|
Plagegeister aller Art und deren Bekämpfung: snap.do entfernungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.04.2013, 13:30 | #1 |
| snap.do entfernung Hallo Tronjaner-Board-Team, ich würde mich über Hilfe beim Beseitigen der snap.do malware freuen. Es liegt bei mir der gleiche Fall wie bei folgendem Post vor: http://www.trojaner-board.de/132061-...f-creator.html Deshalb habe ich die ersten Schritte von Cosinus soweit befolgt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.1 (04.03.2013:1) OS: Windows 7 Professional x64 Ran by asmus on 03.04.2013 at 13:25:49,12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\browser infrastructure helper Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3064313156-4174858450-1445601724-1000\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3064313156-4174858450-1445601724-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Bar Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\Default_Search_URL Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload Successfully deleted: [Registry Key] hkey_local_machine\software\iminent Successfully deleted: [Registry Key] hkey_current_user\software\smartbar Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{31ad400d-1b06-4e33-a59a-90c2c140cba0} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\asmus\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\asmus\AppData\Roaming\pdfforge" Successfully deleted: [Folder] "C:\Users\asmus\appdata\local\smartbar" Successfully deleted: [Folder] "C:\Users\asmus\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\asmus\appdata\locallow\smartbar" Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ FireFox Successfully deleted: [File] C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\searchplugins\web search.xml Successfully deleted: [Folder] C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\jetpack Successfully deleted the following from C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\prefs.js user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=nt&installDate=28/03/20 user_pref("browser.search.order.1", "Ask.com"); user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=ds&installDate=28/03/2013&q=") Emptied folder: C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\minidumps [170 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.04.2013 at 13:31:53,25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.200 - Datei am 03/04/2013 um 13:49:44 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : asmus - PFM-ASMUS # Bootmodus : Normal # Ausgeführt unter : C:\Users\asmus\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\asmus\AppData\Local\Temp\Smartbar ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Schlüssel Gelöscht : HKCU\Software\SmartbarLog Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4627CDA0-4D39-4573-A4B0-B637780DD2AB} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\asmus\AppData\Roaming\Mozilla\Firefox\Profiles\qkil8hio.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [4938 octets] - [03/04/2013 13:49:44] ########## EOF - C:\AdwCleaner[S1].txt - [4998 octets] ########## Code:
ATTFilter OTL logfile created on: 03.04.2013 14:00:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asmus\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 48,03% Memory free 5,97 Gb Paging File | 4,24 Gb Available in Paging File | 71,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 23,94 Gb Free Space | 24,54% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 46,17 Gb Free Space | 34,15% Space Free | Partition Type: NTFS Computer Name: PFM-ASMUS | User Name: asmus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\asmus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (HuaweiHiSuiteService64.exe) -- C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe () SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (PSI_SVC_2_x64) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe (mst software GmbH, Germany) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RDID1057) -- C:\Windows\SysNative\drivers\Rdwm1057.sys (Roland Corporation) DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation) DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130402.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130402.003\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 B6 05 20 FF DC CD 01 [binary data] IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = backspace.unibw-hamburg.de:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: magicplayer%40torrentstream.org:1.1.20 FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {e6cc8d95-4b98-4af1-93c1-eaf21847769c}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://wpad.unibw-hamburg.de/autoproxy.pac" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=2.0.7.1: C:\Users\asmus\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.03.28 20:39:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 16:15:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\asmus\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013.01.19 17:55:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:30:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:30:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 16:15:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.02 11:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\Extensions [2012.08.02 11:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.03.21 22:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\Firefox\Profiles\qkil8hio.default\extensions [2013.03.21 22:16:13 | 000,532,099 | ---- | M] () (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 12:23:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.08 11:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.28 20:39:48 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT [2013.01.19 17:55:51 | 000,000,000 | ---D | M] (TS Magic Player) -- C:\USERS\ASMUS\APPDATA\ROAMING\TORRENTSTREAM\EXTENSIONS\FIREFOX\MAGICPLAYER@TORRENTSTREAM.ORG [2013.03.08 11:30:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.12 12:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 11:05:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.06 10:19:29 | 000,001,003 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.94.0.1 client.openvpn.net O1 - Hosts: 127.94.0.2 openvpn-client.us-ca-sj-001.privatetunnel.com O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000..\Run: [ISM] C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\ism2.exe (Intel Corporation) O4 - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000..\Run: [SwvUpdtr] C:\Users\asmus\AppData\Local\SwvUpdater\Updater.exe /reg File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.07.26 09:51:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.11.6.30 139.11.5.51 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15297087-CD35-42F3-B2D0-B7BDD8C271AC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1878C953-663D-42ED-8555-1E21A633A015}: DhcpNameServer = 139.11.6.30 139.11.5.51 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\x-mem1 - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWOW64\WowCtl2.dll (EzTools Software) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1323076e-d683-11e1-a5de-f0def1283ac7}\Shell - "" = AutoRun O33 - MountPoints2\{1323076e-d683-11e1-a5de-f0def1283ac7}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{13230788-d683-11e1-a5de-f0def1283ac7}\Shell - "" = AutoRun O33 - MountPoints2\{13230788-d683-11e1-a5de-f0def1283ac7}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{b5f97385-c4f1-11e1-962b-904ce5e2edec}\Shell - "" = AutoRun O33 - MountPoints2\{b5f97385-c4f1-11e1-962b-904ce5e2edec}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 13:58:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\asmus\Desktop\OTL.exe [2013.04.03 13:25:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.03 13:24:20 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.03 13:24:11 | 000,551,246 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\asmus\Desktop\JRT.exe [2013.04.03 13:24:03 | 000,000,000 | ---D | C] -- C:\Users\asmus\Desktop\Neuer Ordner [2013.03.29 11:27:04 | 000,000,000 | ---D | C] -- C:\Users\asmus\AppData\Roaming\PDF Architect [2013.03.29 10:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP [2013.03.29 10:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QNAP [2013.03.28 20:40:03 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\PDF Architect Files [2013.03.28 20:40:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.28 20:40:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.28 20:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013.03.28 20:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2013.03.28 20:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.03.28 20:39:13 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2013.03.28 20:39:12 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2013.03.28 20:39:12 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.03.28 20:39:10 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2013.03.28 20:39:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2013.03.28 20:39:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2013.03.28 20:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.03.19 22:38:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.14 17:17:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 17:17:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 17:17:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 17:17:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 17:17:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 17:17:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 17:17:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 17:17:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 17:17:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 17:17:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 17:17:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 17:17:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 17:17:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.14 17:17:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 17:17:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.14 14:47:49 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\Meine Paletten [2013.03.14 14:47:19 | 000,000,000 | ---D | C] -- C:\Users\asmus\AppData\Roaming\Corel [2013.03.14 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\Corel [2013.03.14 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2013.03.14 14:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2013.03.14 14:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2013.03.14 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2013.03.14 14:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit) [2013.03.14 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2013.03.13 12:43:40 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\Intel [2013.03.12 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.08 11:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.06 10:23:52 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.06 10:23:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.06 10:23:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.06 10:23:38 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [18 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.03 14:03:33 | 000,018,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 14:03:33 | 000,018,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.03 14:02:31 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 14:02:31 | 000,763,254 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 14:02:31 | 000,718,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 14:02:31 | 000,173,608 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 14:02:31 | 000,146,554 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 13:58:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asmus\Desktop\OTL.exe [2013.04.03 13:57:38 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2013.04.03 13:53:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.03 13:53:14 | 2406,223,872 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 13:33:47 | 000,613,083 | ---- | M] () -- C:\Users\asmus\Desktop\adwcleaner.exe [2013.04.03 13:24:15 | 000,551,246 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\asmus\Desktop\JRT.exe [2013.03.29 19:22:04 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk [2013.03.29 19:20:13 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2013.lnk [2013.03.29 10:57:20 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Finder.lnk [2013.03.28 21:09:55 | 000,002,330 | ---- | M] () -- C:\Users\asmus\Desktop\Search.lnk [2013.03.28 20:40:19 | 000,000,997 | ---- | M] () -- C:\Users\asmus\Desktop\PDF Architect.lnk [2013.03.28 20:39:16 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.03.27 16:17:04 | 048,894,551 | ---- | M] () -- C:\Users\asmus\Desktop\WEIRD_SCIENCE_mixtape.zip [2013.03.22 10:55:12 | 000,100,736 | ---- | M] () -- C:\Users\asmus\Desktop\Foto.JPG [2013.03.22 00:07:21 | 000,001,062 | ---- | M] () -- C:\Users\asmus\Desktop\PDF-Viewer.lnk [2013.03.22 00:07:21 | 000,000,946 | ---- | M] () -- C:\Users\asmus\Desktop\Englisch in der Praxis.lnk [2013.03.21 18:57:14 | 003,927,349 | ---- | M] () -- C:\Users\asmus\Desktop\novi-sad.pdf [2013.03.21 10:09:39 | 000,011,385 | ---- | M] () -- C:\Users\asmus\gsview64.ini [2013.03.15 11:28:27 | 000,592,466 | ---- | M] () -- C:\Users\asmus\Desktop\Journal of Intelligent Material Systems and Structures-1994-Chaudhry-347-54.pdf [2013.03.15 10:20:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.15 10:20:25 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.14 14:43:17 | 000,540,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.12 16:00:10 | 000,085,650 | ---- | M] () -- C:\Users\asmus\Desktop\Quereinstieg_BBS.pdf [2013.03.12 10:57:45 | 000,225,984 | ---- | M] () -- C:\Users\asmus\Desktop\130130_gemeinsames_informationsdokument_zfs_zspb_zpla_zlh.pdf [2013.03.12 10:33:38 | 000,012,662 | ---- | M] () -- C:\Users\asmus\Desktop\BaMa LA Physik 02 Studienplan_LAGym_UF2.pdf [2013.03.07 15:33:11 | 000,000,540 | ---- | M] () -- C:\Users\asmus\Documents\AnalogLingESZ.tex [2013.03.06 10:23:34 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.06 10:23:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.06 10:23:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.06 10:23:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.06 10:23:30 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.06 10:23:30 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [18 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.03 13:33:46 | 000,613,083 | ---- | C] () -- C:\Users\asmus\Desktop\adwcleaner.exe [2013.03.29 19:14:56 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN 2013.lnk [2013.03.29 10:57:20 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Finder.lnk [2013.03.28 21:09:55 | 000,002,392 | ---- | C] () -- C:\Users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013.03.28 21:09:55 | 000,002,330 | ---- | C] () -- C:\Users\asmus\Desktop\Search.lnk [2013.03.28 20:40:19 | 000,000,997 | ---- | C] () -- C:\Users\asmus\Desktop\PDF Architect.lnk [2013.03.28 20:39:16 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.03.27 16:12:26 | 048,894,551 | ---- | C] () -- C:\Users\asmus\Desktop\WEIRD_SCIENCE_mixtape.zip [2013.03.22 00:07:12 | 000,100,736 | ---- | C] () -- C:\Users\asmus\Desktop\Foto.JPG [2013.03.21 18:57:12 | 003,927,349 | ---- | C] () -- C:\Users\asmus\Desktop\novi-sad.pdf [2013.03.15 11:28:18 | 000,592,466 | ---- | C] () -- C:\Users\asmus\Desktop\Journal of Intelligent Material Systems and Structures-1994-Chaudhry-347-54.pdf [2013.03.12 16:00:10 | 000,085,650 | ---- | C] () -- C:\Users\asmus\Desktop\Quereinstieg_BBS.pdf [2013.03.12 10:57:44 | 000,225,984 | ---- | C] () -- C:\Users\asmus\Desktop\130130_gemeinsames_informationsdokument_zfs_zspb_zpla_zlh.pdf [2013.03.12 10:33:37 | 000,012,662 | ---- | C] () -- C:\Users\asmus\Desktop\BaMa LA Physik 02 Studienplan_LAGym_UF2.pdf [2013.03.07 15:30:27 | 000,000,540 | ---- | C] () -- C:\Users\asmus\Documents\AnalogLingESZ.tex [2012.11.19 13:26:52 | 000,011,385 | ---- | C] () -- C:\Users\asmus\gsview64.ini [2012.10.05 15:02:49 | 000,004,801 | ---- | C] () -- C:\Users\asmus\abaqus_v6.11.gpr [2012.08.10 09:58:23 | 000,000,216 | ---- | C] () -- C:\Windows\Assimil_d_it.INI [2012.08.06 15:51:56 | 000,000,208 | ---- | C] () -- C:\Windows\Assimil_d_gb2.INI [2012.08.06 15:51:53 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.07.17 15:40:30 | 000,000,600 | ---- | C] () -- C:\Users\asmus\PUTTY.RND [2012.07.06 10:21:24 | 000,000,402 | ---- | C] () -- C:\Users\asmus\openvpn-connect.json [2012.07.05 10:16:29 | 001,777,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.04 16:02:11 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2012.07.04 16:01:21 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\hpcc3130.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.04.2013 14:00:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asmus\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 48,03% Memory free 5,97 Gb Paging File | 4,24 Gb Available in Paging File | 71,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 23,94 Gb Free Space | 24,54% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 46,17 Gb Free Space | 34,15% Space Free | Partition Type: NTFS Computer Name: PFM-ASMUS | User Name: asmus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AF2413D-4E31-4E1A-A615-B3A67940A7B3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1428B6CB-E51F-4968-B62F-99A81D8C86D7}" = rport=138 | protocol=17 | dir=out | app=system | "{21316FEC-3FCC-4DCF-87F3-8BB2A596F31D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2DD3D1AB-CB56-4A78-8360-C13F1179DDB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2F1009A2-642A-4F36-98AB-FB8E737C9778}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F30A3EC-FEE4-4275-A818-5D918BAB99FB}" = lport=3689 | protocol=6 | dir=in | name=monkeytunes port (3689) | "{357FE3C1-D0CB-45C7-9140-386D5BDA8E60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5F2E2A7C-AEF8-4DC9-991A-19298FF0165E}" = lport=138 | protocol=17 | dir=in | app=system | "{665C7F57-30D8-4EEC-8636-5FAE94972DCB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6E4B733D-A39A-47A8-B950-B47A5DB4C7BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{74CEA263-6385-4D3D-84A0-DA2E10C6AE7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7592CC5F-F340-4EFE-A5E2-1AFF1050608A}" = lport=445 | protocol=6 | dir=in | app=system | "{7FD7AC38-8560-41C5-9CD1-D8A7D18D4B24}" = rport=10243 | protocol=6 | dir=out | app=system | "{83292CA0-7E6D-497A-8405-BEB596A05A3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8A0159DA-7B53-4DCD-8C46-D3BC57A07EC2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B35CF117-888A-44FD-9482-EC5B4F3C3464}" = lport=2869 | protocol=6 | dir=in | app=system | "{B8E8FB67-E6A6-418E-9E5E-0143CA5B3E45}" = lport=137 | protocol=17 | dir=in | app=system | "{BD5D396C-64B4-4299-85B7-C4666AD7B71D}" = rport=445 | protocol=6 | dir=out | app=system | "{C762B6F8-A877-4E88-B3A6-339187610120}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CDB70D6B-67AC-40AB-80A8-6CC4B8D8A25F}" = rport=139 | protocol=6 | dir=out | app=system | "{DCC53CA5-2B7B-459D-A702-6DDA129A844B}" = lport=10243 | protocol=6 | dir=in | app=system | "{EED69778-D0D7-4BD3-85E3-9CAABBEF582D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{F1A2A8DE-C42C-49F8-A40E-2A1571D5D050}" = lport=139 | protocol=6 | dir=in | app=system | "{F3A59A06-900C-4330-BD20-EE569FB06222}" = rport=137 | protocol=17 | dir=out | app=system | "{FCA83EDB-5090-47D1-A788-23034BDA15FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C81F35-37C6-4CE6-901B-088CF32CE2BE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{01EAA208-7F04-4DD5-BFF2-0686542C13E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D1BD794-19DF-4408-B63E-091E76575E06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{12D434B8-772E-4C6D-8690-20632B8526BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{15FBFF9B-20F8-40E8-A551-5DB7A30C22AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1736F877-2030-4C5B-839E-F93D9BA16682}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{226EF24E-989E-41B7-8E34-C8C509142524}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{23C83CEB-65D7-4798-A2D7-E558BAA096A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{28FC5E3D-9E3F-47C2-A323-77045DD94334}" = protocol=6 | dir=in | app=c:\program files\mathematica\8.0\math.exe | "{2E580C6A-032C-4C1B-9999-102981293B6C}" = protocol=17 | dir=in | app=c:\program files\mathematica\8.0\mathematica.exe | "{2E948A9B-1C51-4C73-8B97-AB1367E3537E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2F40A3BB-12C7-4205-822C-5B0A0137E005}" = protocol=6 | dir=out | app=system | "{34DB29FD-5B1D-4B7C-93AA-5B6BCBE9AC2F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{37A9A33F-63BE-4AB2-A83F-F7675B762FD3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3A9A0CB1-596F-4667-8593-707860BAE46C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3C3F0DE8-12E4-4BF0-9FAA-778536D6D1BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{409373ED-7691-405E-BC88-D645AD3E3321}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{58677593-DB5B-4AAB-A3D0-4CB797ED65CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5DD1F402-92E2-420A-B9EB-B691BFA64E8C}" = protocol=6 | dir=in | app=c:\program files\mathematica\8.0\mathematica.exe | "{60A5BDFE-53DC-439E-9BD6-B8FC19E67702}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{63B52669-6B86-4A8F-A2EF-FEB3B7064402}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{694DEAF6-15E9-4A99-9EE0-B22B23643FF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D0906F1-C9D4-40BD-8506-5B3CE133D909}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6E00DD49-E3E9-4926-9D04-DC94C833974F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6FDF6E5A-FCDC-492A-8644-9DC19ACE6E32}" = protocol=17 | dir=in | app=c:\users\asmus\appdata\roaming\dropbox\bin\dropbox.exe | "{7A18BE98-4F4F-4B24-9AA2-BB37BE81F17F}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{7C4C6938-29EC-499A-AD82-12684A639179}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{7F17F746-DBCE-4A86-A3BF-65D91C7FFA3D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{7F19B02C-2384-499A-8B42-F1AA2E2F7EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{9162DCC6-6B7B-4B53-96C7-759B71E74F27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{92F1101E-D58D-4720-8470-CBFA95131A90}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{98BB140C-8844-417F-9F6B-8EAA98914CA0}" = protocol=17 | dir=in | app=c:\program files\mathematica\8.0\mathkernel.exe | "{9A53C75A-DCF2-4EEF-9DBC-449D11E86134}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A21B4D31-A060-427E-B46A-FE0C7F7131B5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A5ABD27E-B79E-4A23-8357-A6483FDBE5D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{B118DA31-A9EC-441B-9F77-3B24D7450367}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B5C90C43-7791-48D1-BDD4-45DE827C936A}" = protocol=17 | dir=in | app=c:\program files\mathematica\8.0\math.exe | "{BE75EDC3-B21D-4EB5-9802-0EF22B7EE3A8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{BEFCCB2D-FE4A-4265-8619-E807531E30EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C2A93F78-AC37-44E4-8491-61CEE343A63C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{C60F4C65-B230-4123-B79E-F1C8A4AEF1BC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CCEA543D-EDD7-46D3-B22E-F835D14E98B9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "{CF6EA182-0FE3-4D79-9754-610CCAE80387}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D076AC77-015D-4F8A-8E7F-4DCEF973239B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{D28B6163-AD96-4DC6-81F0-78C1D47B8712}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D4935947-77A0-4786-A032-E476499BC5E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{DDFC14B5-32CD-4125-BE21-681F9D4D8168}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E61F3FB6-EBE8-4E59-873F-B1ACE475CC6A}" = protocol=6 | dir=in | app=c:\program files\mathematica\8.0\mathkernel.exe | "{E875BE91-1FE0-4FE9-8CAE-D63F07356170}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EAE6223D-8B01-4B9A-A343-BB13409E6EAA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F368C9F8-887C-40AD-A85B-B3FB812C4250}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F3CA288A-26C5-41D2-9DA0-193FAF2769D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F43E4B60-F7D3-4D0C-ACBF-68A992633C75}" = protocol=6 | dir=in | app=c:\users\asmus\appdata\roaming\dropbox\bin\dropbox.exe | "{F6BCF836-1DE6-4603-94CB-A8F952F98292}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "TCP Query User{00111A8C-5EC0-4C1F-8018-4C0792004BD9}C:\users\asmus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\asmus\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{1A5755DC-F47B-4D58-83AC-467288CD99D2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{442F5A7E-93B0-4AFC-A004-9FE726CFB07E}C:\users\asmus\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\asmus\appdata\roaming\torrentstream\engine\tsengine.exe | "TCP Query User{95A033F7-67C5-4D90-AD56-0609636A45B3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{C962D465-0C3A-4BA6-BDDD-5222BA5127D3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{2EAC3B48-7667-47E4-87C9-76D8AB8F48DD}C:\users\asmus\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\asmus\appdata\roaming\torrentstream\engine\tsengine.exe | "UDP Query User{496BD214-A1CC-4DB7-A17D-623258913D3C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{8D0CE2CA-E66B-49CC-A915-374BA3D3B622}C:\users\asmus\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\asmus\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{B7332A85-D2E6-4E92-90A6-757546AAF8B4}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{C4BE1DEE-93D4-475E-ADC8-960AA8EAF73E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit) "_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files "{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared "{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64) "{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de "{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client "{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64) "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64) "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU "{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64) "{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64) "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5123BE03-F8AF-4D20-A6A7-65CB35FF514E}" = CorelDRAW Graphics Suite X6 - NL (x64) "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English "{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64) "{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit "{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de "{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64) "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64 "{839546C9-2E4E-4A42-B0D4-22E05E92E7AA}" = CorelDRAW Graphics Suite X6 - ES (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EF2B1E1-4D7A-43FA-92C5-61DB6F0524C4}" = CorelDRAW Graphics Suite X6 - BR (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64) "{90F60407-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) German "{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64) "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{A1CDB206-B8F1-41F0-9DAA-C7FC8664C737}" = CorelDRAW Graphics Suite X6 - FR (x64) "{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{B1FB7D5C-20CE-4CB6-8F39-306EFDA8290C}" = Symantec Endpoint Protection "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM "{B6FB1FF8-B79B-44E5-97BE-6E1E37F281AC}" = CorelDRAW Graphics Suite X6 - IT (x64) "{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64) "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64) "{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{CBC1BFA3-E641-4FCA-8EFA-77E2B7D7E552}" = CorelDRAW Graphics Suite X6 (x64) "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{CDFFDDCC-B74E-4AEE-A97F-12E31BAFF3FF}" = CorelDRAW Graphics Suite X6 - DE (x64) "{D3299935-57F7-403A-9D7B-0B8F9F56F44B}" = Microsoft HPC MPI Redistributable Pack "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) "{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64) "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64) "{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension "{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "{FD868C71-6CCF-42E2-B90D-0504AB0036FE}" = 64 Bit HP CIO Components Installer "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897) "CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD "DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) "GPL Ghostscript 9.06" = GPL Ghostscript "GSview 5.0" = GSview 5.0 "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Matlab R2012a" = MATLAB R2012a "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "M-WIN-L 8.0.1 2063990_is1" = Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990) "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = ThinkPad Power Management Driver "PROSet" = Intel(R) Network Connections Drivers "RolandRDID0057" = UA-1EX-Treiber "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00699001-40D8-4F61-AE9B-5E932302185B}" = Intel(R) C++ Redistributables on IA-32 "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de "{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser "{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt "{159A9E6E-3C52-4169-B25D-77EE4D59BAFE}" = Intel MKL on Intel(R) 64 "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition "{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service "{20F8A9AD-337D-4D92-BC27-56D51B4DF588}" = Intel Visual Fortran Compiler XE common files "{21DFBDC6-EE71-4690-B239-077CF67B834A}" = C++|Fortran Compiler XE common files "{249705FF-B399-40E2-9493-98622105D0CB}" = Composer XE 2013 Common Files "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{2FD19779-BD96-31F4-954D-7C7FE546BFD1}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4967) "{2FD19779-BD96-31F4-954D-7C7FE546BFD1}.vc_x64runtime_30729_4967" = Visual C++ 2008 x64 Runtime - v9.0.30729.4967 "{312C7771-D54D-4ACB-8DBB-FFEDA75100BC}" = Intel(R) Software Manager "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU "{3A645B53-AE6B-4F34-96D1-F85E63B297F4}" = Intel Visual Fortran Compiler XE on IA-32 "{3B6EE2A0-386C-4EF3-8C0D-9A75833E103D}" = OpenVPN Connect "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX "{4209F371-4927-659B-6665-F7524E53AE40}_is1" = Ashampoo WinOptimizer 8 v.8.14.00 "{45C5C113-AD43-414B-867D-7C0AF54276CB}" = Duden-Rechtschreibprüfung PLUS "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4CEF52F2-3A06-4DC1-AAB7-521965AD9478}" = Intel(R) Visual Fortran Redistributables on IA-32 "{5285987F-41E8-49B5-9143-72FE789C3FC8}_is1" = MonkeyTunes 1.6.5.8 "{54D6EAA8-EAB3-4256-905B-BE0A38063918}" = Integration(s) in Microsoft Visual Studio* "{59DA1FDB-BD25-4B6E-A271-281D7E4DFFB4}" = Intel MKL common files "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU "{6AA5276A-771D-46D7-98D2-FFB8B767CE2C}" = Composer XE 2013 OpenMP on IA-32 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch "{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime "{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service "{8DD3DDA9-F5FF-441D-859E-EFEC16B15A06}" = C++|Fortran Compiler XE on IA-32 "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D82859C-969D-4BEE-8F09-D6B6E53BE85C}" = Intel Visual Fortran Compiler XE on Intel(R) 64 common files "{A70C1121-AD61-4838-B3A8-B9DCE9C17005}" = C++ Compiler XE Documentation "{A8461749-BDED-4889-9CA9-5A873A2B46C2}" = Visual Fortran Indicator MSI "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{B6474CAB-C655-432A-8DC4-71D72301C592}" = C++ Integration(s) in Microsoft Visual Studio* "{B658370C-E257-4E9C-9873-822546FA1381}" = C++|Fortran Compiler XE on Intel(R) 64 common files "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B8C55D03-B111-4EAF-B411-366622BB3EB7}" = Intel(R) Visual Fortran Redistributables on Intel(R) 64 "{B91D4B2C-DAC6-43E9-AC7D-90EBFC16DDBC}" = Intel Composer XE 2013 Update 2 for Windows* "{BAA1ACAB-785A-4CDB-8471-FBFDCDFF7FC1}" = C++|Fortran Compiler XE on Intel(R) 64 "{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst "{BF5B198A-CC34-4E40-A42E-456148024C4B}" = Intel Visual Fortran Compiler XE on Intel(R) 64 "{BFCF05E3-047D-41DE-8AC0-145B2FB2D108}" = Intel Composer XE 2013 Update 2 for Windows* "{C2ADA2E0-65D4-4131-B125-41E43D8C4E13}" = Composer XE 2013 OpenMP on Intel(R) 64 "{C47BAA65-F48D-42E0-BFB0-B3B5FEC72304}" = Intel(R) Composer XE 2013 Update 2 for Windows* "{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types "{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU "{CCB1AFB7-C966-49FB-A55C-010D8E414B47}" = Visual Fortran Compiler XE Documentation "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D1581C87-B157-4055-883B-78A83F5B0998}" = Intel MKL on IA-32 "{D2C88DA9-7BEA-4764-8E5E-B92B23610D2C}" = Intel MKL "{D8039CE9-F8FA-4797-A561-488D1E9663D1}" = Integrated Documentation "{D9C1ABD5-18C6-4834-8ABA-08F6F9591927}" = Intel(R) C++ Redistributables on Intel(R) 64 "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DA065177-CA23-471E-B830-C0EB185356E8}" = Distributed Installer "{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{E58D122E-799F-4DF2-B4E7-4CE1FE13C6CB}" = C++ Integration(s) in Microsoft Visual Studio* "{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects "{E99CFA2D-7259-405B-812C-9F4729F1EFCA}" = Distributed Installer "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EC1F1209-E48D-38B0-BE25-B37C6BFCF676}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4967) "{EC1F1209-E48D-38B0-BE25-B37C6BFCF676}.vc_x86runtime_30729_4967" = Visual C++ 2008 x86 Runtime - v9.0.30729.4967 "{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F289D934-2224-473B-B57E-0040D2693F83}" = TAXMAN 2013 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F78674F3-1D81-4EBB-9C94-A37F96F8C16D}" = Visual Fortran Integration(s) in Microsoft Visual Studio* "{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012 "Abaqus 6.11 Documentation" = Abaqus 6.11 Documentation "Abaqus 6.11-2" = Abaqus 6.11-2 "Abaqus FLEXnet License Server" = Abaqus FLEXnet License Server "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "DSMT4" = MathType 4 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EyeTV Hybrid v5.09.0813.01" = EyeTV Hybrid v5.09.0813.01 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0 "Hi Suite" = HiSuite "ImgBurn" = ImgBurn "IsoBuster_is1" = IsoBuster 3.0 "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "MediaMonkey_is1" = MediaMonkey 4.0 "Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "OpenVPN" = OpenVPN 2.2.2 "PDF Blender" = PDF Blender "QNAP_FINDER" = QNAP Finder "SopCast" = SopCast 3.5.0 "TeamViewer 8" = TeamViewer 8 "TrueCrypt" = TrueCrypt "VirtualCloneDrive" = VirtualCloneDrive "WhiteSmoke" = WhiteSmoke "WSCC_is1" = WSCC 2.1.0.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{876d753f-4af3-4384-b96d-b344f150dced}" = Snap.Do Engine "Dropbox" = Dropbox "TorrentStream" = Torrent Stream 2.0.7.1 ========== Last 20 Event Log Errors ========== [ System Events ] Error - 03.04.2013 07:57:16 | Computer Name = pfm-asmus | Source = DCOM | ID = 10016 Description = < End of report > Hinweis: Bei Firefox ist nun kein snap.do mehr zu finden. Allerdings ist immer noch ein Eintrag bei Systemsteuerung/Programme/Programme und Funktionen/Snap.Do Engine, sodass der Button Deinstallieren/änder benutzt werden kann. Viele Grüße und herzlichen Dank! |
03.04.2013, 15:27 | #2 |
/// TB-Ausbilder | snap.do entfernung Und gibts einen speziellen Grund, dass du das nicht machst?
__________________
__________________ |
03.04.2013, 15:40 | #3 |
| snap.do entfernung Ja, da ich den klaren Anweisungen von Cosinus folgen wollte und erstmal nur die erwähnten Schritte umsetzte. Des Weiteren hatte ich schon vor den empfohlenen Schritten von Cosinus eine Deinstallation ausprobiert. Dabei passierte dasselbe wie in dem angegebenen Link: die Software fragte, bei welchem Browser das Programm snap.do "versteckt" werden soll. Somit habe ich keine große Hoffnung, dass das Deinstallationsprogramm was Vernünftiges macht. Oder etwa doch ausprobieren?
__________________ |
03.04.2013, 15:52 | #4 |
/// TB-Ausbilder | snap.do entfernung Ach probier es mal aus und dann entfernen wir die Reste.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
04.04.2013, 08:31 | #5 |
| snap.do entfernung Also ich habe die Deinstallation gestartet und darauf hat sich nichts getan. Das heißt, über dem Curser tauchte kurz der Ladekreis auf, was im Task-Manager kurz als zwei WinInstaller-Programme gelistet wird und dann ist der Spuk auch schon vorbei. In der Programmliste ist dann noch immer der Eintrag "snap.de engine". Bei Wiederholungen passiert das Gleiche. Ist wohl nur noch ein Rest ohne Funktion, welcher irgendwie entfernt werden kann/muss. |
04.04.2013, 09:05 | #6 |
/// TB-Ausbilder | snap.do entfernung Okay, dann entfernen wir ihn. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Scan mit Combofix
Schritt 2: Kontrollscan mit OTL
__________________ --> snap.do entfernung |
04.04.2013, 15:00 | #7 |
| snap.do entfernung Danke soweit und weiter im Text: Ich habe die Anweisungen ausgeführt und es folgen die Code-Tags. Davor noch ein kleiner Hinweis: Leider hatte ich ComboFix gestartet, bevor ich die Antivirus-Software deaktiviert hatte. Daraufhin meldete mir dies ComboFix mit der Aufforderung, vor OK-Bestätigung die Antivirus-Software zu deaktivieren, was ich dann auch machte. Code:
ATTFilter ComboFix 13-04-04.01 - asmus 04.04.2013 14:26:06.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.1596 [GMT 2:00] ausgeführt von:: c:\users\asmus\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\asmus\AppData\Local\assembly\tmp c:\users\asmus\Desktop\Search.lnk c:\windows\SysWow64\~GLH001b.TMP c:\windows\SysWow64\~GLH001c.TMP c:\windows\SysWow64\~GLH001d.TMP c:\windows\SysWow64\~GLH001e.TMP c:\windows\SysWow64\~GLH001f.TMP c:\windows\SysWow64\~GLH0020.TMP c:\windows\SysWow64\~GLH0021.TMP c:\windows\SysWow64\~GLH0022.TMP c:\windows\SysWow64\~GLH0023.TMP c:\windows\SysWow64\~GLH0024.TMP c:\windows\SysWow64\~GLH0025.TMP c:\windows\SysWow64\~GLH0026.TMP c:\windows\SysWow64\~GLH0027.TMP c:\windows\SysWow64\~GLH0028.TMP c:\windows\SysWow64\~GLH0029.TMP c:\windows\SysWow64\~GLH002a.TMP c:\windows\SysWow64\~GLH002b.TMP c:\windows\SysWow64\~GLH002c.TMP . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-04 bis 2013-04-04 )))))))))))))))))))))))))))))) . . 2013-04-04 12:32 . 2013-04-04 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-03 11:25 . 2013-04-03 11:25 -------- d-----w- c:\windows\ERUNT 2013-04-03 11:24 . 2013-04-03 11:49 -------- d-----w- C:\JRT 2013-04-03 08:58 . 2013-04-03 12:09 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-03-29 09:27 . 2013-03-29 09:27 -------- d-----w- c:\users\asmus\AppData\Roaming\PDF Architect 2013-03-29 08:57 . 2013-03-29 08:57 -------- d-----w- c:\program files (x86)\QNAP 2013-03-28 18:40 . 2013-03-28 18:40 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-03-28 18:40 . 2013-03-28 18:40 -------- d--h--w- c:\programdata\Common Files 2013-03-28 18:39 . 2013-03-28 18:40 -------- d-----w- c:\program files (x86)\PDF Architect 2013-03-28 18:39 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2013-03-28 18:39 . 2013-01-11 10:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll 2013-03-28 18:39 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2013-03-28 18:39 . 2013-03-28 18:41 -------- d-----w- c:\program files (x86)\PDFCreator 2013-03-28 18:39 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2013-03-28 18:39 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL 2013-03-28 18:39 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL 2013-03-19 20:38 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-14 12:47 . 2013-03-14 12:47 -------- d-----w- c:\users\asmus\AppData\Roaming\Corel 2013-03-14 12:14 . 2013-03-14 12:14 -------- d-----w- c:\program files\Common Files\Corel 2013-03-14 12:14 . 2013-03-14 12:14 -------- d-----w- c:\program files\Common Files\Protexis 2013-03-14 12:14 . 2013-03-14 12:47 -------- d-----w- c:\programdata\Corel 2013-03-14 12:10 . 2013-03-14 12:10 -------- d-----w- c:\program files\Corel 2013-03-06 08:23 . 2013-03-06 08:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 09:07 . 2012-07-05 08:27 2413248 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll 2013-03-15 08:20 . 2012-07-03 15:46 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 08:20 . 2012-07-03 15:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 15:19 . 2012-07-02 15:28 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-06 08:23 . 2012-09-10 09:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-06 08:23 . 2012-08-02 08:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-14 08:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 08:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 08:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-14 08:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-14 08:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 08:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-13 21:17 . 2013-02-28 08:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17 . 2013-02-28 08:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16 . 2013-02-28 08:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12 . 2013-02-28 08:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32 . 2013-02-28 08:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-01-13 20:22 . 2013-02-28 08:05 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20 . 2013-02-28 08:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-01-13 20:09 . 2013-02-28 08:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08 . 2013-02-28 08:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08 . 2013-02-28 08:05 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-01-13 19:59 . 2013-02-28 08:05 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-01-13 19:58 . 2013-02-28 08:05 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-01-13 19:54 . 2013-02-28 08:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53 . 2013-02-28 08:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53 . 2013-02-28 08:07 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51 . 2013-02-28 08:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-01-13 19:49 . 2013-02-28 08:05 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-01-13 19:48 . 2013-02-28 08:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46 . 2013-02-28 08:05 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-01-13 19:43 . 2013-02-28 08:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38 . 2013-02-28 08:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-01-13 19:38 . 2013-02-28 08:05 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-01-13 19:38 . 2013-02-28 08:05 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-01-13 19:37 . 2013-02-28 08:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-01-13 19:25 . 2013-02-28 08:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-01-13 19:24 . 2013-02-28 08:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-01-13 19:24 . 2013-02-28 08:07 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-01-13 19:20 . 2013-02-28 08:05 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-01-13 19:20 . 2013-02-28 08:05 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-01-13 19:15 . 2013-02-28 08:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-01-13 19:10 . 2013-02-28 08:05 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-01-13 19:02 . 2013-02-28 08:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34 . 2013-02-28 08:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32 . 2013-02-28 08:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-01-13 18:09 . 2013-02-28 08:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-01-13 17:26 . 2013-02-28 08:05 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05 . 2013-02-28 08:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-01-05 05:53 . 2013-02-13 08:35 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 08:35 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 08:35 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISM"="c:\program files (x86)\Common Files\Intel\Intel Software Manager\ism2.exe" [2012-10-08 694752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-10 115560] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-12-23 347792] . c:\users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled Dropbox.lnk - c:\users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-12-27 55296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-12-27 24064] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-07-03 54824] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-07-03 35104] R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe [2009-08-24 544768] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-17 1432400] R3 RDID1057;UA-1EX;c:\windows\system32\Drivers\rdwm1057.sys [2012-12-11 158592] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [2012-05-03 200032] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208] S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-18 30720] . . Inhalt des "geplante Tasks" Ordners . 2013-04-03 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job - c:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-07-04 01:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = backspace.unibw-hamburg.de:3128 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\asmus\AppData\Roaming\Mozilla\Firefox\Profiles\qkil8hio.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: 2013-03-28 19:39; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt . . ------- Dateityp-Verknüpfung ------- . vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %* . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-SwvUpdtr - c:\users\asmus\AppData\Local\SwvUpdater\Updater.exe SafeBoot-Symantec Antvirus HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-04-04 14:35:35 ComboFix-quarantined-files.txt 2013-04-04 12:35 . Vor Suchlauf: 10 Verzeichnis(se), 25.969.795.072 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 27.571.503.104 Bytes frei . - - End Of File - - 416A574D14A1E38400AE95D21056955F Code:
ATTFilter OTL logfile created on: 04.04.2013 15:33:12 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\asmus\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,58% Memory free 5,97 Gb Paging File | 4,52 Gb Available in Paging File | 75,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 25,68 Gb Free Space | 26,32% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 46,15 Gb Free Space | 34,13% Space Free | Partition Type: NTFS Computer Name: PFM-ASMUS | User Name: asmus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\asmus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (HuaweiHiSuiteService64.exe) -- C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe () SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe () SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe () SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (PSI_SVC_2_x64) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe (mst software GmbH, Germany) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RDID1057) -- C:\Windows\SysNative\drivers\Rdwm1057.sys (Roland Corporation) DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation) DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation) DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (Teefer2) -- C:\Windows\SysNative\drivers\Teefer2.sys (Symantec Corporation) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130403.023\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130403.023\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 B6 05 20 FF DC CD 01 [binary data] IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = backspace.unibw-hamburg.de:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: magicplayer%40torrentstream.org:1.1.20 FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {e6cc8d95-4b98-4af1-93c1-eaf21847769c}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.12.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://wpad.unibw-hamburg.de/autoproxy.pac" FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=2.0.7.1: C:\Users\asmus\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.03.28 20:39:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 10:58:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\asmus\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013.01.19 17:55:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:30:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:30:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 10:58:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.02 11:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\Extensions [2012.08.02 11:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.04.04 14:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\Firefox\Profiles\qkil8hio.default\extensions [2013.04.04 14:21:47 | 000,532,701 | ---- | M] () (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 12:23:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\asmus\AppData\Roaming\mozilla\firefox\profiles\qkil8hio.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.08 11:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.28 20:39:48 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT [2013.01.19 17:55:51 | 000,000,000 | ---D | M] (TS Magic Player) -- C:\USERS\ASMUS\APPDATA\ROAMING\TORRENTSTREAM\EXTENSIONS\FIREFOX\MAGICPLAYER@TORRENTSTREAM.ORG [2013.03.08 11:30:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.12 12:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 11:05:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.04 15:18:38 | 000,000,206 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.94.0.1 client.openvpn.net O1 - Hosts: 127.94.0.2 openvpn-client.us-ca-sj-001.privatetunnel.com O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000..\Run: [ISM] C:\Program Files (x86)\Common Files\Intel\Intel Software Manager\ism2.exe (Intel Corporation) O4 - Startup: C:\Users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.07.26 09:51:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3064313156-4174858450-1445601724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15297087-CD35-42F3-B2D0-B7BDD8C271AC}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\x-mem1 - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWOW64\WowCtl2.dll (EzTools Software) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.04 15:32:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\asmus\Desktop\OTL.exe [2013.04.04 15:19:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.04 14:35:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.04 14:24:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.04 14:24:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.04 14:24:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.04 14:23:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.04 14:22:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.04 14:20:56 | 005,047,266 | R--- | C] (Swearware) -- C:\Users\asmus\Desktop\ComboFix.exe [2013.04.03 13:25:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.03 13:24:20 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.03 13:24:03 | 000,000,000 | ---D | C] -- C:\Users\asmus\Desktop\Neuer Ordner [2013.04.03 10:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.29 11:27:04 | 000,000,000 | ---D | C] -- C:\Users\asmus\AppData\Roaming\PDF Architect [2013.03.29 10:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP [2013.03.29 10:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QNAP [2013.03.28 20:40:03 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\PDF Architect Files [2013.03.28 20:40:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.28 20:40:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.28 20:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2013.03.28 20:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2013.03.28 20:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.03.28 20:39:12 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.03.28 20:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.03.14 14:47:49 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\Meine Paletten [2013.03.14 14:47:19 | 000,000,000 | ---D | C] -- C:\Users\asmus\AppData\Roaming\Corel [2013.03.14 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\Corel [2013.03.14 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2013.03.14 14:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2013.03.14 14:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2013.03.14 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2013.03.14 14:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit) [2013.03.14 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2013.03.13 12:43:40 | 000,000,000 | ---D | C] -- C:\Users\asmus\Documents\Intel [2013.03.08 11:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.04.04 15:26:00 | 000,018,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.04 15:26:00 | 000,018,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.04 15:20:53 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2013.04.04 15:18:38 | 000,000,206 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.04 15:17:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.04 15:16:48 | 2406,223,872 | -HS- | M] () -- C:\hiberfil.sys [2013.04.04 14:20:59 | 005,047,266 | R--- | M] (Swearware) -- C:\Users\asmus\Desktop\ComboFix.exe [2013.04.03 14:02:31 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 14:02:31 | 000,763,254 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 14:02:31 | 000,718,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 14:02:31 | 000,173,608 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 14:02:31 | 000,146,554 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 13:58:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asmus\Desktop\OTL.exe [2013.03.29 19:22:04 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk [2013.03.29 19:20:13 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2013.lnk [2013.03.29 10:57:20 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Finder.lnk [2013.03.28 20:40:19 | 000,000,997 | ---- | M] () -- C:\Users\asmus\Desktop\PDF Architect.lnk [2013.03.28 20:39:16 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.03.27 16:17:04 | 048,894,551 | ---- | M] () -- C:\Users\asmus\Desktop\WEIRD_SCIENCE_mixtape.zip [2013.03.22 10:55:12 | 000,100,736 | ---- | M] () -- C:\Users\asmus\Desktop\Foto.JPG [2013.03.22 00:07:21 | 000,001,062 | ---- | M] () -- C:\Users\asmus\Desktop\PDF-Viewer.lnk [2013.03.22 00:07:21 | 000,000,946 | ---- | M] () -- C:\Users\asmus\Desktop\Englisch in der Praxis.lnk [2013.03.21 18:57:14 | 003,927,349 | ---- | M] () -- C:\Users\asmus\Desktop\novi-sad.pdf [2013.03.21 10:09:39 | 000,011,385 | ---- | M] () -- C:\Users\asmus\gsview64.ini [2013.03.15 11:28:27 | 000,592,466 | ---- | M] () -- C:\Users\asmus\Desktop\Journal of Intelligent Material Systems and Structures-1994-Chaudhry-347-54.pdf [2013.03.14 14:43:17 | 000,540,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.12 16:00:10 | 000,085,650 | ---- | M] () -- C:\Users\asmus\Desktop\Quereinstieg_BBS.pdf [2013.03.12 10:57:45 | 000,225,984 | ---- | M] () -- C:\Users\asmus\Desktop\130130_gemeinsames_informationsdokument_zfs_zspb_zpla_zlh.pdf [2013.03.12 10:33:38 | 000,012,662 | ---- | M] () -- C:\Users\asmus\Desktop\BaMa LA Physik 02 Studienplan_LAGym_UF2.pdf [2013.03.07 15:33:11 | 000,000,540 | ---- | M] () -- C:\Users\asmus\Documents\AnalogLingESZ.tex ========== Files Created - No Company Name ========== [2013.04.04 14:24:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.04 14:24:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.04 14:24:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.04 14:24:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.04 14:24:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.29 19:14:56 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN 2013.lnk [2013.03.29 10:57:20 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Finder.lnk [2013.03.28 21:09:55 | 000,002,392 | ---- | C] () -- C:\Users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013.03.28 20:40:19 | 000,000,997 | ---- | C] () -- C:\Users\asmus\Desktop\PDF Architect.lnk [2013.03.28 20:39:16 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.03.27 16:12:26 | 048,894,551 | ---- | C] () -- C:\Users\asmus\Desktop\WEIRD_SCIENCE_mixtape.zip [2013.03.22 00:07:12 | 000,100,736 | ---- | C] () -- C:\Users\asmus\Desktop\Foto.JPG [2013.03.21 18:57:12 | 003,927,349 | ---- | C] () -- C:\Users\asmus\Desktop\novi-sad.pdf [2013.03.15 11:28:18 | 000,592,466 | ---- | C] () -- C:\Users\asmus\Desktop\Journal of Intelligent Material Systems and Structures-1994-Chaudhry-347-54.pdf [2013.03.12 16:00:10 | 000,085,650 | ---- | C] () -- C:\Users\asmus\Desktop\Quereinstieg_BBS.pdf [2013.03.12 10:57:44 | 000,225,984 | ---- | C] () -- C:\Users\asmus\Desktop\130130_gemeinsames_informationsdokument_zfs_zspb_zpla_zlh.pdf [2013.03.12 10:33:37 | 000,012,662 | ---- | C] () -- C:\Users\asmus\Desktop\BaMa LA Physik 02 Studienplan_LAGym_UF2.pdf [2013.03.07 15:30:27 | 000,000,540 | ---- | C] () -- C:\Users\asmus\Documents\AnalogLingESZ.tex [2012.11.19 13:26:52 | 000,011,385 | ---- | C] () -- C:\Users\asmus\gsview64.ini [2012.10.05 15:02:49 | 000,004,801 | ---- | C] () -- C:\Users\asmus\abaqus_v6.11.gpr [2012.08.10 09:58:23 | 000,000,216 | ---- | C] () -- C:\Windows\Assimil_d_it.INI [2012.08.06 15:51:56 | 000,000,208 | ---- | C] () -- C:\Windows\Assimil_d_gb2.INI [2012.08.06 15:51:53 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.07.17 15:40:30 | 000,000,600 | ---- | C] () -- C:\Users\asmus\PUTTY.RND [2012.07.06 10:21:24 | 000,000,402 | ---- | C] () -- C:\Users\asmus\openvpn-connect.json [2012.07.05 10:16:29 | 001,777,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.04 16:02:11 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2012.07.04 16:01:21 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\hpcc3130.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.02 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\.Torrent Stream [2012.10.18 09:19:54 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\BaKoMa TeX [2012.09.11 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\Design Science [2013.04.04 15:20:14 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\Dropbox [2012.07.04 15:07:13 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\Duden [2013.03.14 12:41:24 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\GoodSync [2012.08.02 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\Haufe Mediengruppe [2012.09.18 12:49:56 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\ImgBurn [2012.08.02 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\Lexware [2012.12.11 23:04:30 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\MediaMonkey [2012.12.11 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\MonkeyTunes [2012.11.04 12:23:06 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\MyPhoneExplorer [2013.03.29 11:27:07 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\PDF Architect [2012.08.03 09:19:56 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\Swiss Academic Software [2013.02.01 15:12:41 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\TeamViewer [2012.07.04 11:30:36 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\Thunderbird [2012.08.06 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\TrueCrypt [2012.12.20 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\WhiteSmoke [2012.12.21 11:21:44 | 000,000,000 | ---D | M] -- C:\Users\asmus\AppData\Roaming\WSCC2 ========== Purity Check ========== < End of report > |
04.04.2013, 17:32 | #8 |
/// TB-Ausbilder | snap.do entfernung Okay. Steht snapdo noch in der Liste oder ist es entfernt worden?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
04.04.2013, 21:43 | #9 |
| snap.do entfernung Ist immer noch gelistet. |
04.04.2013, 21:47 | #10 |
/// TB-Ausbilder | snap.do entfernung Okay wir müssen weiter suchen: Scan mit SystemLook
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
05.04.2013, 10:06 | #11 |
| snap.do entfernung Ich habe SystemLook soweit ausgeführt. Leider hat das .txt File zu viele Zeichen, um per Code-Tag gepostet zu werden: Der Text, den Sie eingegeben haben, besteht aus 330399 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen. Als Anhang kann ich es auch nicht posten, da auch das File zu groß ist. Alternativ habe ich mit folgendem Befehl einen Scan ausgeführt: Code:
ATTFilter :filefind *snap* :regfind snap.do Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 11:02 on 05/04/2013 by asmus Administrator - Elevation successful ========== filefind ========== Searching for "*snap*" C:\BaKoMa TeX\TEXMF\TEX\latex\fp\fp-snap.sty --a---- 6519 bytes [13:14 04/07/2012] [13:14 04/07/2012] C1E5D3C6AED32BA782F756D79578D87B C:\BaKoMa TeX\TEXMF\TEX\latex\snapshot\snapshot.sty --a---- 11062 bytes [13:15 04/07/2012] [13:15 04/07/2012] 84DFC8B7333113924ADD001B71D7AB0A C:\BaKoMa TeX\Update\Vestiges\snapshot.bkz.Vestiges --a---- 139 bytes [13:15 04/07/2012] [13:15 04/07/2012] BD084F374E442862A392FBFE627B083A C:\cygwin\bin\rsnapshot --a---- 217378 bytes [10:26 14/11/2012] [22:32 29/09/2009] 01D50F988AFEB17C8C863FAF00963B07 C:\cygwin\bin\rsnapshot-diff --a---- 7433 bytes [10:26 14/11/2012] [22:32 29/09/2009] CE29EDAC2AFEFADCE1534FD0E68A2530 C:\cygwin\etc\rsnapshot.conf ------- 7326 bytes [10:55 14/11/2012] [10:55 14/11/2012] 312BD68C9AED1A86633CF5C84013CF4C C:\cygwin\etc\defaults\etc\rsnapshot.conf --a---- 7326 bytes [10:26 14/11/2012] [22:32 29/09/2009] 312BD68C9AED1A86633CF5C84013CF4C C:\cygwin\etc\postinstall\rsnapshot.sh.done --a---- 380 bytes [10:26 14/11/2012] [22:32 29/09/2009] 19884D6F7B663BA022C48C467AD91DDB C:\cygwin\etc\setup\rsnapshot.lst.gz --a---- 451 bytes [10:26 14/11/2012] [10:26 14/11/2012] AF3E2A06C6FD452613C6E490792F9E98 C:\cygwin\usr\include\kde4\KDE\Phonon\Experimental\SnapshotInterface --a---- 60 bytes [10:20 14/11/2012] [19:03 21/10/2011] F6759D203307F9D3102584FA334F1ED6 C:\cygwin\usr\include\kde4\phonon\experimental\snapshotinterface.h --a---- 1530 bytes [10:20 14/11/2012] [19:03 21/10/2011] 4BE9B4808B9EDD33A1519A4FB61ACE93 C:\cygwin\usr\share\doc\aspell\aspell.html\Upgrading-from-a-Pre_002d0_002e50-snapshot.html --a---- 2961 bytes [10:14 14/11/2012] [12:38 13/11/2011] 8280CD37EBEE0A9F32C6B741136CFDCD C:\cygwin\usr\share\doc\Cygwin\rsnapshot-1.3.1.README --a---- 1770 bytes [10:26 14/11/2012] [22:32 29/09/2009] 4C873E100499B52859D68D2730C22061 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\HOWTOs\rsnapshot-HOWTO.en.html --a---- 62658 bytes [10:26 14/11/2012] [14:55 06/10/2006] C108E99FED248FBAEA44D18503140CFC C:\cygwin\usr\share\doc\rsnapshot-1.3.1\HOWTOs\rsnapshot-Mac-howto --a---- 16377 bytes [10:26 14/11/2012] [13:22 30/05/2007] 32EBE8986A658074A48311FA86FE38FA C:\cygwin\usr\share\doc\rsnapshot-1.3.1\HOWTOs\rsnapshot-windows-howto --a---- 11466 bytes [10:26 14/11/2012] [14:31 01/03/2007] F8A433C4E66B08BD53E74FA4E104884F C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\backup_rsnapshot_cvsroot.sh --a---- 899 bytes [10:26 14/11/2012] [07:37 02/04/2005] A3770371F91720838E300C5B486DDBA5 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\make_cvs_snapshot.sh --a---- 815 bytes [10:26 14/11/2012] [02:30 18/06/2005] A5BC8064ED1E3D21FBB9DC8A13EE6FD9 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnapreport.pl --a---- 4275 bytes [10:26 14/11/2012] [22:32 29/09/2009] A123CFE1ECF21AF1E1D21D62DF6C2C8F C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnapshot-copy --a---- 2403 bytes [10:26 14/11/2012] [06:14 28/06/2008] 9EBD27E857A3BA33D12F6FAEE8FADBB2 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnapshot_if_mounted.sh --a---- 1845 bytes [10:26 14/11/2012] [07:37 02/04/2005] 6E95AFFB8744CEE08F5AFC46B014A471 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnapshot_invert.sh --a---- 992 bytes [10:26 14/11/2012] [16:51 12/04/2007] 85DE9EC4B583D6B606CCFF37FD4A6B96 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnaptar --a---- 2017 bytes [10:26 14/11/2012] [10:26 27/04/2008] 46F33FA9356326A74BC7513C37F2794A C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnapshotdb\rsnapshotDB.conf.sample --a---- 1776 bytes [10:26 14/11/2012] [11:17 31/08/2008] DD19D850271E910F8C899B3F4430AF69 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnapshotdb\rsnapshotDB.pl --a---- 14485 bytes [10:26 14/11/2012] [11:17 31/08/2008] 960050A43AE5F6F9C28D8AEF059C8A93 C:\cygwin\usr\share\doc\rsnapshot-1.3.1\utils\rsnapshotdb\rsnapshotDB.xsd --a---- 2473 bytes [10:26 14/11/2012] [01:25 09/01/2006] DD7E8610F70C005F15388607892BBD42 C:\cygwin\usr\share\man\man1\rsnapshot-diff.1.gz --a---- 3045 bytes [10:26 14/11/2012] [22:32 29/09/2009] 97897CA868039A8973A24797AF02A231 C:\cygwin\usr\share\man\man1\rsnapshot.1.gz --a---- 14011 bytes [10:26 14/11/2012] [22:32 29/09/2009] 4D55F83134A7FCC44E7A84D66E7AF86D C:\cygwin\usr\share\quilt\snapshot --a---- 1648 bytes [15:05 14/11/2012] [05:52 15/09/2012] BF5383DBABA715069D899A2DE311CF3F C:\cygwin\usr\share\texmf-dist\tex\latex\fp\fp-snap.sty --a---- 6519 bytes [10:31 14/11/2012] [18:29 02/07/2012] C1E5D3C6AED32BA782F756D79578D87B C:\cygwin\usr\share\texmf-dist\tex\latex\snapshot\snapshot.sty --a---- 11062 bytes [10:30 14/11/2012] [18:21 02/07/2012] 84DFC8B7333113924ADD001B71D7AB0A C:\cygwin\usr\share\xemacs\xemacs-packages\etc\sounds\bass-snap.au --a---- 2804 bytes [10:31 14/11/2012] [13:32 18/09/2012] 2818EF0B79FF15E7488FED3D4062FA4C C:\cygwin\usr\share\xemacs\xemacs-packages\etc\sounds\bass-snap.wav --a---- 2830 bytes [10:31 14/11/2012] [13:32 18/09/2012] A3BA9CCBAD568DF8FB70BCDE035A7FA1 C:\cygwin\usr\src\debug\cairo-1.12.8-1\src\cairo-surface-snapshot-inline.h --a---- 2433 bytes [10:15 14/11/2012] [09:12 04/05/2012] EB787948DBCBB5BD32D179F098DB1185 C:\cygwin\usr\src\debug\cairo-1.12.8-1\src\cairo-surface-snapshot.c --a---- 9442 bytes [10:15 14/11/2012] [11:38 13/09/2012] 31610AEF759E8AC97ADA3ECA1586F219 C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libcomsnap.a --a---- 5258 bytes [15:04 14/11/2012] [09:44 19/08/2012] 0812828CD93C588B6A519CC12200A858 C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libdfrgsnap.a --a---- 4508 bytes [15:04 14/11/2012] [09:44 19/08/2012] D1AB3077A3D4919288F28B2DD99FE69C C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libiasnap.a --a---- 4486 bytes [15:04 14/11/2012] [09:44 19/08/2012] 81BD5DED5CE416F5A2BA18448B4FBC9D C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libipsmsnap.a --a---- 4508 bytes [15:04 14/11/2012] [09:44 19/08/2012] C0C612E1DFB3C7017A2329057180252B C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libmqsnap.a --a---- 4486 bytes [15:04 14/11/2012] [09:44 19/08/2012] AA117771C15AEF1B0D76568B93D97018 C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libnntpsnap.a --a---- 4508 bytes [15:04 14/11/2012] [09:45 19/08/2012] F66E2C186AE73F946C4D8CE89908B0EB C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libsmtpsnap.a --a---- 4508 bytes [15:04 14/11/2012] [09:45 19/08/2012] 234DE640458976C70395446B8C1F44E0 C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\lib\libsnmpsnap.a --a---- 4508 bytes [15:04 14/11/2012] [09:45 19/08/2012] D50EF13E2F96F4991D6487617DA4DD29 C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Color\SNAP2007.icc --a---- 718992 bytes [20:36 27/02/2012] [20:36 27/02/2012] 8D48C9B10937672A0690B724E0527247 C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Languages\de\Help\draw\CorelDRAW_Snapping_objects.html --a---- 22251 bytes [09:37 05/01/2012] [09:37 05/01/2012] 0C7DD754CEDEF16FD12B8B6D77590E96 C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Languages\de\Help\draw\images\loc_pgx_w_snap_to_button.jpg --a---- 4370 bytes [09:30 05/01/2012] [09:30 05/01/2012] 0E974C189E62103C78D3E703151A1AA5 C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Languages\de\Help\draw\images\workobj_snap_dr.jpg --a---- 45130 bytes [09:37 05/01/2012] [09:37 05/01/2012] 7DBD46ECB76C60FE64C2F7DE6861D5F6 C:\Program Files\MATLAB\R2012a\resources\dastudio\en\snapshot.xml --a---- 1586 bytes [14:00 04/07/2012] [19:34 30/08/2011] 4FC6D7FDD76DF1EED15480ADAB4AF841 C:\Program Files\MATLAB\R2012a\resources\dastudio\ja_JP\snapshot.xml --a---- 1804 bytes [14:01 04/07/2012] [23:35 28/12/2011] 7635F67FB80D83771AED91B9828DC426 C:\Program Files\MATLAB\R2012a\resources\dsp\en\SnapshotSvc.xml --a---- 221 bytes [14:01 04/07/2012] [15:32 05/07/2011] C2218411B8671AFDCFE137C5CCE364A6 C:\Program Files\MATLAB\R2012a\resources\imaq\en\getsnapshot.xml --a---- 410 bytes [14:04 04/07/2012] [18:50 26/12/2010] D84F16EE784DE56CB750162259AC0B9C C:\Program Files\MATLAB\R2012a\resources\MATLAB\en\snaptogrid.xml --a---- 599 bytes [13:58 04/07/2012] [12:42 21/07/2011] C3B0709F7C0EA45EC574F7226B8ECE77 C:\Program Files\MATLAB\R2012a\resources\MATLAB\ja_JP\snaptogrid.xml --a---- 951 bytes [13:59 04/07/2012] [23:55 28/12/2011] E43CB96AAC94A1F7801135FAADBB2A09 C:\Program Files\MATLAB\R2012a\resources\mbc\en\xregsnapsplitlayout.xml --a---- 475 bytes [14:05 04/07/2012] [13:15 01/10/2011] A6BC183B13BA62D7BBB422BF5001F21E C:\Program Files\MATLAB\R2012a\resources\rptgen\en\rh_AbstractFigSnap.xml --a---- 2086 bytes [13:58 04/07/2012] [13:51 10/09/2010] C948F465CF4D9C02D4AAC55D5B43F81A C:\Program Files\MATLAB\R2012a\resources\rptgen\en\rh_chg_ax_snap.xml --a---- 824 bytes [13:58 04/07/2012] [00:07 20/09/2011] 45811C0CF0806982B59905CF1CFB16AF C:\Program Files\MATLAB\R2012a\resources\rptgen\en\rh_chg_fig_snap.xml --a---- 746 bytes [13:58 04/07/2012] [16:10 18/04/2011] 5D34D0AF0C6C982982F7B0FEB756E753 C:\Program Files\MATLAB\R2012a\resources\rptgen\en\RptDialogSnapshot.xml --a---- 895 bytes [13:58 04/07/2012] [19:35 30/08/2011] E6AA318818C8FFF04788D0429ACED412 C:\Program Files\MATLAB\R2012a\resources\rptgen\ja_JP\rh_AbstractFigSnap.xml --a---- 2049 bytes [13:59 04/07/2012] [23:38 28/12/2011] FF00C97DDCE56934F4410814D5ECC53B C:\Program Files\MATLAB\R2012a\resources\rptgen\ja_JP\rh_chg_ax_snap.xml --a---- 918 bytes [13:59 04/07/2012] [23:38 28/12/2011] 6B26C0DC5592B58594C8744CCE0341EA C:\Program Files\MATLAB\R2012a\resources\rptgen\ja_JP\rh_chg_fig_snap.xml --a---- 818 bytes [13:59 04/07/2012] [23:38 28/12/2011] C527A999FBFDA5437D87BDD8C903D2CE C:\Program Files\MATLAB\R2012a\resources\rptgen\ja_JP\RptDialogSnapshot.xml --a---- 1150 bytes [13:59 04/07/2012] [23:39 28/12/2011] 5E787D881D75748640C4CB718EC8E358 C:\Program Files\MATLAB\R2012a\resources\RptgenSL\en\rsf_CDialogSnapshot.xml --a---- 311 bytes [13:58 04/07/2012] [22:27 11/11/2010] B88D3EAF49793149D86C382186AF9BDB C:\Program Files\MATLAB\R2012a\resources\RptgenSL\en\rsf_csf_obj_snap.xml --a---- 3223 bytes [13:58 04/07/2012] [10:47 28/07/2011] 22D426170DB73F0585197053624468EC C:\Program Files\MATLAB\R2012a\resources\RptgenSL\en\rsl_CDialogSnapshot.xml --a---- 531 bytes [13:58 04/07/2012] [22:27 11/11/2010] 052AC29D26847A677CD759FEB7C06396 C:\Program Files\MATLAB\R2012a\resources\RptgenSL\en\rsl_csl_sys_snap.xml --a---- 2444 bytes [13:58 04/07/2012] [10:47 28/07/2011] 00CE2DBC7D9DE8130EB48160D8EB1510 C:\Program Files\MATLAB\R2012a\resources\RptgenSL\ja_JP\rsf_CDialogSnapshot.xml --a---- 423 bytes [13:59 04/07/2012] [23:37 28/12/2011] 8BB49354AFC0009AAC261DA9FF97419F C:\Program Files\MATLAB\R2012a\resources\RptgenSL\ja_JP\rsf_csf_obj_snap.xml --a---- 3831 bytes [13:59 04/07/2012] [23:36 28/12/2011] F7CB51EF650EA7869DC7FA3F5DCBDF9D C:\Program Files\MATLAB\R2012a\resources\RptgenSL\ja_JP\rsl_CDialogSnapshot.xml --a---- 721 bytes [13:59 04/07/2012] [23:36 28/12/2011] 4898E006D5AC72A34081898CE4407D7A C:\Program Files\MATLAB\R2012a\resources\RptgenSL\ja_JP\rsl_csl_sys_snap.xml --a---- 2994 bytes [13:59 04/07/2012] [23:37 28/12/2011] F934A0AA229450F14C0C94B920006AD2 C:\Program Files\MATLAB\R2012a\resources\sigbldr_ui\en\snap_point.xml --a---- 562 bytes [14:00 04/07/2012] [02:28 07/04/2011] 014E09ED16CE8543A4D8BE7053A9E247 C:\Program Files\MATLAB\R2012a\resources\sigbldr_ui\ja_JP\snap_point.xml --a---- 958 bytes [14:01 04/07/2012] [23:36 28/12/2011] 41F8E408DB8EFDEA484A2CA01CA31FEC C:\Program Files\MATLAB\R2012a\toolbox\comm\comm\@channel\@mpanimateaxes\setsnapshotprops.m --a---- 728 bytes [14:02 04/07/2012] [13:20 10/12/2004] 99AD5C0311213837192CD4030BFA888C C:\Program Files\MATLAB\R2012a\toolbox\comm\comm\@channel\@multipathfig\plotsnapshots.m --a---- 2976 bytes [14:02 04/07/2012] [17:14 31/05/2008] E27154185FB52CC22124C3446F2B616D C:\Program Files\MATLAB\R2012a\toolbox\comm\comm\@channel\@multipathfig\refreshsnapshot.m --a---- 942 bytes [14:02 04/07/2012] [13:21 10/12/2004] 16FFC52F49F919A916A14B86D1013E3F C:\Program Files\MATLAB\R2012a\toolbox\compiler\mcr\matlab\scribe\snaptogrid.m --a---- 1874 bytes [14:05 04/07/2012] [02:04 29/12/2011] 5918D79868C5B78E05A6EC9D6CA9C5D3 C:\Program Files\MATLAB\R2012a\toolbox\control\ctrlguis\@controlnodes\@DesignSnapshot\DesignSnapshot.m --a---- 797 bytes [14:03 04/07/2012] [11:46 09/08/2011] 9B2B4EF1AD3694A26EFA5CB1785EEA31 C:\Program Files\MATLAB\R2012a\toolbox\control\ctrlguis\@controlnodes\@DesignSnapshotFolder\DesignSnapshotFolder.m --a---- 677 bytes [14:03 04/07/2012] [11:46 09/08/2011] 4C7C21D16C06A0727787829B58B7C1CB C:\Program Files\MATLAB\R2012a\toolbox\control\ctrlguis\@controlnodes\@DesignSnapshotFolder\storeSnapshot.m --a---- 1674 bytes [14:03 04/07/2012] [11:46 09/08/2011] E2EC2848C1D0F41CFEA9B46095EAFC14 C:\Program Files\MATLAB\R2012a\toolbox\control\ctrlguis\@controlnodes\@SISODesignTask\getSnapshotFolder.m --a---- 253 bytes [14:03 04/07/2012] [11:38 22/12/2005] 1E003B8F9552B33824288074EB00D286 C:\Program Files\MATLAB\R2012a\toolbox\control\ctrlguis\@sisodata\@design\snap.m --a---- 412 bytes [14:03 04/07/2012] [11:40 22/12/2005] F86ECD834FE042A6DFDBEEDFCF2B4BC0 C:\Program Files\MATLAB\R2012a\toolbox\dsp\dsp\private\SnapshotSvc.m --a---- 4178 bytes [14:03 04/07/2012] [15:50 05/07/2011] 987258AE118562B598A1AC55E088E9C4 C:\Program Files\MATLAB\R2012a\toolbox\dsp\dspdemos\html\demoSnapShot.gif --a---- 6676 bytes [14:03 04/07/2012] [18:02 29/08/2010] 0F8280381C8B13761E728638A0B11011 C:\Program Files\MATLAB\R2012a\toolbox\imaq\imaq\@imaqdevice\getsnapshot.m --a---- 2150 bytes [14:04 04/07/2012] [19:13 26/12/2010] 78039E0D1AED1D282DDCD61A694AB853 C:\Program Files\MATLAB\R2012a\toolbox\imaq\imaqdemos\demoimaq_GetSnapshot.m --a---- 3163 bytes [14:04 04/07/2012] [11:21 10/05/2010] E9AD148CA8709C56C8AA2158547E1C97 C:\Program Files\MATLAB\R2012a\toolbox\imaq\imaqdemos\html\demoimaq_GetSnapshot.html --a---- 9258 bytes [14:04 04/07/2012] [11:22 10/05/2010] 916C02E867BFCFE541D601FEDF034B65 C:\Program Files\MATLAB\R2012a\toolbox\imaq\imaqdemos\html\demoimaq_GetSnapshot.png --a---- 8068 bytes [14:04 04/07/2012] [07:44 17/11/2006] C269690E972D95E437E7EA5B43EF9BD5 C:\Program Files\MATLAB\R2012a\toolbox\imaq\imaqdemos\html\demoimaq_GetSnapshot_01.png --a---- 161460 bytes [14:04 04/07/2012] [07:44 17/11/2006] C59F3765D8B311757C943FB68BED8373 C:\Program Files\MATLAB\R2012a\toolbox\imaq\imaqdemos\html\demoimaq_GetSnapshot_02.png --a---- 161127 bytes [14:04 04/07/2012] [07:44 17/11/2006] DA307CBDF3D2877DBD47539A7FF4B637 C:\Program Files\MATLAB\R2012a\toolbox\matlab\codetools\snapnow.m --a---- 10232 bytes [13:59 04/07/2012] [01:47 10/11/2011] C54A1747A9AC1A5D26D582F4D47FF021 C:\Program Files\MATLAB\R2012a\toolbox\matlab\codetools\snapshot.m --a---- 955 bytes [13:59 04/07/2012] [18:49 07/01/2011] 0144BF3B11BDE432602F6E41E2DA85CD C:\Program Files\MATLAB\R2012a\toolbox\matlab\codetools\ja\snapnow.m --a---- 88 bytes [13:59 04/07/2012] [14:56 10/02/2009] C2B5DB58A1B836BF2A5EA9DF2AC5E458 C:\Program Files\MATLAB\R2012a\toolbox\matlab\codetools\ja\snapshot.m --a---- 135 bytes [13:59 04/07/2012] [16:48 04/10/2006] 8AB324A84EB6C88502F2EB26729C6740 C:\Program Files\MATLAB\R2012a\toolbox\matlab\scribe\snaptogrid.m --a---- 8388 bytes [13:58 04/07/2012] [13:40 21/07/2011] 41F06DABBAB7609CC06FBEBD401BE953 C:\Program Files\MATLAB\R2012a\toolbox\matlab\scribe\ja\snaptogrid.m --a---- 1984 bytes [13:59 04/07/2012] [19:16 19/02/2008] BE75E261A85311184C95174A7B6D5A7A C:\Program Files\MATLAB\R2012a\toolbox\mbc\mbcdesign\@conswitch\SnapToGrid.m --a---- 1129 bytes [14:05 04/07/2012] [13:09 24/03/2008] BAD0F5366A8672C1B24BFC7E84E72A5C C:\Program Files\MATLAB\R2012a\toolbox\mbc\mbcdesign\@conswitch\SnapTolerance.m --a---- 1512 bytes [14:05 04/07/2012] [10:25 29/10/2009] 4962F9999834F663BC10318D2B57ABD7 C:\Program Files\MATLAB\R2012a\toolbox\mbc\mbcexpr\@cgmodexpr\snapshot.m --a---- 917 bytes [14:05 04/07/2012] [10:25 29/10/2009] 255DED6BCF3A1B515F0038EE05E6D95E C:\Program Files\MATLAB\R2012a\toolbox\mbc\mbclayouts\@xregsnapsplitlayout\xregsnapsplitlayout.m --a---- 1729 bytes [14:05 04/07/2012] [15:00 17/12/2010] F91E5CE3FB7A9F93AFF76D250E7DBB87 C:\Program Files\MATLAB\R2012a\toolbox\mbc\mbcmodels\@xregmodswitch\SnapToGrid.m --a---- 1371 bytes [14:05 04/07/2012] [10:26 29/10/2009] 78222CBDDBA0C1D46991F526DB7EE9BB C:\Program Files\MATLAB\R2012a\toolbox\mbc\mbcmodels\@xregmodswitch\SnapTolerance.m --a---- 1574 bytes [14:05 04/07/2012] [10:26 29/10/2009] 1B7A27A36F8CDB3E454F0C88DC97AD8A C:\Program Files\MATLAB\R2012a\toolbox\pde\pdesnap.m --a---- 816 bytes [14:06 04/07/2012] [21:12 17/11/2003] 445F6E6E3E827EA7D1773CCD1B592691 C:\Program Files\MATLAB\R2012a\toolbox\pde\ja\pdesnap.m --a---- 296 bytes [14:06 04/07/2012] [11:37 07/03/2005] E0FDDAD762BA0B0389A4D672F6B12BB7 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\clearModelBlocksSnapshot.p --a---- 150 bytes [14:10 04/07/2012] [03:50 29/12/2011] B4C676BE65E4F0F15694AB6692CC50AD C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\clearModelSnapshot.p --a---- 145 bytes [14:10 04/07/2012] [03:50 29/12/2011] 1E85D6971E1AE59EE27EE75348061AD4 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\clearModelTopologySnapshot.p --a---- 116 bytes [14:10 04/07/2012] [03:50 29/12/2011] 629AFF48E867A0A399C8DEEE338771D5 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\compareBlockToSnapshot.p --a---- 337 bytes [14:10 04/07/2012] [03:50 29/12/2011] 85EF36D4D184F02D739FFB8E7BFE7B11 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\createBlockSnapshot.p --a---- 137 bytes [14:10 04/07/2012] [03:50 29/12/2011] B2170BB889D7DCE83DB6E6807990CF1B C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\getBlockSnapshot.p --a---- 125 bytes [14:10 04/07/2012] [03:50 29/12/2011] 21DDAF2763D8B3D48D1A57074BFC85A7 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\getBlocksToSnapshot.p --a---- 195 bytes [14:10 04/07/2012] [03:50 29/12/2011] 2F68E0BAC5A3F271B5899CC0DC693BCD C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\getModelBlockSnapshots.p --a---- 136 bytes [14:10 04/07/2012] [03:50 29/12/2011] 874F8BC04D5112AC0F54E6E33E18FBB0 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\restoreModelFromSnapshot.p --a---- 501 bytes [14:10 04/07/2012] [03:50 29/12/2011] 4D7C0CD678BB2734F0B728CCC2F575B2 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\snapshotBlock.p --a---- 158 bytes [14:10 04/07/2012] [03:50 29/12/2011] 23F67C4FD13AB7287E54E3C96CE2C300 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\storeModelBlocksSnapshot.p --a---- 396 bytes [14:10 04/07/2012] [03:50 29/12/2011] 5FB794ECE0048B8A551AD3A3ABAF1FB2 C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\storeModelSnapshot.p --a---- 202 bytes [14:10 04/07/2012] [03:50 29/12/2011] CDFCB7ECF69AE347324B1E4FDD0E680D C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\storeModelTopologySnapshot.p --a---- 116 bytes [14:10 04/07/2012] [03:50 29/12/2011] 3B74ADD02CF9D2AC10CFF295B04755AC C:\Program Files\MATLAB\R2012a\toolbox\physmod\pm_sli\pm_sli\@PmSli\@RunTimeModule\storeOneSnapshot.p --a---- 165 bytes [14:10 04/07/2012] [03:50 29/12/2011] FA93451CC9EA6B8B6DF3CE6A8F45FEA9 C:\Program Files\MATLAB\R2012a\toolbox\rptgenext\rptgenextdemos\html\sdd_images\sdd_customize_part_iii\scopesnapshot_component.gif --a---- 33421 bytes [14:11 04/07/2012] [00:25 12/11/2010] C804ACFD3709816E0C770CE6973B7F33 C:\Program Files\MATLAB\R2012a\toolbox\shared\controllib\general\resources\Snapshot_16.png --a---- 519 bytes [13:58 04/07/2012] [22:46 27/03/2011] 4B3003D98B91911436F9E1167C2F3A82 C:\Program Files\MATLAB\R2012a\toolbox\shared\controllib\general\resources\Snapshot_24.png --a---- 801 bytes [13:58 04/07/2012] [22:46 27/03/2011] 8147E1BCAE15B2B1C9D85B9268868726 C:\Program Files\MATLAB\R2012a\toolbox\shared\controllib\requirements\@plotconstr\@polygonconstr\snap.m --a---- 1276 bytes [14:03 04/07/2012] [20:32 07/11/2010] 16467D41BF766CE648582ABF040BD62A C:\Program Files\MATLAB\R2012a\toolbox\shared\dastudio\+DAStudio\@Snapshot\Snapshot.m --a---- 19194 bytes [14:00 04/07/2012] [20:50 30/08/2011] 7EB9DB118BE99EB7185E7A03721078F0 C:\Program Files\MATLAB\R2012a\toolbox\shared\dastudio\@RptgenDA\@RptDialogSnapshot\RptDialogSnapshot.p --a---- 144 bytes [14:11 04/07/2012] [02:01 29/12/2011] 70DD2AFB616F80693388811592F98AFA C:\Program Files\MATLAB\R2012a\toolbox\shared\rptgen\@rptgen_hg\@AbstractFigSnap\AbstractFigSnap.p --a---- 176 bytes [13:58 04/07/2012] [01:18 29/12/2011] DFD0A380E8D80574C1FDAD06B9950D6F C:\Program Files\MATLAB\R2012a\toolbox\shared\rptgen\@rptgen_hg\@chg_ax_snap\chg_ax_snap.p --a---- 161 bytes [13:58 04/07/2012] [01:18 29/12/2011] 51B565FA5B3036BD7F3203FFB0B96D76 C:\Program Files\MATLAB\R2012a\toolbox\shared\rptgen\@rptgen_hg\@chg_fig_snap\chg_fig_snap.p --a---- 161 bytes [13:58 04/07/2012] [01:18 29/12/2011] 49F81BD26D28F61B0375D206576B0EC4 C:\Program Files\MATLAB\R2012a\toolbox\shared\sigbldr\private\snap_point.p --a---- 902 bytes [14:00 04/07/2012] [03:26 29/12/2011] 3ADA9B537ACC82A7F5B074250B83333D C:\Program Files\MATLAB\R2012a\toolbox\shared\sigbldr\private\snap_x_vect.p --a---- 250 bytes [14:00 04/07/2012] [03:26 29/12/2011] 22E6281AE2F44F11BD969F7D5271F330 C:\Program Files\MATLAB\R2012a\toolbox\shared\sigbldr\private\snap_y_vect.p --a---- 250 bytes [14:00 04/07/2012] [03:26 29/12/2011] 68998853C2E9414704D4B6BAC4E90646 C:\Program Files\MATLAB\R2012a\toolbox\shared\spcuilib\@scopeextensions\@AbstractSrcSL\setSnapShotMode.m --a---- 2671 bytes [14:00 04/07/2012] [19:18 26/12/2010] 244BF0E9A09120F504DF96744608DA5A C:\Program Files\MATLAB\R2012a\toolbox\shared\spcuilib\@uiscopes\@AbstractBufferingSource\isSnapshotMode.m --a---- 216 bytes [14:00 04/07/2012] [13:39 14/11/2011] CCB83AFC20EDB77C2E9A6C7F430B880C C:\Program Files\MATLAB\R2012a\toolbox\shared\spcuilib\@uiscopes\@AbstractSource\isSnapshotMode.m --a---- 198 bytes [14:00 04/07/2012] [13:39 14/11/2011] 52FAEC6DA44E866290278EAF050707D9 C:\Program Files\MATLAB\R2012a\toolbox\simulink\components\@rptgen_sl\@CDialogSnapshot\CDialogSnapshot.p --a---- 142 bytes [14:00 04/07/2012] [03:48 29/12/2011] 26B839A3BC25ABA8CFA8A5A5D689CA71 C:\Program Files\MATLAB\R2012a\toolbox\simulink\components\@rptgen_sl\@csl_sys_snap\csl_sys_snap.p --a---- 164 bytes [14:00 04/07/2012] [03:48 29/12/2011] 35E5AAFDA68308021B1D71DE00817288 C:\Program Files\MATLAB\R2012a\toolbox\simulink\simdemos\simfeatures\html\sldemo_mdlref_datamngt_snapshot_01.png --a---- 33786 bytes [14:00 04/07/2012] [22:30 28/06/2010] 0500A5E6636E7A631CA46E5120FEAECE C:\Program Files\MATLAB\R2012a\toolbox\simulink\simdemos\simfeatures\html\sldemo_mdlref_datamngt_snapshot_02.png --a---- 13154 bytes [14:00 04/07/2012] [22:30 28/06/2010] 74FFABEA31A0469276D0D23A43988889 C:\Program Files\MATLAB\R2012a\toolbox\simulink\simdemos\simfeatures\html\sldemo_mdlref_datamngt_snapshot_03.png --a---- 19772 bytes [14:00 04/07/2012] [22:30 28/06/2010] F6B8D9251161EDDA888924E0BE6F79F3 C:\Program Files\MATLAB\R2012a\toolbox\simulink\simdemos\simfeatures\html\sldemo_mdlref_datamngt_snapshot_04.png --a---- 25458 bytes [14:00 04/07/2012] [22:30 28/06/2010] 84FECEDE90655496E9D91CF5FD545F0F C:\Program Files\MATLAB\R2012a\toolbox\simulink\simdemos\simfeatures\html\sldemo_mdlref_datamngt_snapshot_05.png --a---- 17676 bytes [14:00 04/07/2012] [22:30 28/06/2010] 663156F8F90B4F7BE84322A4054303FA C:\Program Files\MATLAB\R2012a\toolbox\simulink\simdemos\simfeatures\html\sldemo_mdlref_datamngt_snapshot_06.png --a---- 23005 bytes [14:00 04/07/2012] [22:30 28/06/2010] 32E4AA0607F5A6FA6EC7DB2B23C81845 C:\Program Files\MATLAB\R2012a\toolbox\simulink\simulink\+SLPrint\Snapshot.m --a---- 18958 bytes [14:00 04/07/2012] [01:50 10/11/2011] 00811F7AF89043CE858CA061A2253A28 C:\Program Files\MATLAB\R2012a\toolbox\simulink\simulink\+SLPrint\SnapshotWithFrame.m --a---- 7757 bytes [14:00 04/07/2012] [01:50 10/11/2011] 71B8B076771CA574CC7E5CA67B7102A5 C:\Program Files\MATLAB\R2012a\toolbox\simulink\simulink\+SLPrint\SnapshotWithFrameAndCallouts.m --a---- 7907 bytes [14:00 04/07/2012] [01:50 10/11/2011] 47BB9535FA76AB8B68C0C1C6C8C62289 C:\Program Files\MATLAB\R2012a\toolbox\sl3d\orbisnap\bin\orbisnap.bat --a---- 733 bytes [14:01 04/07/2012] [02:08 31/10/2008] 02689AD4F5E37C41582D62C799A95869 C:\Program Files\MATLAB\R2012a\toolbox\sl3d\orbisnap\bin\win64\orbisnap.exe --a---- 464896 bytes [14:01 04/07/2012] [15:41 29/12/2011] B77088AA7B2EA9CEABF86ABB47BBF497 C:\Program Files\MATLAB\R2012a\toolbox\sl3d\orbisnap\help\orbisnap_connect.gif --a---- 4397 bytes [14:00 04/07/2012] [02:08 31/10/2008] E9C71DA3F3DA6EFAD46D0047F4E65897 C:\Program Files\MATLAB\R2012a\toolbox\sl3d\orbisnap\help\orbisnap_default.gif --a---- 13461 bytes [14:00 04/07/2012] [02:08 31/10/2008] 7EFFD94D6EE48D50A79F408920EE3FE7 C:\Program Files\MATLAB\R2012a\toolbox\sl3d\orbisnap\help\orbisnap_noworld.gif --a---- 6310 bytes [14:00 04/07/2012] [02:08 31/10/2008] 7BA21FE4C65E4EE8CD9C3B84D44A6D7E C:\Program Files\MATLAB\R2012a\toolbox\sl3d\orbisnap\help\orbisnap_worlds.gif --a---- 4837 bytes [14:00 04/07/2012] [02:08 31/10/2008] 21D4EE021D4914E3F18D429365C25CCF C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@ComputeLoopSnapShotEvent\ComputeLoopSnapShotEvent.m --a---- 400 bytes [14:10 04/07/2012] [19:31 19/02/2008] 569B1A300C5804AE0E48545258072C6F C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@ComputeLoopSnapShotEvent\getsnapshotdata.m --a---- 903 bytes [14:10 04/07/2012] [11:20 08/10/2010] 40CBF7B5900EC444F8C4D643D62A8303 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@ComputeTunedLoopSnapShotEvent\ComputeTunedLoopSnapShotEvent.m --a---- 410 bytes [14:10 04/07/2012] [19:31 19/02/2008] 9F71055E8BDFEB64C46C96471A1C073A C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@ComputeTunedLoopSnapShotEvent\getsnapshotdata.m --a---- 988 bytes [14:10 04/07/2012] [11:20 08/10/2010] 04E1CAEA3A2972D2864B55D33CFB1AB1 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@LinearizationSnapShotEvent\getsnapshotdata.m --a---- 3000 bytes [14:10 04/07/2012] [10:13 04/06/2011] 7260E86B27CD7606310A5F648E288F15 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@LinearizationSnapShotEvent\LinearizationSnapShotEvent.m --a---- 508 bytes [14:10 04/07/2012] [21:26 19/05/2010] 5C7C71F388E045E74FC4420F8B9B8DF9 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@OperPointSnapShotEvent\getopsnapshot.m --a---- 1124 bytes [14:10 04/07/2012] [21:20 17/09/2010] 4FE19030986954C52BA7D3F433AF6C06 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@OperPointSnapShotEvent\getsnapshotdata.m --a---- 426 bytes [14:10 04/07/2012] [09:30 13/06/2008] 5F5DEEF50D7276D566C68D3B5AB38723 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@OperPointSnapShotEvent\OperPointSnapShotEvent.m --a---- 394 bytes [14:10 04/07/2012] [19:32 19/02/2008] 711FD7D3FAB33BDE639428090AFE382D C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slcontrol\@LinearizationObjects\@TimeEvent\runsnapshot.m --a---- 3812 bytes [14:10 04/07/2012] [11:18 06/07/2010] F3061B752DC5F1E0947CE3782922EA45 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrldemos\html_extra\scdspeedtrigger\SnapShotDialog.png --a---- 9855 bytes [14:10 04/07/2012] [19:57 25/01/2006] 4542CEA7CB311B2B905F781156CE552C C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\+slctrlguis\+lintool\evalSnapshotVector.m --a---- 882 bytes [14:10 04/07/2012] [11:57 02/05/2011] 9DFD7174E56F5ECD5B462827D9998126 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\+slctrlguis\+lintool\+dialogs\+op\SnapshotTimesGC.m --a---- 2366 bytes [14:10 04/07/2012] [11:57 02/05/2011] 9744575BE52C96971BCD92970689D556 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\+slctrlguis\+lintool\+dialogs\+op\SnapshotTimesTC.m --a---- 1698 bytes [14:10 04/07/2012] [23:00 27/03/2011] 2241527A02395F138F2A340DAD1BC1B4 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\+slctrlguis\+lintool\+tabs\@Snapshot\Snapshot.m --a---- 4330 bytes [14:10 04/07/2012] [19:06 16/09/2011] 835E1901DF98D8D8B101492B0268D813 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\+slctrlguis\+lintool\+tabs\@Snapshot\takeSnapshots.m --a---- 3117 bytes [14:10 04/07/2012] [19:06 16/09/2011] 5CB3AA885503A0D01252D3BF2574E2EC C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\@ControlDesignNodes\@DesignSnapshot\DesignSnapshot.m --a---- 809 bytes [14:10 04/07/2012] [07:21 31/07/2011] 8A0DD2D7E4AD8A8ABA5B2C70AEBBA98F C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\@ControlDesignNodes\@SISODesignConfiguration\createSnapshotObject.m --a---- 2530 bytes [14:10 04/07/2012] [10:37 13/09/2010] A8003E6972DBCFD61BBED0A6D892C32D C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\@ControlDesignNodes\@SISODesignConfiguration\getSnapshotFolder.m --a---- 253 bytes [14:10 04/07/2012] [13:08 22/12/2005] F2D58048171BDF7F6A1A1238EA77853F C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\@jDialogs\@SnapShotSelectDialog\getSelectedSnapshot.m --a---- 444 bytes [14:10 04/07/2012] [02:21 23/05/2009] 50EC485CAA8636FA3F6681E0478C0687 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlguis\@jDialogs\@SnapShotSelectDialog\SnapShotSelectDialog.m --a---- 5741 bytes [14:10 04/07/2012] [07:24 31/07/2011] 2F0200B80C7C6C96A6EEEFBC836DDEC4 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlobsolete\@GenericLinearizationNodes\evalSnapshotVector.m --a---- 626 bytes [14:10 04/07/2012] [07:24 31/07/2011] 70559C43D7E8FF88539C7460D7DF8E1E C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlobsolete\@GenericLinearizationNodes\@AbstractLinearizationSettings\snapshot_linearize.m --a---- 756 bytes [14:10 04/07/2012] [07:25 31/07/2011] CF70384133F4E919B99F3477CB743026 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlobsolete\@OperatingConditions\@ControlDesignOperPointSnapshotPanel\ControlDesignOperPointSnapshotPanel.m --a---- 1021 bytes [14:10 04/07/2012] [07:26 31/07/2011] F49A7731C1CE069725A5DECA98A2EA5F C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlobsolete\@OperatingConditions\@LinearizationOperPointSnapshotPanel\LinearizationOperPointSnapshotPanel.m --a---- 950 bytes [14:10 04/07/2012] [07:27 31/07/2011] C0045C32F77584DBEBEF0558F6776DC5 C:\Program Files\MATLAB\R2012a\toolbox\slcontrol\slctrlutil\opcondsnapshot.m --a---- 909 bytes [14:10 04/07/2012] [02:55 20/06/2008] E3FFAB13F1B40717A4CC8E89A1F8E927 C:\Program Files\MATLAB\R2012a\toolbox\stateflow\stateflow\@rptgen_sf\@CDialogSnapshot\CDialogSnapshot.p --a---- 142 bytes [14:00 04/07/2012] [03:45 29/12/2011] 834A73C256AB0BB7908BAF97EAFE64B4 C:\Program Files\MATLAB\R2012a\toolbox\stateflow\stateflow\@rptgen_sf\@csf_obj_snap\csf_obj_snap.p --a---- 161 bytes [14:00 04/07/2012] [03:45 29/12/2011] F1D23F6505C699688BC03C4B84038D3F C:\Program Files\MATLAB\R2012a\toolbox\stateflow\stateflow\@rptgen_sf\@csf_obj_snap\takeSnapshot.p --a---- 5142 bytes [14:00 04/07/2012] [03:45 29/12/2011] 9833FF82A172327A7C2F09EC3F3D9F08 C:\Program Files\Microsoft SQL Server\100\COM\snapshot.exe --a---- 13160 bytes [19:06 22/09/2011] [19:06 22/09/2011] 38847F8C87D1855373D799B85302FCF6 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshot.js --a---- 58731 bytes [20:33 27/08/2012] [20:33 27/08/2012] E2984C99DD04CD1DA5EB1E3D75ADBAB7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotDataGrids.js --a---- 18960 bytes [20:33 27/08/2012] [20:33 27/08/2012] 8F86BDE32CC0F1C157EF48F5FB7C15AA C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotGridNodes.js --a---- 32332 bytes [20:33 27/08/2012] [20:33 27/08/2012] 464543AEE42EF4623532263A1B514702 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js --a---- 8827 bytes [20:33 27/08/2012] [20:33 27/08/2012] 3F66913744A44FCAFE83C9F12A494777 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotProxy.js --a---- 15233 bytes [20:33 27/08/2012] [20:33 27/08/2012] FEB78B6289CEA90D51A957DC7FF86B30 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotView.js --a---- 30069 bytes [20:33 27/08/2012] [20:33 27/08/2012] 4928487A9128197E67E2A95EE46B66DA C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotWorker.js --a---- 2030 bytes [20:33 27/08/2012] [20:33 27/08/2012] BD8EB1C3CB014AF07519F6584A7E0E73 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotWorkerDispatcher.js --a---- 3740 bytes [20:33 27/08/2012] [20:33 27/08/2012] A4ED32A1182C69FB057FB601FFB1724D C:\Program Files (x86)\HiSuite\skin\default\images\icon_snap_normal.png --a---- 3121 bytes [03:16 29/05/2012] [03:16 29/05/2012] 41275AA32B1BDC89BDE28B4693C11AA5 C:\Program Files (x86)\HiSuite\skin\default\images\icon_snap_press.png --a---- 3114 bytes [03:16 29/05/2012] [03:16 29/05/2012] 89C07156D6B43F5D316BDD96C4B36B0F C:\Program Files (x86)\HiSuite\skin\default\images\screenshot_snap.png --a---- 867 bytes [03:16 29/05/2012] [03:16 29/05/2012] D0C3521C1A94561EA62B69D3C2BBEFCD C:\Program Files (x86)\HiSuite\skin\default\images\snap_bg.png --a---- 4268 bytes [03:16 29/05/2012] [03:16 29/05/2012] C56568D459387353A564BB800FD3108E C:\Program Files (x86)\HiSuite\skin\default_right\images\icon_snap_normal.png --a---- 3121 bytes [03:15 29/05/2012] [03:15 29/05/2012] 41275AA32B1BDC89BDE28B4693C11AA5 C:\Program Files (x86)\HiSuite\skin\default_right\images\icon_snap_press.png --a---- 3114 bytes [03:15 29/05/2012] [03:15 29/05/2012] 89C07156D6B43F5D316BDD96C4B36B0F C:\Program Files (x86)\HiSuite\skin\default_right\images\screenshot_snap.png --a---- 867 bytes [03:15 29/05/2012] [03:15 29/05/2012] D0C3521C1A94561EA62B69D3C2BBEFCD C:\Program Files (x86)\HiSuite\skin\default_right\images\snap_bg.png --a---- 4268 bytes [03:15 29/05/2012] [03:15 29/05/2012] C56568D459387353A564BB800FD3108E C:\Program Files (x86)\MediaMonkey\Plugins\MilkDrop\Rovastar - Snapshot Of Space.milk --a---- 2211 bytes [10:35 11/12/2012] [18:03 23/12/2011] 0C95D77F9943B22D2491930004400B69 C:\Program Files (x86)\Microsoft SQL Server\100\COM\snapshot.exe --a---- 13160 bytes [15:17 22/09/2011] [15:17 22/09/2011] 0D0FC460E2034AD150D286F87E821B48 C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\Microsoft.SqlServer.Management.PSSnapins.dll --a---- 62488 bytes [00:42 21/07/2009] [00:42 21/07/2009] BA537C25B87090915D903B08E8996729 C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\Microsoft.SqlServer.Management.PSSnapins.InstallLog --a---- 1162 bytes [08:43 05/07/2012] [08:43 05/07/2012] D30F96A3DE345775F20ACDF1666F0F9C C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\Microsoft.SqlServer.Management.PSSnapins.InstallState --a---- 2597 bytes [08:43 05/07/2012] [08:43 05/07/2012] 8340E57C6861AA09B7AC38E04EE8E33D C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\de\Microsoft.SqlServer.Management.PSSnapins.dll-Help.xml --a---- 68525 bytes [00:42 21/07/2009] [00:42 21/07/2009] E29E1FE3B4EA3F4DB4294659164BE08C C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\de\Microsoft.SqlServer.Management.PSSnapins.Resources.dll --a---- 14872 bytes [00:42 21/07/2009] [00:42 21/07/2009] A05A049A3EE3DF9CBA524B720774591C C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\atlsnap.h --a---- 45594 bytes [21:43 04/11/2009] [21:43 04/11/2009] DBA2DBD8889E66AC9CC5944DDD3065BF C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SDSNAPSX.dll --a---- 283272 bytes [15:08 26/02/2005] [15:08 26/02/2005] F9193BC739316AF46905DC4E726A2D9C C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SystemSnapshotRules.bin --a---- 7664 bytes [13:27 14/12/2004] [13:27 14/12/2004] B93B2A0D4B0FC4B441613B6DA2B20878 C:\ProgramData\Lexware\taxman\2012\Daten\00000001\DataSnapshotEst2010.xml --a---- 645 bytes [11:55 02/08/2012] [07:08 24/10/2012] 3546ECFFD21035F5DD9AFB66496FF3DF C:\ProgramData\Lexware\taxman\2012\Daten\00000001\DataSnapshotEst2011.xml --a---- 15857 bytes [08:31 02/08/2012] [15:41 29/03/2013] A038883EF377E135E8065DED6F832497 C:\ProgramData\Lexware\taxman\2012\Daten\00000002\DataSnapshotEst2011.xml --a---- 15833 bytes [08:31 02/08/2012] [04:51 01/08/2012] 3EB26AA07F98868E5F261CB79D02C022 C:\ProgramData\Lexware\taxman\2013\Daten\00000001\DataSnapshotEst2011.xml --a---- 15857 bytes [17:23 29/03/2013] [15:41 29/03/2013] A038883EF377E135E8065DED6F832497 C:\ProgramData\Lexware\taxman\2013\Daten\00000001\DataSnapshotEst2012.xml --a---- 15833 bytes [17:23 29/03/2013] [12:22 04/04/2013] B2E432B6BD2D679EDB72145BFFE77CA4 C:\System Volume Information\SPP\OnlineMetadataCache\{90c7882a-9c3b-44e2-9580-c93466186841}_OnDiskSnapshotProp --ahs-- 29360 bytes [12:24 04/04/2013] [12:24 04/04/2013] D52D70686803EE713C2E39A9C291CB08 C:\Users\All Users\Lexware\taxman\2012\Daten\00000001\DataSnapshotEst2010.xml --a---- 645 bytes [11:55 02/08/2012] [07:08 24/10/2012] 3546ECFFD21035F5DD9AFB66496FF3DF C:\Users\All Users\Lexware\taxman\2012\Daten\00000001\DataSnapshotEst2011.xml --a---- 15857 bytes [08:31 02/08/2012] [15:41 29/03/2013] A038883EF377E135E8065DED6F832497 C:\Users\All Users\Lexware\taxman\2012\Daten\00000002\DataSnapshotEst2011.xml --a---- 15833 bytes [08:31 02/08/2012] [04:51 01/08/2012] 3EB26AA07F98868E5F261CB79D02C022 C:\Users\All Users\Lexware\taxman\2013\Daten\00000001\DataSnapshotEst2011.xml --a---- 15857 bytes [17:23 29/03/2013] [15:41 29/03/2013] A038883EF377E135E8065DED6F832497 C:\Users\All Users\Lexware\taxman\2013\Daten\00000001\DataSnapshotEst2012.xml --a---- 15833 bytes [17:23 29/03/2013] [12:22 04/04/2013] B2E432B6BD2D679EDB72145BFFE77CA4 C:\Users\asmus\AppData\Roaming\TorrentStream\player\lua\http\images\snapshot.png --a---- 270 bytes [11:59 04/09/2012] [11:59 04/09/2012] 19AE23A5ABA4313773C1246FBB2D8C4F C:\Users\asmus\Desktop\Neuer Ordner\snap.txt --a---- 5782 bytes [11:48 03/04/2013] [11:48 03/04/2013] A5B87C3B2E2A2F3091EFDCB1ABF1B557 C:\Windows\assembly\GAC_MSIL\napsnap\6.1.0.0__31bf3856ad364e35\NAPSNAP.DLL --a---- 454656 bytes [22:02 13/07/2009] [01:50 14/07/2009] 6F6170493DADDBAE1AFF0A2E2FABAE34 C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_de_31bf3856ad364e35\napsnap.resources.dll --a---- 233472 bytes [17:58 14/07/2009] [17:58 14/07/2009] 70B23611E66B736D66DDAB1E793E45D2 C:\Windows\assembly\GAC_MSIL\SecurityAuditPoliciesSnapIn\6.1.0.0__31bf3856ad364e35\SecurityAuditPoliciesSnapIn.dll --a---- 167936 bytes [08:15 03/07/2012] [13:44 20/11/2010] 855B4DFFC8F42403FBE247B9D7A85714 C:\Windows\assembly\GAC_MSIL\SecurityAuditPoliciesSnapIn.resources\6.1.0.0_de_31bf3856ad364e35\SecurityAuditPoliciesSnapIn.resources.dll --a---- 13312 bytes [17:58 14/07/2009] [17:58 14/07/2009] 507C955B8FEAF8F5E07F7B750CD6F7D0 C:\Windows\assembly\GAC_MSIL\SrpUxSnapIn\6.1.0.0__31bf3856ad364e35\SrpUxSnapIn.dll --a---- 1048576 bytes [08:15 03/07/2012] [13:44 20/11/2010] 8199754E88A0F37965D468C8E280ACF6 C:\Windows\assembly\GAC_MSIL\SrpUxSnapIn.resources\6.1.0.0_de_31bf3856ad364e35\SrpUxSnapIn.resources.dll --a---- 200704 bytes [08:14 03/07/2012] [13:16 20/11/2010] 60453D0F9EE3A7B5C5E40C535A7206E3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3538199f2cfd274e27b9b82692b50412\Microsoft.SqlServer.Management.PSSnapins.ni.dll --a---- 100352 bytes [10:44 10/01/2013] [10:44 10/01/2013] E1283CA618C9F6A4C53FAD096BE54DA3 C:\Windows\assembly\NativeImages_v2.0.50727_32\napsnap\355cfac65880d92d2a478a83ea6bc005\napsnap.ni.dll --a---- 723456 bytes [08:24 14/02/2013] [08:24 14/02/2013] 25FDD33494D5A4C63B9379BC8DED49A7 C:\Windows\assembly\NativeImages_v2.0.50727_32\SecurityAuditPolici#\21accb85e3722c02c847a507c119a262\SecurityAuditPoliciesSnapIn.ni.dll --a---- 294912 bytes [08:24 14/02/2013] [08:24 14/02/2013] EB123C21B04A805DBD498E8F2010B743 C:\Windows\assembly\NativeImages_v2.0.50727_32\SrpUxSnapIn\00603659f5731c786eb5acf4979d7c5f\SrpUxSnapIn.ni.dll --a---- 1351168 bytes [08:24 14/02/2013] [08:24 14/02/2013] E1FFA1D7BDF800D22EEB2A32B53FB199 C:\Windows\assembly\NativeImages_v2.0.50727_64\napsnap\92c2f7e04e7a5a4db713a4beb3fbf72e\napsnap.ni.dll --a---- 855040 bytes [08:49 14/02/2013] [08:49 14/02/2013] A7E11E3297EC270655A244193C2FA0B7 C:\Windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\bdc56f1796482c518949500ee5aff536\SecurityAuditPoliciesSnapIn.ni.dll --a---- 376832 bytes [08:49 14/02/2013] [08:49 14/02/2013] 213EFE90C5AB93E45A1E80DC9134754E C:\Windows\assembly\NativeImages_v2.0.50727_64\SrpUxSnapIn\da6164d89d9757f4db454fba80211340\SrpUxSnapIn.ni.dll --a---- 1530368 bytes [08:49 14/02/2013] [08:49 14/02/2013] 8EFBDE51E82AC130484F0D661D0A3357 C:\Windows\diagnostics\system\AERO\CL_RegSnapin.ps1 --a---- 848 bytes [23:31 13/07/2009] [20:48 10/06/2009] 4B653C3126F5E3AE7C75BBCFCCFABFE3 C:\Windows\diagnostics\system\AERO\MonitorSnapIn.dll --a---- 12288 bytes [21:14 13/07/2009] [01:26 14/07/2009] 76AA5497F0206480342DB85731FD6439 C:\Windows\diagnostics\system\Audio\AudioDiagnosticSnapIn.dll --a---- 28672 bytes [21:14 13/07/2009] [01:26 14/07/2009] B4DA01738538E1E8DE889A1D5F2DB08E C:\Windows\diagnostics\system\Audio\CL_RegSnapin.ps1 --a---- 848 bytes [23:31 13/07/2009] [20:48 10/06/2009] 4B653C3126F5E3AE7C75BBCFCCFABFE3 C:\Windows\Fonts\SNAP____.TTF --a---- 63196 bytes [07:56 15/10/1999] [07:56 15/10/1999] 96ECDC49467AA24E191B8EFE15A6701E C:\Windows\inf\volsnap.inf --a---- 1686 bytes [05:31 14/07/2009] [05:31 14/07/2009] 593691C1DC069091778C2FD849031976 C:\Windows\inf\volsnap.PNF --a---- 5184 bytes [04:50 14/07/2009] [14:55 02/07/2012] A8C7AE2A0796745269366319840D385D C:\Windows\Installer\$PatchCache$\Managed\668AB8CC7A617664ABC04C491A7E2BFB\10.0.1600\REPL_snapshot_exe_32 -ra---- 16408 bytes [00:42 21/07/2009] [00:42 21/07/2009] ACA648C1143CF8615250272D6002DD6E C:\Windows\Installer\$PatchCache$\Managed\668AB8CC7A617664ABC04C491A7E2BFB\10.0.1600\REPL_snapshot_exe_64 -ra---- 16408 bytes [00:42 21/07/2009] [00:42 21/07/2009] 869CD9472E1B0CAD0DC1F017BE59A53C C:\Windows\PolicyDefinitions\MMCSnapins.admx --a---- 56928 bytes [21:44 13/07/2009] [20:42 10/06/2009] 263179895B280A7B97F57AEC4D86E045 C:\Windows\PolicyDefinitions\de-DE\MMCSnapins.adml --a---- 10860 bytes [17:58 14/07/2009] [17:58 14/07/2009] E5FF26607A6E322BB3903937E724D9C2 C:\Windows\System32\AuditNativeSnapIn.dll --a---- 220672 bytes [23:50 13/07/2009] [01:40 14/07/2009] 0F967EB19837CAA0E9678E9983B0B9B4 C:\Windows\System32\AuthFWSnapin.dll --a---- 5066752 bytes [08:16 03/07/2012] [13:39 20/11/2010] 1BC6D282FF30D768515EAE0431F91552 C:\Windows\System32\comsnap.dll --a---- 303616 bytes [23:59 13/07/2009] [01:40 14/07/2009] 7D4D9E3F5FE917D7FB975804107AD3EF C:\Windows\System32\eqossnap.dll --a---- 75264 bytes [00:09 14/07/2009] [01:40 14/07/2009] FCDFDBFCB5F6810B431AF0E2E7BDF606 C:\Windows\System32\iasnap.dll --a---- 226304 bytes [00:09 14/07/2009] [01:41 14/07/2009] 8426E4F80F91E698ABE65A5945EC317E C:\Windows\System32\ipsmsnap.dll --a---- 584192 bytes [08:15 03/07/2012] [13:26 20/11/2010] ED3AF52CE4FFBE152BD27D0B6CE676F5 C:\Windows\System32\napdsnap.dll --a---- 72192 bytes [08:14 03/07/2012] [13:27 20/11/2010] 85CD6797A4EDE1E3E0378DCBDF227CF0 C:\Windows\System32\pmcsnap.dll --a---- 748032 bytes [00:41 14/07/2009] [01:41 14/07/2009] 279AC1AD3CBD3980D5517924A7CBFCE2 C:\Windows\System32\ppcsnap.dll --a---- 258048 bytes [00:40 14/07/2009] [01:41 14/07/2009] 355C1095C87EA11548F542421CDCEB74 C:\Windows\System32\SrpUxNativeSnapIn.dll --a---- 312320 bytes [23:53 13/07/2009] [01:41 14/07/2009] 128EAE79E2A4D75E1425BD991ECC997E C:\Windows\System32\de\AuthFWSnapIn.Resources.dll --a---- 1613824 bytes [17:58 14/07/2009] [17:58 14/07/2009] 63A048D5767C6CAF7E56C8F2EA7E465C C:\Windows\System32\de-DE\AuditNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] 47DD0240711A71995A904A71EBA96D3F C:\Windows\System32\de-DE\eqossnap.dll.mui --a---- 17920 bytes [17:58 14/07/2009] [17:58 14/07/2009] DDFED213B30F4C21DBAE985AD614CCB2 C:\Windows\System32\de-DE\IpsmSnap.dll.mui --a---- 55808 bytes [17:58 14/07/2009] [17:58 14/07/2009] CED684481720EB2B757DF6280A45C4C6 C:\Windows\System32\de-DE\napdsnap.dll.mui --a---- 4096 bytes [08:14 03/07/2012] [12:56 20/11/2010] C0FA139245E6B1EA94B49A118CAC0FF0 C:\Windows\System32\de-DE\pmcsnap.dll.mui --a---- 57344 bytes [17:58 14/07/2009] [17:58 14/07/2009] 74C9AB789AB3B524C8B98A3880644076 C:\Windows\System32\de-DE\ppcsnap.dll.mui --a---- 11264 bytes [17:58 14/07/2009] [17:58 14/07/2009] FA3EFC57D525F7D152FECE659AEBA91D C:\Windows\System32\de-DE\SrpUxNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] EEC1048F967D00E5EB1B5C87750F3989 C:\Windows\System32\drivers\volsnap.sys --a---- 295808 bytes [08:15 03/07/2012] [13:34 20/11/2010] 0D08D2F3B3FF84E433346669B5E0F639 C:\Windows\System32\drivers\de-DE\volsnap.sys.mui --a---- 28672 bytes [17:58 14/07/2009] [17:58 14/07/2009] 218322D6552BA0CD55D45F31463A1A0B C:\Windows\System32\DriverStore\de-DE\volsnap.inf_loc --a---- 202 bytes [17:58 14/07/2009] [17:58 14/07/2009] 3925B0A5C0E09DBBD88A8AC64005875A C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.inf --a---- 1686 bytes [20:17 13/07/2009] [20:17 13/07/2009] 593691C1DC069091778C2FD849031976 C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF --a---- 5184 bytes [05:31 14/07/2009] [14:55 02/07/2012] 2FD708548FAA626AA66F4C1A518D9200 C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys --a---- 295808 bytes [08:15 03/07/2012] [13:34 20/11/2010] 0D08D2F3B3FF84E433346669B5E0F639 C:\Windows\System32\migwiz\dlmanifests\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1454 bytes [20:30 13/07/2009] [20:39 10/06/2009] BC18582D8C7CCB4D60E1FFF11ED880C1 C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1544 bytes [20:49 13/07/2009] [20:43 10/06/2009] 87CB550E0470307EAE1C77D2CB03FD4B C:\Windows\System32\migwiz\replacementmanifests\TerminalServices-Manager-SnapIn-Replacement.man --a---- 1136 bytes [20:45 13/07/2009] [20:37 10/06/2009] 9C1D9345E9F3D2478F90642F0ED0D264 C:\Windows\System32\migwiz\replacementmanifests\TerminalServices-SBMgr-SnapIn-non_msil-Replacement.man --a---- 786 bytes [20:45 13/07/2009] [20:37 10/06/2009] F128096CE3C9576FD6FDA03A7BB00B6A C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{1874883b-1e12-43a3-8b4a-6cf222770f6c}\snapshot.etl --a---- 2097152 bytes [11:26 28/03/2013] [09:42 23/03/2013] 7B336CBA756A9C524C04EBAD7259C003 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{211cdfb0-695a-4820-a460-ea9223269a70}\snapshot.etl --a---- 2097152 bytes [15:07 26/03/2013] [09:42 23/03/2013] 1A9EA4577A73B076907C792ADFE326AB C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{28aebe80-c865-4334-90b1-171d7901d348}\snapshot.etl --a---- 2097152 bytes [08:19 04/04/2013] [11:53 03/04/2013] F5D2473AD473150B1923F8EBC129E137 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{295ec78f-7dc7-4217-9b3a-449923afa8c9}\snapshot.etl --a---- 2097152 bytes [07:55 27/03/2013] [09:42 23/03/2013] F8E391A289296E34B877ACD0A3992BDE C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{2a758a43-d126-411f-b576-e0c626bc9194}\snapshot.etl --a---- 1851392 bytes [07:16 05/04/2013] [13:17 04/04/2013] A17922B3F46788E85BF0E854D0DAE56B C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{46ef77f7-2d74-4739-b60b-16db43805663}\snapshot.etl --a---- 2097152 bytes [07:10 02/04/2013] [18:47 28/03/2013] 1EBDAD6F81DD4D071A2F7EF797EB664C C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{4f820bc3-1b73-4028-a41a-a3ea95ed08e7}\snapshot.etl --a---- 1818624 bytes [07:48 04/04/2013] [11:53 03/04/2013] 0A0C302AE5CAB5C12F12058B2B75247F C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{55c6e9fb-86fc-46c3-a1bb-c0f4fe626acf}\snapshot.etl --a---- 2097152 bytes [12:46 27/03/2013] [09:42 23/03/2013] 9C12C8A6D753DE9061D842EA965D6CFC C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{6005412e-5384-4f20-9ed3-c4151e83d2f3}\snapshot.etl --a---- 2097152 bytes [07:12 03/04/2013] [18:47 28/03/2013] B2D1236C286A3C0704224FE4105ECA49 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{739a4db3-b199-49be-8cbb-ee5acf638ae3}\snapshot.etl --a---- 2097152 bytes [17:22 02/04/2013] [18:47 28/03/2013] 46539AD231B61A97B526C724978FAAC7 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{7d22f5eb-596e-4f42-8b10-c9fc4d9b5420}\snapshot.etl --a---- 2097152 bytes [18:29 26/03/2013] [09:42 23/03/2013] 73181AE57A378EB4E50C88FB66191987 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{8399596e-b453-4100-b5bb-bee56282f7bb}\snapshot.etl --a---- 2097152 bytes [12:15 04/04/2013] [11:53 03/04/2013] FAB918E376512622003DD11F0D054879 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{858269d4-fd27-44ed-b1e8-cd6293c8ba8a}\snapshot.etl --a---- 1048576 bytes [15:51 04/04/2013] [13:17 04/04/2013] EBD70EEB99664C557F3698152E7B1282 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{9d87097c-ff85-4cde-a767-b920df9060f1}\snapshot.etl --a---- 2097152 bytes [13:40 28/03/2013] [09:42 23/03/2013] 1043047A22D39338BE2320DDDCC829B4 C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{a897b1c9-7eb3-42ec-b3f3-e5cb15a3a122}\snapshot.etl --a---- 2097152 bytes [07:56 27/03/2013] [09:42 23/03/2013] D926A6138290883F71A3757216B50CAC C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{a9ce432f-dc1f-4f29-9575-6b04e962dfaf}\snapshot.etl --a---- 1081344 bytes [07:11 04/04/2013] [11:53 03/04/2013] FDBE69D5615B1588DB66DEFF7EB1B104 C:\Windows\System32\wdi\{67144949-5132-4859-8036-a737b43825d8}\{7f9c8e2f-9b95-49ce-8782-5861a03be380}\snapshot.etl --a---- 262144 bytes [18:50 28/03/2013] [18:47 28/03/2013] CE528D3421EEB694D271D14AC0641BFC C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3b9435ef-df02-4a61-9d0b-473530d7ffc9}\snapshot.etl --a---- 327680 bytes [13:20 04/04/2013] [13:17 04/04/2013] CE22E4F3D8C517CAE90E08F3BD8DF77B C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3f7c4dd3-9a61-4496-9843-8ac2ec2067ce}\snapshot.etl --a---- 344064 bytes [07:26 03/04/2013] [07:22 03/04/2013] 8A0A9EE336B514F29C1393C5974A17C2 C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{826cd298-56d8-468b-ac47-ee9376cf4709}\snapshot.etl --a---- 344064 bytes [11:57 03/04/2013] [11:53 03/04/2013] 81304EE6F6AC26437D078F04A6594A87 C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c9ac00d3-1d43-475e-86a7-d7c908c4f332}\snapshot.etl --a---- 344064 bytes [18:54 28/03/2013] [18:47 28/03/2013] DD1F6471AB0159EF82345F7A9EE90FE3 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{12bf13a5-54f6-4c64-bc19-77daf68e379e}\snapshot.etl --a---- 2097152 bytes [18:29 26/03/2013] [09:42 23/03/2013] 73181AE57A378EB4E50C88FB66191987 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{12d5d0cb-357e-4c98-95a2-f314a6297e3b}\snapshot.etl --a---- 2097152 bytes [12:15 04/04/2013] [11:53 03/04/2013] FAB918E376512622003DD11F0D054879 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{2b29cf56-4f94-432b-b309-bfe6d42f1850}\snapshot.etl --a---- 1048576 bytes [15:51 04/04/2013] [13:17 04/04/2013] EBD70EEB99664C557F3698152E7B1282 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{3e7a176e-3d24-4a2a-8f13-9f4f0cb3164e}\snapshot.etl --a---- 2097152 bytes [07:56 27/03/2013] [09:42 23/03/2013] D926A6138290883F71A3757216B50CAC C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{43283a23-a2f3-4166-912e-1c4748631490}\snapshot.etl --a---- 2097152 bytes [08:19 04/04/2013] [11:53 03/04/2013] F5D2473AD473150B1923F8EBC129E137 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{4a1d0ee7-928c-4d69-ae9b-05163c331d49}\snapshot.etl --a---- 2097152 bytes [13:40 28/03/2013] [09:42 23/03/2013] 1043047A22D39338BE2320DDDCC829B4 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{4c25c551-a536-4580-958d-1f72dcf21597}\snapshot.etl --a---- 2097152 bytes [07:10 02/04/2013] [18:47 28/03/2013] 1EBDAD6F81DD4D071A2F7EF797EB664C C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{6632d72e-d587-41ce-8417-d519231e1915}\snapshot.etl --a---- 2097152 bytes [12:46 27/03/2013] [09:42 23/03/2013] 9C12C8A6D753DE9061D842EA965D6CFC C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{6df7130e-c9ed-4fd6-903a-c3cd40b60991}\snapshot.etl --a---- 2097152 bytes [11:26 28/03/2013] [09:42 23/03/2013] 7B336CBA756A9C524C04EBAD7259C003 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{6f19fa59-c657-436d-b62c-2536324887b2}\snapshot.etl --a---- 1851392 bytes [07:16 05/04/2013] [13:17 04/04/2013] A17922B3F46788E85BF0E854D0DAE56B C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{7f011ce1-2973-45cb-8246-39ba9d79cef2}\snapshot.etl --a---- 1081344 bytes [07:11 04/04/2013] [11:53 03/04/2013] FDBE69D5615B1588DB66DEFF7EB1B104 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{87db20de-9180-4a54-a24d-dd70b0e89177}\snapshot.etl --a---- 1818624 bytes [07:48 04/04/2013] [11:53 03/04/2013] 0A0C302AE5CAB5C12F12058B2B75247F C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{92fcf655-ba17-4d15-a51c-3e53feef980f}\snapshot.etl --a---- 2097152 bytes [17:22 02/04/2013] [18:47 28/03/2013] 3711D897FF972AEF9F41106FFD1A1DB2 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{b2970514-628e-4f61-9e97-5e18985672b0}\snapshot.etl --a---- 2097152 bytes [15:07 26/03/2013] [09:42 23/03/2013] 1A9EA4577A73B076907C792ADFE326AB C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ebb4292c-f568-4198-b8b3-17d58920a5f6}\snapshot.etl --a---- 2097152 bytes [07:12 03/04/2013] [18:47 28/03/2013] 8DBF94FEAD9BA1AD5C5CC50DF73229A8 C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{f1e70261-4ef3-4191-af38-96fab92fa55e}\snapshot.etl --a---- 2097152 bytes [07:55 27/03/2013] [09:42 23/03/2013] F8E391A289296E34B877ACD0A3992BDE C:\Windows\SysWOW64\AuditNativeSnapIn.dll --a---- 217088 bytes [23:34 13/07/2009] [01:14 14/07/2009] DDFE42E15C119157A794447D84B62C2F C:\Windows\SysWOW64\AuthFWSnapin.dll --a---- 5066752 bytes [08:16 03/07/2012] [12:32 20/11/2010] 13A1F9A72F81509658F3E0B6AC2AD994 C:\Windows\SysWOW64\comsnap.dll --a---- 220160 bytes [23:44 13/07/2009] [01:15 14/07/2009] 8A5E80D2550938DE2B66346B9E24CEB7 C:\Windows\SysWOW64\eqossnap.dll --a---- 66048 bytes [23:54 13/07/2009] [01:15 14/07/2009] 77ABA9399978025CD733DAB538BCAA76 C:\Windows\SysWOW64\iasnap.dll --a---- 157696 bytes [23:53 13/07/2009] [01:15 14/07/2009] 685EB50ED22DE5BF8BDAFA991669AC06 C:\Windows\SysWOW64\ipsmsnap.dll --a---- 400896 bytes [08:15 03/07/2012] [12:19 20/11/2010] B1603F0A972B94927B8EF5F04DF11855 C:\Windows\SysWOW64\napdsnap.dll --a---- 68096 bytes [08:14 03/07/2012] [12:20 20/11/2010] 9E122E5CD1BB79CF8F0BCEAC947B81C0 C:\Windows\SysWOW64\pmcsnap.dll --a---- 629760 bytes [08:16 03/07/2012] [01:16 14/07/2009] 2BCF9DD935DAE5A34BACE0F76DD0B581 C:\Windows\SysWOW64\ppcsnap.dll --a---- 238080 bytes [08:16 03/07/2012] [01:16 14/07/2009] 78403BDE1B60FDE8CB1F918DC52F8BA4 C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll --a---- 302592 bytes [23:37 13/07/2009] [01:16 14/07/2009] B8876B38A2A7C816AEE7BA30048C85E5 C:\Windows\SysWOW64\de\AuthFWSnapIn.Resources.dll --a---- 1613824 bytes [17:58 14/07/2009] [17:58 14/07/2009] 82DB15674EF44C47BEC6BFE55A8D7F4A C:\Windows\SysWOW64\de-DE\AuditNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] 2893E1ED57CE3F4BB17713835960A21A C:\Windows\SysWOW64\de-DE\eqossnap.dll.mui --a---- 17920 bytes [17:58 14/07/2009] [17:58 14/07/2009] 1D426239E139A0D22F8B0F2AEA67E89A C:\Windows\SysWOW64\de-DE\IpsmSnap.dll.mui --a---- 55808 bytes [17:58 14/07/2009] [17:58 14/07/2009] F57A003BCE7D29809E8CABC54F853018 C:\Windows\SysWOW64\de-DE\napdsnap.dll.mui --a---- 4096 bytes [08:14 03/07/2012] [12:08 20/11/2010] 4542ABECA9FBC074C2064A580A84F15B C:\Windows\SysWOW64\de-DE\pmcsnap.dll.mui --a---- 57344 bytes [08:14 03/07/2012] [01:47 14/07/2009] D2567BE3D79345D05B783A5056719810 C:\Windows\SysWOW64\de-DE\ppcsnap.dll.mui --a---- 11264 bytes [08:14 03/07/2012] [01:47 14/07/2009] 043730D9E06A59DB023C2C3F3B8E4DBC C:\Windows\SysWOW64\de-DE\SrpUxNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] 5735A3C9CA2C182BA73525622DFFA0F9 C:\Windows\SysWOW64\migwiz\dlmanifests\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1454 bytes [20:38 13/07/2009] [21:21 10/06/2009] BC18582D8C7CCB4D60E1FFF11ED880C1 C:\Windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1544 bytes [21:03 13/07/2009] [21:26 10/06/2009] 87CB550E0470307EAE1C77D2CB03FD4B C:\Windows\SysWOW64\migwiz\replacementmanifests\TerminalServices-Manager-SnapIn-Replacement.man --a---- 1136 bytes [20:58 13/07/2009] [21:19 10/06/2009] 9C1D9345E9F3D2478F90642F0ED0D264 C:\Windows\SysWOW64\migwiz\replacementmanifests\TerminalServices-SBMgr-SnapIn-non_msil-Replacement.man --a---- 786 bytes [20:58 13/07/2009] [21:19 10/06/2009] F128096CE3C9576FD6FDA03A7BB00B6A C:\Windows\winsxs\amd64_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d1d4aa4a26a25d3e\AuditNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] 47DD0240711A71995A904A71EBA96D3F C:\Windows\winsxs\amd64_microsoft-windows-a..olicy-snapin-native_31bf3856ad364e35_6.1.7600.16385_none_9b6078314990d8e8\AuditNativeSnapIn.dll --a---- 220672 bytes [23:50 13/07/2009] [01:40 14/07/2009] 0F967EB19837CAA0E9678E9983B0B9B4 C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\CL_RegSnapin.ps1 --a---- 848 bytes [23:31 13/07/2009] [20:48 10/06/2009] 4B653C3126F5E3AE7C75BBCFCCFABFE3 C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\MonitorSnapIn.dll --a---- 12288 bytes [21:14 13/07/2009] [01:26 14/07/2009] 76AA5497F0206480342DB85731FD6439 C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\AudioDiagnosticSnapIn.dll --a---- 28672 bytes [21:14 13/07/2009] [01:26 14/07/2009] B4DA01738538E1E8DE889A1D5F2DB08E C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\CL_RegSnapin.ps1 --a---- 848 bytes [23:31 13/07/2009] [20:48 10/06/2009] 4B653C3126F5E3AE7C75BBCFCCFABFE3 C:\Windows\winsxs\amd64_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_0c9cb55c61e99805\comsnap.dll --a---- 303616 bytes [23:59 13/07/2009] [01:40 14/07/2009] 7D4D9E3F5FE917D7FB975804107AD3EF C:\Windows\winsxs\amd64_microsoft-windows-g..-admfiles.resources_31bf3856ad364e35_6.1.7600.16385_de-de_11d8646685bb96ba\MMCSnapins.adml --a---- 10860 bytes [17:58 14/07/2009] [17:58 14/07/2009] E5FF26607A6E322BB3903937E724D9C2 C:\Windows\winsxs\amd64_microsoft-windows-g..licy-admin-admfiles_31bf3856ad364e35_6.1.7600.16385_none_beabfc5b1399cd8e\MMCSnapins.admx --a---- 56928 bytes [21:44 13/07/2009] [20:42 10/06/2009] 263179895B280A7B97F57AEC4D86E045 C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1454 bytes [20:30 13/07/2009] [20:39 10/06/2009] BC18582D8C7CCB4D60E1FFF11ED880C1 C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_5e6da7259d4ac682\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1544 bytes [20:49 13/07/2009] [20:43 10/06/2009] 87CB550E0470307EAE1C77D2CB03FD4B C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_609ebaed9a394a1c\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1454 bytes [20:30 13/07/2009] [20:39 10/06/2009] BC18582D8C7CCB4D60E1FFF11ED880C1 C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_609ebaed9a394a1c\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1544 bytes [20:49 13/07/2009] [20:43 10/06/2009] 87CB550E0470307EAE1C77D2CB03FD4B C:\Windows\winsxs\amd64_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7600.16385_none_57e94db50528923a\TerminalServices-Manager-SnapIn-Replacement.man --a---- 1136 bytes [20:45 13/07/2009] [20:37 10/06/2009] 9C1D9345E9F3D2478F90642F0ED0D264 C:\Windows\winsxs\amd64_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7600.16385_none_57e94db50528923a\TerminalServices-SBMgr-SnapIn-non_msil-Replacement.man --a---- 786 bytes [20:45 13/07/2009] [20:37 10/06/2009] F128096CE3C9576FD6FDA03A7BB00B6A C:\Windows\winsxs\amd64_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7601.17514_none_5a1a617d021715d4\TerminalServices-Manager-SnapIn-Replacement.man --a---- 1136 bytes [20:45 13/07/2009] [20:37 10/06/2009] 9C1D9345E9F3D2478F90642F0ED0D264 C:\Windows\winsxs\amd64_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7601.17514_none_5a1a617d021715d4\TerminalServices-SBMgr-SnapIn-non_msil-Replacement.man --a---- 786 bytes [20:45 13/07/2009] [20:37 10/06/2009] F128096CE3C9576FD6FDA03A7BB00B6A C:\Windows\winsxs\amd64_microsoft-windows-msmq-admin_31bf3856ad364e35_6.1.7600.16385_none_1342f345571d6b5d\mqsnap.dll --a---- 868352 bytes [00:26 14/07/2009] [01:41 14/07/2009] 71E6BD26EC68F45AB64544AA3D9BF4BE C:\Windows\winsxs\amd64_microsoft-windows-msmq-admin_31bf3856ad364e35_6.1.7601.17514_none_1574070d540beef7\mqsnap.dll --a---- 868352 bytes [08:15 03/07/2012] [13:27 20/11/2010] 6C1A502C28559923B40FB72FF3C60850 C:\Windows\winsxs\amd64_microsoft-windows-n..g-napclientconfigui_31bf3856ad364e35_6.1.7600.16385_none_d1970936599a941a\napdsnap.dll --a---- 71680 bytes [00:09 14/07/2009] [01:41 14/07/2009] 501AE1DA41A2CFE25061A4B6923DC359 C:\Windows\winsxs\amd64_microsoft-windows-n..g-napclientconfigui_31bf3856ad364e35_6.1.7601.17514_none_d3c81cfe568917b4\napdsnap.dll --a---- 72192 bytes [08:14 03/07/2012] [13:27 20/11/2010] 85CD6797A4EDE1E3E0378DCBDF227CF0 C:\Windows\winsxs\amd64_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_de-de_14f12ab5983c4df0\IpsmSnap.dll.mui --a---- 55808 bytes [17:58 14/07/2009] [17:58 14/07/2009] CED684481720EB2B757DF6280A45C4C6 C:\Windows\winsxs\amd64_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4a1bd35e9c2ac15\eqossnap.dll.mui --a---- 17920 bytes [17:58 14/07/2009] [17:58 14/07/2009] DDFED213B30F4C21DBAE985AD614CCB2 C:\Windows\winsxs\amd64_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.1.7600.16385_none_76cf6d800be6c38e\ipsmsnap.dll --a---- 584192 bytes [00:09 14/07/2009] [01:41 14/07/2009] 7F8D8EA358C1ABFF48F359D64475B694 C:\Windows\winsxs\amd64_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.1.7601.17514_none_7900814808d54728\ipsmsnap.dll --a---- 584192 bytes [08:15 03/07/2012] [13:26 20/11/2010] ED3AF52CE4FFBE152BD27D0B6CE676F5 C:\Windows\winsxs\amd64_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f5553925f449efb2\napdsnap.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] C74A28A3A9FA258DC801C0F635FB63D4 C:\Windows\winsxs\amd64_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f7864cedf138734c\napdsnap.dll.mui --a---- 4096 bytes [08:14 03/07/2012] [12:56 20/11/2010] C0FA139245E6B1EA94B49A118CAC0FF0 C:\Windows\winsxs\amd64_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.1.7600.16385_none_d56fb2316ed57f8f\iasnap.dll --a---- 226304 bytes [00:09 14/07/2009] [01:41 14/07/2009] 8426E4F80F91E698ABE65A5945EC317E C:\Windows\winsxs\amd64_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.1.7600.16385_none_73604a5aa93ee6b5\eqossnap.dll --a---- 75264 bytes [00:09 14/07/2009] [01:40 14/07/2009] FCDFDBFCB5F6810B431AF0E2E7BDF606 C:\Windows\winsxs\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7600.16385_none_675d33939a62ac2f\pmcsnap.dll --a---- 748032 bytes [00:41 14/07/2009] [01:41 14/07/2009] 279AC1AD3CBD3980D5517924A7CBFCE2 C:\Windows\winsxs\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7600.16385_none_675d33939a62ac2f\ppcsnap.dll --a---- 258048 bytes [00:40 14/07/2009] [01:41 14/07/2009] 355C1095C87EA11548F542421CDCEB74 C:\Windows\winsxs\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_698e475b97512fc9\pmcsnap.dll --a---- 748032 bytes [00:41 14/07/2009] [01:41 14/07/2009] 279AC1AD3CBD3980D5517924A7CBFCE2 C:\Windows\winsxs\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_698e475b97512fc9\ppcsnap.dll --a---- 258048 bytes [00:40 14/07/2009] [01:41 14/07/2009] 355C1095C87EA11548F542421CDCEB74 C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_PSSnapins.help.txt --a---- 7306 bytes [17:58 14/07/2009] [17:58 14/07/2009] F91E24853A2FFF7793D8B36CED500650 C:\Windows\winsxs\amd64_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03b2a5eef074426f\pmcsnap.dll.mui --a---- 57344 bytes [17:58 14/07/2009] [17:58 14/07/2009] 74C9AB789AB3B524C8B98A3880644076 C:\Windows\winsxs\amd64_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03b2a5eef074426f\ppcsnap.dll.mui --a---- 11264 bytes [17:58 14/07/2009] [17:58 14/07/2009] FA3EFC57D525F7D152FECE659AEBA91D C:\Windows\winsxs\amd64_microsoft-windows-s..nt-configuration-ui_31bf3856ad364e35_6.1.7600.16385_none_ffee982d8b2417ad\snmpsnap.dll --a---- 261632 bytes [00:09 14/07/2009] [01:41 14/07/2009] 60F371E75916B1E08A667090D7AD6B64 C:\Windows\winsxs\amd64_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_161fe1a0b6aae7b7\snmpsnap.dll.mui --a---- 18432 bytes [17:58 14/07/2009] [17:58 14/07/2009] 2AE7ECBB7E9D6DC44366865CC229C191 C:\Windows\winsxs\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_f3f4372ac19c9285\AuthFWSnapIn.Resources.dll --a---- 1613824 bytes [17:58 14/07/2009] [17:58 14/07/2009] 63A048D5767C6CAF7E56C8F2EA7E465C C:\Windows\winsxs\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_de-de_f6254af2be8b161f\AuthFWSnapIn.Resources.dll --a---- 1613824 bytes [17:58 14/07/2009] [17:58 14/07/2009] 63A048D5767C6CAF7E56C8F2EA7E465C C:\Windows\winsxs\amd64_networking-mpssvc-admin_31bf3856ad364e35_6.1.7600.16385_none_01471f9a9b7ffcb1\AuthFWSnapin.dll --a---- 5070848 bytes [22:01 13/07/2009] [01:49 14/07/2009] 6E00E7BFD1EEE1118929F5276F7170D5 C:\Windows\winsxs\amd64_networking-mpssvc-admin_31bf3856ad364e35_6.1.7601.17514_none_03783362986e804b\AuthFWSnapin.dll --a---- 5066752 bytes [08:16 03/07/2012] [13:39 20/11/2010] 1BC6D282FF30D768515EAE0431F91552 C:\Windows\winsxs\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03c9dd5ddb97a02e\SrpUxNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] EEC1048F967D00E5EB1B5C87750F3989 C:\Windows\winsxs\amd64_srpuxnativesnapin_31bf3856ad364e35_6.1.7600.16385_none_447807b31b9d298e\SrpUxNativeSnapIn.dll --a---- 312320 bytes [23:53 13/07/2009] [01:41 14/07/2009] 128EAE79E2A4D75E1425BD991ECC997E C:\Windows\winsxs\amd64_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c66746a3ac10fbac\volsnap.inf_loc --a---- 202 bytes [17:58 14/07/2009] [17:58 14/07/2009] 3925B0A5C0E09DBBD88A8AC64005875A C:\Windows\winsxs\amd64_volsnap.inf_31bf3856ad364e35_6.1.7600.16385_none_c994a0d049937743\volsnap.inf --a---- 1686 bytes [20:17 13/07/2009] [20:17 13/07/2009] 593691C1DC069091778C2FD849031976 C:\Windows\winsxs\amd64_volume.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2e2a65e6eac85817\volsnap.sys.mui --a---- 28672 bytes [17:58 14/07/2009] [17:58 14/07/2009] 218322D6552BA0CD55D45F31463A1A0B C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys --a---- 294992 bytes [23:20 13/07/2009] [01:45 14/07/2009] 58F82EED8CA24B461441F9C3E4F0BF5C C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys --a---- 295808 bytes [08:15 03/07/2012] [13:34 20/11/2010] 0D08D2F3B3FF84E433346669B5E0F639 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..olicy-snapin-native_31bf3856ad364e35_6.1.7600.16385_none_9b6078314990d8e8.manifest --a---- 3677 bytes [02:18 14/07/2009] [02:18 14/07/2009] 252C18084162CF6257C0BA5630A9D8FC C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.1.7600.16385_none_b1157912c53d7d7e.manifest --a---- 22914 bytes [02:33 14/07/2009] [02:18 14/07/2009] DB9B4D0140D929C7F7D50AAC30D339F7 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.1.7601.17514_none_b3468cdac22c0118.manifest ------- 22914 bytes [08:03 03/07/2012] [04:16 20/11/2010] BA7D4754983D5962FD819C266FAD111D C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2a4829fe19f1aaec.manifest --a---- 2951 bytes [17:57 14/07/2009] [17:57 14/07/2009] 5B32D6D5156EE067069CF9D00FDD4F2D C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_af3189accf45a736.manifest --a---- 3037 bytes [17:57 14/07/2009] [17:57 14/07/2009] 6FE8C359C74542535319CA8E423E1751 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.1.7600.16385_none_a70b11d2900800dc.manifest --a---- 10736 bytes [02:33 14/07/2009] [02:18 14/07/2009] 06EE230A1A78C891D8F8BFF59DBB0249 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.1.7601.17514_none_a93c259a8cf68476.manifest ------- 10691 bytes [08:03 03/07/2012] [04:40 20/11/2010] 8B3F8125EC9F1C2B92DC0FA943E5DED4 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2fef214e6ef6b503.manifest --a---- 2279 bytes [17:57 14/07/2009] [17:57 14/07/2009] 5FD08E684DC0F4F3F1AB5D9E1E328C83 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.1.7600.16385_none_f7f84adae4544661.manifest --a---- 2546 bytes [02:33 14/07/2009] [02:21 14/07/2009] 91ACA3330308407692CB0813BFF92141 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-dns-clientsnapin_31bf3856ad364e35_6.1.7600.16385_none_d6458135df759b11.manifest --a---- 7621 bytes [02:34 14/07/2009] [02:27 14/07/2009] 31029981438AD474DB1651D2CD8BE0F4 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-dns-clientsnapin_31bf3856ad364e35_6.1.7601.17514_none_d87694fddc641eab.manifest ------- 7621 bytes [08:03 03/07/2012] [04:22 20/11/2010] 1F767EA097793E30E700CCBD439E78A7 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-g..admin-gpedit-snapin_31bf3856ad364e35_6.1.7600.16385_none_ccd7905990f3c9d2.manifest --a---- 22270 bytes [02:24 14/07/2009] [02:24 14/07/2009] AFDB06C69D1622236793D2207219F9E8 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5de3c853fb27f8e2.manifest --a---- 3464 bytes [17:57 14/07/2009] [17:57 14/07/2009] DF8F0068EF5459A89C008A51D0C178F5 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..-service-mmc-snapin_31bf3856ad364e35_6.1.7600.16385_none_76a3e7136851eccf.manifest --a---- 7104 bytes [02:22 14/07/2009] [02:22 14/07/2009] 583E7CD5BD1F7CEEDA7B5C87392C5D02 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6a837de6bd6403a7.manifest --a---- 9188 bytes [17:57 14/07/2009] [17:57 14/07/2009] 12734395D176594583393E75D94CE51C C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..cysnapin-deployment_31bf3856ad364e35_6.1.7600.16385_none_78e52218b95dc04d.manifest --a---- 1880 bytes [05:29 14/07/2009] [05:29 14/07/2009] D264A9CC70E6ECEEC865DE16BDDD5AA7 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..cysnapin-deployment_31bf3856ad364e35_6.1.7601.17514_none_7b1635e0b64c43e7.manifest ------- 1883 bytes [08:04 03/07/2012] [08:04 03/07/2012] 22AE9130DC6FA74ABB97C60CC03BA8EC C:\Windows\winsxs\Manifests\amd64_microsoft-windows-i..mc-snapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_22be10e0da0ab325.manifest --a---- 3002 bytes [17:57 14/07/2009] [17:57 14/07/2009] B0A93FC3FE7A2E9AB070ABBA25B558EF C:\Windows\winsxs\Manifests\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7600.16385_none_dd15c5aecbb70471.manifest --a---- 19159 bytes [02:24 14/07/2009] [02:24 14/07/2009] B7BE9A5A5CABA9ABD5B5047AA4BCD67F C:\Windows\winsxs\Manifests\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_df46d976c8a5880b.manifest ------- 18730 bytes [08:03 03/07/2012] [04:40 20/11/2010] FDEC030DDE04CA33386C735F0DA55A6F C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.1.7600.16385_none_5beaaa2baeec35ea.manifest --a---- 5994 bytes [02:34 14/07/2009] [02:27 14/07/2009] 8F0B73E38547DA06BDEF4C7C66490D7A C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9781b899aa9124ac.manifest --a---- 2723 bytes [17:57 14/07/2009] [17:57 14/07/2009] CCB50ADFAF8467BACE7627153CDAA3A9 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4a1bd35e9c2ac15.manifest --a---- 2248 bytes [17:57 14/07/2009] [17:57 14/07/2009] AC8EDCEECBF4985B660C77E93B7CF7F5 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.1.7600.16385_none_d56fb2316ed57f8f.manifest --a---- 2313 bytes [02:33 14/07/2009] [02:17 14/07/2009] CA883ABB22844332C762E3D057CF59FB C:\Windows\winsxs\Manifests\amd64_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.1.7600.16385_none_73604a5aa93ee6b5.manifest --a---- 6405 bytes [02:34 14/07/2009] [02:17 14/07/2009] 9F99D8A0778EB93F1977F4BC514D7E82 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296.manifest --a---- 2085 bytes [17:57 14/07/2009] [17:57 14/07/2009] 2D3A6B5476DE614E5177B762A7A561B5 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a.manifest --a---- 3451 bytes [02:33 14/07/2009] [02:22 14/07/2009] 5B07A7425C5BC353840BC9CC68CDDBC8 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bb39daf7c2484dad.manifest --a---- 3426 bytes [17:57 14/07/2009] [17:57 14/07/2009] CDD7DD67FCA41DA1B40F34F1B72DA603 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_d3720895f8f22acd.manifest --a---- 7574 bytes [02:33 14/07/2009] [02:28 14/07/2009] 149F0F04603AE4F0596114A45754E8DF C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8be4de4e73d6b0ff.manifest --a---- 3915 bytes [17:57 14/07/2009] [17:57 14/07/2009] 267AF75E53A003AF8472742F0F14CE98 C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.1.7600.16385_none_f7dacf5fd4a3c2a7.manifest --a---- 21993 bytes [02:33 14/07/2009] [02:21 14/07/2009] CF9F2FE70B5633DEAC9AD99A3F3C781C C:\Windows\winsxs\Manifests\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_03c9dd5ddb97a02e.manifest --a---- 2121 bytes [17:57 14/07/2009] [17:57 14/07/2009] 5328CCA5ABA454DCA0B989AC860E94C6 C:\Windows\winsxs\Manifests\amd64_srpuxnativesnapin_31bf3856ad364e35_6.1.7600.16385_none_447807b31b9d298e.manifest --a---- 2097 bytes [02:25 14/07/2009] [02:25 14/07/2009] FE8BD83A0F62FCE6C7A6990A0B2F99DB C:\Windows\winsxs\Manifests\amd64_srpuxsnapin.general_31bf3856ad364e35_6.1.7600.16385_none_909a5ac9d32807a5.manifest --a---- 7128 bytes [02:12 14/07/2009] [02:11 14/07/2009] 2FC5C712548635FFEE615C09B584C7BA C:\Windows\winsxs\Manifests\amd64_volsnap.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_de-de_a030bbcb2516775b.manifest --a---- 1088 bytes [17:57 14/07/2009] [17:57 14/07/2009] 8C187F9844D55E833C3DD5FED2A0B7BA C:\Windows\winsxs\Manifests\amd64_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c66746a3ac10fbac.manifest --a---- 1783 bytes [17:57 14/07/2009] [17:57 14/07/2009] E7DBAB0A12FC8365D70D3949901ED24B C:\Windows\winsxs\Manifests\amd64_volsnap.inf_31bf3856ad364e35_6.1.7600.16385_none_c994a0d049937743.manifest --a---- 1456 bytes [05:28 14/07/2009] [05:28 14/07/2009] ED5BB3689080E77233E45FC584B02FA1 C:\Windows\winsxs\Manifests\msil_napsnap.resources_31bf3856ad364e35_6.1.7600.16385_de-de_26418ccd6472c762.manifest --a---- 1536 bytes [17:57 14/07/2009] [17:57 14/07/2009] 063499495ECA1426AEE501BEE80E7F16 C:\Windows\winsxs\Manifests\msil_napsnap_31bf3856ad364e35_6.1.7600.16385_none_0c6dbb690a333628.manifest --a---- 2089 bytes [02:34 14/07/2009] [02:18 14/07/2009] 26FD57871533FC878D113031C1FFF2AD C:\Windows\winsxs\Manifests\msil_securityauditpoliciessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ef4fd05f1681d811.manifest --a---- 1302 bytes [17:57 14/07/2009] [17:57 14/07/2009] B8BA982161E9E2AD5E56714DB2F7355C C:\Windows\winsxs\Manifests\msil_securityauditpoliciessnapin_31bf3856ad364e35_6.1.7600.16385_none_09c728c4039d9f69.manifest --a---- 1648 bytes [02:24 14/07/2009] [02:24 14/07/2009] D593AA542AE4FA040A0C960C99174A12 C:\Windows\winsxs\Manifests\msil_securityauditpoliciessnapin_31bf3856ad364e35_6.1.7601.17514_none_0bf83c8c008c2303.manifest ------- 1648 bytes [08:03 03/07/2012] [04:20 20/11/2010] BCDC2EAE455742D9C368419EBCF7088B C:\Windows\winsxs\Manifests\msil_srpuxsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5014bd8fcca99620.manifest --a---- 1254 bytes [17:57 14/07/2009] [17:57 14/07/2009] F4B1A65C03A223F7B2663A1DDEBD7148 C:\Windows\winsxs\Manifests\msil_srpuxsnapin.resources_31bf3856ad364e35_6.1.7601.17514_de-de_5245d157c99819ba.manifest ------- 1254 bytes [08:03 03/07/2012] [03:30 20/11/2010] 8527B7379329FDB27577BE34B4D180EA C:\Windows\winsxs\Manifests\msil_srpuxsnapin_31bf3856ad364e35_6.1.7600.16385_none_f6dbcb009d3e7ae6.manifest --a---- 1584 bytes [02:16 14/07/2009] [02:16 14/07/2009] 2CCBA26514E6090B6BF0788432873DA2 C:\Windows\winsxs\Manifests\msil_srpuxsnapin_31bf3856ad364e35_6.1.7601.17514_none_f90cdec89a2cfe80.manifest ------- 1584 bytes [08:03 03/07/2012] [04:15 20/11/2010] 951D80978A886EB1662E94573A02FD96 C:\Windows\winsxs\Manifests\wow64_microsoft-windows-a..olicy-snapin-native_31bf3856ad364e35_6.1.7600.16385_none_a5b522837df19ae3.manifest --a---- 3675 bytes [01:42 14/07/2009] [01:42 14/07/2009] 21F31365665F22780F99C92D7F82330E C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..acysnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74d82838f1c4c5a2.manifest --a---- 9188 bytes [17:57 14/07/2009] [17:57 14/07/2009] 3B72291F710AC1FBF6D319B5332D4EE6 C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..cysnapin-deployment_31bf3856ad364e35_6.1.7600.16385_none_8339cc6aedbe8248.manifest --a---- 1522 bytes [01:44 14/07/2009] [01:42 14/07/2009] 080099C8DA82F8F46816D99D2FBA44A8 C:\Windows\winsxs\Manifests\wow64_microsoft-windows-i..cysnapin-deployment_31bf3856ad364e35_6.1.7601.17514_none_856ae032eaad05e2.manifest ------- 1525 bytes [08:03 03/07/2012] [08:42 20/11/2010] D0688387C3C1481DD0626BC17EB17855 C:\Windows\winsxs\Manifests\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7600.16385_none_e76a70010017c66c.manifest --a---- 16684 bytes [01:42 14/07/2009] [01:42 14/07/2009] 7F1E49C6C9BEB2D081C74509F0EC5E64 C:\Windows\winsxs\Manifests\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_e99b83c8fd064a06.manifest ------- 16255 bytes [08:03 03/07/2012] [03:27 20/11/2010] E336BC603EE0197CBB6E44081CEB244C C:\Windows\winsxs\Manifests\wow64_microsoft-windows-n..ergrouppolicysnapin_31bf3856ad364e35_6.1.7600.16385_none_663f547de34cf7e5.manifest --a---- 5992 bytes [02:34 14/07/2009] [01:43 14/07/2009] 74D53B650AB2BC3A7065D84232585312 C:\Windows\winsxs\Manifests\wow64_microsoft-windows-wmi-management-snapins_31bf3856ad364e35_6.1.7600.16385_none_022f79b2090484a2.manifest --a---- 11848 bytes [02:33 14/07/2009] [01:44 14/07/2009] 8E92EAA80BD422C80A7F8FB29898F766 C:\Windows\winsxs\Manifests\wow64_srpuxnativesnapin_31bf3856ad364e35_6.1.7600.16385_none_4eccb2054ffdeb89.manifest --a---- 2095 bytes [01:42 14/07/2009] [01:42 14/07/2009] DA056BC7AB08E8D96CA0D576EDD9EE94 C:\Windows\winsxs\Manifests\wow64_srpuxsnapin.general_31bf3856ad364e35_6.1.7600.16385_none_9aef051c0788c9a0.manifest --a---- 7128 bytes [01:43 14/07/2009] [01:42 14/07/2009] D3CECB21A40D4B67161224922BF5DA58 C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.1.7600.16385_none_54f6dd8f0ce00c48.manifest --a---- 22906 bytes [02:33 14/07/2009] [01:52 14/07/2009] 4166651F6D15F546A201E7E0D46D59CD C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.1.7601.17514_none_5727f15709ce8fe2.manifest ------- 22906 bytes [08:03 03/07/2012] [03:05 20/11/2010] 095520BB3C33359F6FC49BA6000E3978 C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ce298e7a619439b6.manifest --a---- 2949 bytes [17:57 14/07/2009] [17:57 14/07/2009] F5688BFA9AE21EB49A665FFCC5198930 C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..snapindll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5312ee2916e83600.manifest --a---- 3035 bytes [17:57 14/07/2009] [17:57 14/07/2009] 7AB2354477D388DC6350D263FA205909 C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.1.7600.16385_none_4aec764ed7aa8fa6.manifest --a---- 10732 bytes [02:33 14/07/2009] [01:52 14/07/2009] C0C15C056F01AC5ED48319674E008E07 C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_6.1.7601.17514_none_4d1d8a16d4991340.manifest ------- 10687 bytes [08:03 03/07/2012] [03:27 20/11/2010] D563C8AC22C67635781EF6BBB3259774 C:\Windows\winsxs\Manifests\x86_microsoft-windows-d..entsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d3d085cab69943cd.manifest --a---- 2277 bytes [17:57 14/07/2009] [17:57 14/07/2009] 8720D381EE2E591C61F02F46117B18EB C:\Windows\winsxs\Manifests\x86_microsoft-windows-diskmanagement-snapin_31bf3856ad364e35_6.1.7600.16385_none_9bd9af572bf6d52b.manifest --a---- 2542 bytes [02:33 14/07/2009] [01:54 14/07/2009] A0B4BC668A986F2E155D15B0D0B55429 C:\Windows\winsxs\Manifests\x86_microsoft-windows-dns-clientsnapin_31bf3856ad364e35_6.1.7600.16385_none_7a26e5b2271829db.manifest --a---- 7617 bytes [02:34 14/07/2009] [01:58 14/07/2009] 1518F34DBCD32E50C4A5800DB113E60A C:\Windows\winsxs\Manifests\x86_microsoft-windows-dns-clientsnapin_31bf3856ad364e35_6.1.7601.17514_none_7c57f97a2406ad75.manifest ------- 7617 bytes [08:03 03/07/2012] [03:10 20/11/2010] 403AC583CA65938F55CFEEF2D6E0C817 C:\Windows\winsxs\Manifests\x86_microsoft-windows-g..admin-gpedit-snapin_31bf3856ad364e35_6.1.7600.16385_none_70b8f4d5d896589c.manifest --a---- 22262 bytes [01:55 14/07/2009] [01:55 14/07/2009] 8AC7820882E87AC4CBAD3ADD9B3A8ED6 C:\Windows\winsxs\Manifests\x86_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_01c52cd042ca87ac.manifest --a---- 3460 bytes [17:57 14/07/2009] [17:57 14/07/2009] 8275D0624B630991EC8263852E8D0E57 C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..icysnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_3b631d15f233b376.manifest --a---- 2721 bytes [17:57 14/07/2009] [17:57 14/07/2009] C661BCA394C87069418825E663E5ABDB C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_588321b231653adf.manifest --a---- 2246 bytes [17:57 14/07/2009] [17:57 14/07/2009] 6CD7070303E682CFB377113587A150E6 C:\Windows\winsxs\Manifests\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.1.7600.16385_none_795116adb6780e59.manifest --a---- 2311 bytes [02:33 14/07/2009] [01:51 14/07/2009] 8B469CAF9CF5FD0219CF082C0D2AEBA8 C:\Windows\winsxs\Manifests\x86_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.1.7600.16385_none_1741aed6f0e1757f.manifest --a---- 6401 bytes [02:34 14/07/2009] [01:52 14/07/2009] 5003193751E9503CDCBE681414F028F3 C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160.manifest --a---- 2083 bytes [17:57 14/07/2009] [17:57 14/07/2009] 8C2DDD8A05673C1169C639FA7E0098B1 C:\Windows\winsxs\Manifests\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54.manifest --a---- 3447 bytes [02:33 14/07/2009] [01:54 14/07/2009] 00267EC7D3DE2B1EF982350EDB51162C C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..minsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5f1b3f7409eadc77.manifest --a---- 3424 bytes [17:57 14/07/2009] [17:57 14/07/2009] BB4CDE9F1E0E67FC2D62B37D327959CB C:\Windows\winsxs\Manifests\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_77536d124094b997.manifest --a---- 7570 bytes [02:33 14/07/2009] [01:58 14/07/2009] EAFBD3C800632BA5878F00709857F959 C:\Windows\winsxs\Manifests\x86_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_de-de_2fc642cabb793fc9.manifest --a---- 3913 bytes [17:57 14/07/2009] [17:57 14/07/2009] FFDDBAC13913E9C0227060BEDD83D76E C:\Windows\winsxs\Manifests\x86_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7ab41da233a2ef8.manifest --a---- 2119 bytes [17:57 14/07/2009] [17:57 14/07/2009] F8A2FB2CB58C132EAC62979960F3080E C:\Windows\winsxs\msil_napsnap.resources_31bf3856ad364e35_6.1.7600.16385_de-de_26418ccd6472c762\napsnap.resources.dll --a---- 233472 bytes [17:58 14/07/2009] [17:58 14/07/2009] 70B23611E66B736D66DDAB1E793E45D2 C:\Windows\winsxs\msil_napsnap_31bf3856ad364e35_6.1.7600.16385_none_0c6dbb690a333628\NAPSNAP.DLL --a---- 454656 bytes [22:02 13/07/2009] [01:50 14/07/2009] 6F6170493DADDBAE1AFF0A2E2FABAE34 C:\Windows\winsxs\msil_securityauditpoliciessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ef4fd05f1681d811\SecurityAuditPoliciesSnapIn.resources.dll --a---- 13312 bytes [17:58 14/07/2009] [17:58 14/07/2009] 507C955B8FEAF8F5E07F7B750CD6F7D0 C:\Windows\winsxs\msil_securityauditpoliciessnapin_31bf3856ad364e35_6.1.7600.16385_none_09c728c4039d9f69\SecurityAuditPoliciesSnapIn.dll --a---- 167936 bytes [21:39 13/07/2009] [01:47 14/07/2009] A0DB27715913746A936167FF1F248486 C:\Windows\winsxs\msil_securityauditpoliciessnapin_31bf3856ad364e35_6.1.7601.17514_none_0bf83c8c008c2303\SecurityAuditPoliciesSnapIn.dll --a---- 167936 bytes [08:15 03/07/2012] [13:44 20/11/2010] 855B4DFFC8F42403FBE247B9D7A85714 C:\Windows\winsxs\msil_srpuxsnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5014bd8fcca99620\SrpUxSnapIn.resources.dll --a---- 200704 bytes [17:58 14/07/2009] [17:58 14/07/2009] 717395141E7043C1A015C9E75291EB3F C:\Windows\winsxs\msil_srpuxsnapin.resources_31bf3856ad364e35_6.1.7601.17514_de-de_5245d157c99819ba\SrpUxSnapIn.resources.dll --a---- 200704 bytes [08:14 03/07/2012] [13:16 20/11/2010] 60453D0F9EE3A7B5C5E40C535A7206E3 C:\Windows\winsxs\msil_srpuxsnapin_31bf3856ad364e35_6.1.7600.16385_none_f6dbcb009d3e7ae6\SrpUxSnapIn.dll --a---- 1048576 bytes [21:42 13/07/2009] [01:49 14/07/2009] 4BAAABBA7D72062969DAF81F7847C4A4 C:\Windows\winsxs\msil_srpuxsnapin_31bf3856ad364e35_6.1.7601.17514_none_f90cdec89a2cfe80\SrpUxSnapIn.dll --a---- 1048576 bytes [08:15 03/07/2012] [13:44 20/11/2010] 8199754E88A0F37965D468C8E280ACF6 C:\Windows\winsxs\wow64_microsoft-windows-a..olicy-snapin-native_31bf3856ad364e35_6.1.7600.16385_none_a5b522837df19ae3\AuditNativeSnapIn.dll --a---- 217088 bytes [23:34 13/07/2009] [01:14 14/07/2009] DDFE42E15C119157A794447D84B62C2F C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_7f0b185800a159c3\about_PSSnapins.help.txt --a---- 7306 bytes [17:58 14/07/2009] [17:58 14/07/2009] F91E24853A2FFF7793D8B36CED500650 C:\Windows\winsxs\wow64_srpuxnativesnapin_31bf3856ad364e35_6.1.7600.16385_none_4eccb2054ffdeb89\SrpUxNativeSnapIn.dll --a---- 302592 bytes [23:37 13/07/2009] [01:16 14/07/2009] B8876B38A2A7C816AEE7BA30048C85E5 C:\Windows\winsxs\x86_microsoft-windows-a..in-native.resources_31bf3856ad364e35_6.1.7600.16385_de-de_75b60ec66e44ec08\AuditNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] 2893E1ED57CE3F4BB17713835960A21A C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_b07e19d8a98c26cf\comsnap.dll --a---- 220160 bytes [23:44 13/07/2009] [01:15 14/07/2009] 8A5E80D2550938DE2B66346B9E24CEB7 C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_024f0ba1e4ed554c\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1454 bytes [20:38 13/07/2009] [21:21 10/06/2009] BC18582D8C7CCB4D60E1FFF11ED880C1 C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7600.16385_none_024f0ba1e4ed554c\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1544 bytes [21:03 13/07/2009] [21:26 10/06/2009] 87CB550E0470307EAE1C77D2CB03FD4B C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\GroupPolicy-Admin-Gpedit-Snapin-DL.man --a---- 1454 bytes [20:38 13/07/2009] [21:21 10/06/2009] BC18582D8C7CCB4D60E1FFF11ED880C1 C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\Microsoft-Windows-IIS-LegacySnapIn-Deployment-DL.man --a---- 1544 bytes [21:03 13/07/2009] [21:26 10/06/2009] 87CB550E0470307EAE1C77D2CB03FD4B C:\Windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7600.16385_none_fbcab2314ccb2104\TerminalServices-Manager-SnapIn-Replacement.man --a---- 1136 bytes [20:58 13/07/2009] [21:19 10/06/2009] 9C1D9345E9F3D2478F90642F0ED0D264 C:\Windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7600.16385_none_fbcab2314ccb2104\TerminalServices-SBMgr-SnapIn-non_msil-Replacement.man --a---- 786 bytes [20:58 13/07/2009] [21:19 10/06/2009] F128096CE3C9576FD6FDA03A7BB00B6A C:\Windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7601.17514_none_fdfbc5f949b9a49e\TerminalServices-Manager-SnapIn-Replacement.man --a---- 1136 bytes [20:58 13/07/2009] [21:19 10/06/2009] 9C1D9345E9F3D2478F90642F0ED0D264 C:\Windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7601.17514_none_fdfbc5f949b9a49e\TerminalServices-SBMgr-SnapIn-non_msil-Replacement.man --a---- 786 bytes [20:58 13/07/2009] [21:19 10/06/2009] F128096CE3C9576FD6FDA03A7BB00B6A C:\Windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.1.7600.16385_none_b72457c19ebffa27\mqsnap.dll --a---- 604672 bytes [00:10 14/07/2009] [01:15 14/07/2009] C9427FB31B99E268041BBD3C08AE3B3C C:\Windows\winsxs\x86_microsoft-windows-msmq-admin_31bf3856ad364e35_6.1.7601.17514_none_b9556b899bae7dc1\mqsnap.dll --a---- 604672 bytes [08:15 03/07/2012] [12:19 20/11/2010] 3D638A9D1D5AB38F04B984E55A4924BC C:\Windows\winsxs\x86_microsoft-windows-n..g-napclientconfigui_31bf3856ad364e35_6.1.7600.16385_none_75786db2a13d22e4\napdsnap.dll --a---- 67584 bytes [23:53 13/07/2009] [01:16 14/07/2009] B00F29CE9360B5497AFD0DC5A35C33D7 C:\Windows\winsxs\x86_microsoft-windows-n..g-napclientconfigui_31bf3856ad364e35_6.1.7601.17514_none_77a9817a9e2ba67e\napdsnap.dll --a---- 68096 bytes [08:14 03/07/2012] [12:20 20/11/2010] 9E122E5CD1BB79CF8F0BCEAC947B81C0 C:\Windows\winsxs\x86_microsoft-windows-n..n-clients.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b8d28f31dfdedcba\IpsmSnap.dll.mui --a---- 55808 bytes [17:58 14/07/2009] [17:58 14/07/2009] F57A003BCE7D29809E8CABC54F853018 C:\Windows\winsxs\x86_microsoft-windows-n..qossnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_588321b231653adf\eqossnap.dll.mui --a---- 17920 bytes [17:58 14/07/2009] [17:58 14/07/2009] 1D426239E139A0D22F8B0F2AEA67E89A C:\Windows\winsxs\x86_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.1.7600.16385_none_1ab0d1fc53895258\ipsmsnap.dll --a---- 400896 bytes [23:53 13/07/2009] [01:15 14/07/2009] 670740C6B55EE716110E5920535AC02C C:\Windows\winsxs\x86_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.1.7601.17514_none_1ce1e5c45077d5f2\ipsmsnap.dll --a---- 400896 bytes [08:15 03/07/2012] [12:19 20/11/2010] B1603F0A972B94927B8EF5F04DF11855 C:\Windows\winsxs\x86_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_99369da23bec7e7c\napdsnap.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] 819784939603C2E78BD1B1F09E3A0D7D C:\Windows\winsxs\x86_microsoft-windows-n..tconfigui.resources_31bf3856ad364e35_6.1.7601.17514_de-de_9b67b16a38db0216\napdsnap.dll.mui --a---- 4096 bytes [08:14 03/07/2012] [12:08 20/11/2010] 4542ABECA9FBC074C2064A580A84F15B C:\Windows\winsxs\x86_microsoft-windows-n..tion_service_iasnap_31bf3856ad364e35_6.1.7600.16385_none_795116adb6780e59\iasnap.dll --a---- 157696 bytes [23:53 13/07/2009] [01:15 14/07/2009] 685EB50ED22DE5BF8BDAFA991669AC06 C:\Windows\winsxs\x86_microsoft-windows-networking-eqossnapin_31bf3856ad364e35_6.1.7600.16385_none_1741aed6f0e1757f\eqossnap.dll --a---- 66048 bytes [23:54 13/07/2009] [01:15 14/07/2009] 77ABA9399978025CD733DAB538BCAA76 C:\Windows\winsxs\x86_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_0d6fabd7def3be93\pmcsnap.dll --a---- 629760 bytes [08:16 03/07/2012] [01:16 14/07/2009] 2BCF9DD935DAE5A34BACE0F76DD0B581 C:\Windows\winsxs\x86_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_0d6fabd7def3be93\ppcsnap.dll --a---- 238080 bytes [08:16 03/07/2012] [01:16 14/07/2009] 78403BDE1B60FDE8CB1F918DC52F8BA4 C:\Windows\winsxs\x86_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7940a6b3816d139\pmcsnap.dll.mui --a---- 57344 bytes [08:14 03/07/2012] [01:47 14/07/2009] D2567BE3D79345D05B783A5056719810 C:\Windows\winsxs\x86_microsoft-windows-p..ui-pmcppc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7940a6b3816d139\ppcsnap.dll.mui --a---- 11264 bytes [08:14 03/07/2012] [01:47 14/07/2009] 043730D9E06A59DB023C2C3F3B8E4DBC C:\Windows\winsxs\x86_microsoft-windows-s..nt-configuration-ui_31bf3856ad364e35_6.1.7600.16385_none_a3cffca9d2c6a677\snmpsnap.dll --a---- 181760 bytes [23:53 13/07/2009] [01:16 14/07/2009] 657215D8AB408669EF6A449E3773F8F5 C:\Windows\winsxs\x86_microsoft-windows-s..nt-configuration-ui_31bf3856ad364e35_6.1.7601.17514_none_a6011071cfb52a11\snmpsnap.dll --a---- 182272 bytes [08:15 03/07/2012] [12:21 20/11/2010] 7AF9E15F9A7DE0C74E2292BF8FE9D4F3 C:\Windows\winsxs\x86_microsoft-windows-s..ration-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ba01461cfe4d7681\snmpsnap.dll.mui --a---- 18432 bytes [17:58 14/07/2009] [17:58 14/07/2009] 802ED7319CDF754DEFEF7BC1BDF80F65 C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_97d59ba7093f214f\AuthFWSnapIn.Resources.dll --a---- 1613824 bytes [17:58 14/07/2009] [17:58 14/07/2009] 82DB15674EF44C47BEC6BFE55A8D7F4A C:\Windows\winsxs\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_de-de_9a06af6f062da4e9\AuthFWSnapIn.Resources.dll --a---- 1613824 bytes [17:58 14/07/2009] [17:58 14/07/2009] 82DB15674EF44C47BEC6BFE55A8D7F4A C:\Windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.1.7600.16385_none_a5288416e3228b7b\AuthFWSnapin.dll --a---- 5070848 bytes [22:11 13/07/2009] [01:23 14/07/2009] 058A73936B3CBDB5F8EC5851C8CC8780 C:\Windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.1.7601.17514_none_a75997dee0110f15\AuthFWSnapin.dll --a---- 5066752 bytes [08:16 03/07/2012] [12:32 20/11/2010] 13A1F9A72F81509658F3E0B6AC2AD994 C:\Windows\winsxs\x86_srpuxnativesnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a7ab41da233a2ef8\SrpUxNativeSnapIn.dll.mui --a---- 3584 bytes [17:58 14/07/2009] [17:58 14/07/2009] 5735A3C9CA2C182BA73525622DFFA0F9 ========== regfind ========== Searching for "snap.do" [HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\0ADC726493D437544A0B6B7387D02DBA] "ProductName"="Snap.Do" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{876d753f-4af3-4384-b96d-b344f150dced}] "DisplayName"="Snap.Do Engine" [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] "URL"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=ds&q={searchTerms}&installDate=28/03/2013" [HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=ds&q={searchTerms}&installDate=28/03/2013" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3064313156-4174858450-1445601724-1000\Products\0ADC726493D437544A0B6B7387D02DBA\InstallProperties] "HelpLink"="hxxp://snap.do" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3064313156-4174858450-1445601724-1000\Products\0ADC726493D437544A0B6B7387D02DBA\InstallProperties] "URLInfoAbout"="hxxp://snap.do" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3064313156-4174858450-1445601724-1000\Products\0ADC726493D437544A0B6B7387D02DBA\InstallProperties] "DisplayName"="Snap.Do" [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Installer\Products\0ADC726493D437544A0B6B7387D02DBA] "ProductName"="Snap.Do" [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{876d753f-4af3-4384-b96d-b344f150dced}] "DisplayName"="Snap.Do Engine" [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] "URL"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=ds&q={searchTerms}&installDate=28/03/2013" [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=ds&q={searchTerms}&installDate=28/03/2013" [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] "URL"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=ds&q={searchTerms}&installDate=28/03/2013" [HKEY_USERS\S-1-5-21-3064313156-4174858450-1445601724-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=e6cc8d95-4b98-4af1-93c1-eaf21847769c&searchtype=ds&q={searchTerms}&installDate=28/03/2013" -= EOF =- |
05.04.2013, 15:57 | #12 |
/// TB-Ausbilder | snap.do entfernung Also fein. Schauen wir mal: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
05.04.2013, 20:29 | #13 |
| snap.do entfernung Sorry... hatte das mit dem Drag/Drop bezgl. CFScript.txt nicht verstanden und hatte ohne das Script ComboFix gestartet. Das ist das das dazugehörige log-file Code:
ATTFilter ComboFix 13-04-05.01 - asmus 05.04.2013 21:03:20.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.1331 [GMT 2:00] ausgeführt von:: c:\users\asmus\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-05 bis 2013-04-05 )))))))))))))))))))))))))))))) . . 2013-04-05 19:10 . 2013-04-05 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-03 11:25 . 2013-04-03 11:25 -------- d-----w- c:\windows\ERUNT 2013-04-03 11:24 . 2013-04-03 11:49 -------- d-----w- C:\JRT 2013-04-03 08:58 . 2013-04-03 12:09 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-03-29 09:27 . 2013-03-29 09:27 -------- d-----w- c:\users\asmus\AppData\Roaming\PDF Architect 2013-03-29 08:57 . 2013-03-29 08:57 -------- d-----w- c:\program files (x86)\QNAP 2013-03-28 18:40 . 2013-03-28 18:40 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-03-28 18:40 . 2013-03-28 18:40 -------- d--h--w- c:\programdata\Common Files 2013-03-28 18:39 . 2013-03-28 18:40 -------- d-----w- c:\program files (x86)\PDF Architect 2013-03-28 18:39 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2013-03-28 18:39 . 2013-01-11 10:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll 2013-03-28 18:39 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2013-03-28 18:39 . 2013-03-28 18:41 -------- d-----w- c:\program files (x86)\PDFCreator 2013-03-28 18:39 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2013-03-28 18:39 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL 2013-03-28 18:39 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL 2013-03-19 20:38 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-14 12:47 . 2013-03-14 12:47 -------- d-----w- c:\users\asmus\AppData\Roaming\Corel 2013-03-14 12:14 . 2013-03-14 12:14 -------- d-----w- c:\program files\Common Files\Corel 2013-03-14 12:14 . 2013-03-14 12:14 -------- d-----w- c:\program files\Common Files\Protexis 2013-03-14 12:14 . 2013-03-14 12:47 -------- d-----w- c:\programdata\Corel 2013-03-14 12:10 . 2013-03-14 12:10 -------- d-----w- c:\program files\Corel . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 09:07 . 2012-07-05 08:27 2413248 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll 2013-03-15 08:20 . 2012-07-03 15:46 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 08:20 . 2012-07-03 15:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 15:19 . 2012-07-02 15:28 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-06 08:23 . 2013-03-06 08:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-06 08:23 . 2012-09-10 09:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-06 08:23 . 2012-08-02 08:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-14 08:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 08:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 08:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-14 08:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-14 08:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 08:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-13 21:17 . 2013-02-28 08:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17 . 2013-02-28 08:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16 . 2013-02-28 08:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12 . 2013-02-28 08:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32 . 2013-02-28 08:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-01-13 20:22 . 2013-02-28 08:05 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20 . 2013-02-28 08:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-01-13 20:09 . 2013-02-28 08:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08 . 2013-02-28 08:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08 . 2013-02-28 08:05 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-01-13 19:59 . 2013-02-28 08:05 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-01-13 19:58 . 2013-02-28 08:05 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-01-13 19:54 . 2013-02-28 08:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53 . 2013-02-28 08:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53 . 2013-02-28 08:07 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51 . 2013-02-28 08:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-01-13 19:49 . 2013-02-28 08:05 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-01-13 19:48 . 2013-02-28 08:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46 . 2013-02-28 08:05 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-01-13 19:43 . 2013-02-28 08:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38 . 2013-02-28 08:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-01-13 19:38 . 2013-02-28 08:05 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-01-13 19:38 . 2013-02-28 08:05 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-01-13 19:37 . 2013-02-28 08:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-01-13 19:25 . 2013-02-28 08:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-01-13 19:24 . 2013-02-28 08:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-01-13 19:24 . 2013-02-28 08:07 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-01-13 19:20 . 2013-02-28 08:05 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-01-13 19:20 . 2013-02-28 08:05 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-01-13 19:15 . 2013-02-28 08:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-01-13 19:10 . 2013-02-28 08:05 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-01-13 19:02 . 2013-02-28 08:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34 . 2013-02-28 08:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32 . 2013-02-28 08:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-01-13 18:09 . 2013-02-28 08:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-01-13 17:26 . 2013-02-28 08:05 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05 . 2013-02-28 08:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISM"="c:\program files (x86)\Common Files\Intel\Intel Software Manager\ism2.exe" [2012-10-08 694752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-10 115560] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-12-23 347792] . c:\users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled Dropbox.lnk - c:\users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-12-27 55296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-12-27 24064] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-07-03 54824] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-07-03 35104] R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe [2009-08-24 544768] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-17 1432400] R3 RDID1057;UA-1EX;c:\windows\system32\Drivers\rdwm1057.sys [2012-12-11 158592] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [2012-05-03 200032] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208] S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-18 30720] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2013-04-05 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job - c:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-07-04 01:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = backspace.unibw-hamburg.de:3128 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\asmus\AppData\Roaming\Mozilla\Firefox\Profiles\qkil8hio.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: 2013-03-28 19:39; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt . . ------- Dateityp-Verknüpfung ------- . vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %* jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %* . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-04-05 21:13:09 ComboFix-quarantined-files.txt 2013-04-05 19:13 ComboFix2.txt 2013-04-04 12:35 . Vor Suchlauf: 13 Verzeichnis(se), 25.611.620.352 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 25.303.961.600 Bytes frei . - - End Of File - - 6EBFF43D066842C56A0C743A39164B21 |
05.04.2013, 20:37 | #14 |
/// TB-Ausbilder | snap.do entfernung Ja bitte mit Script wiederholen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
06.04.2013, 16:53 | #15 |
| snap.do entfernung Hier nun das log-file vom korrekten combofix Code:
ATTFilter ComboFix 13-04-06.01 - asmus 06.04.2013 11:07:05.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.1664 [GMT 2:00] ausgeführt von:: c:\users\asmus\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\asmus\Desktop\CFScript.txt AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-06 bis 2013-04-06 )))))))))))))))))))))))))))))) . . 2013-04-06 09:14 . 2013-04-06 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-05 19:50 . 2013-04-05 19:50 53248 ----a-r- c:\users\asmus\AppData\Roaming\Microsoft\Installer\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}\ARPPRODUCTICON.exe 2013-04-05 19:50 . 2013-04-05 19:50 -------- d-----w- c:\program files\Common Files\Lenovo 2013-04-05 19:50 . 2013-04-05 19:50 53248 ----a-r- c:\users\asmus\AppData\Roaming\Microsoft\Installer\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}\ARPPRODUCTICON.exe 2013-04-05 19:50 . 2013-04-05 19:50 -------- d-----w- c:\program files (x86)\Common Files\Lenovo 2013-04-05 19:49 . 2010-09-07 12:09 15472 ----a-w- c:\windows\system32\drivers\smiifx64.sys 2013-04-03 11:25 . 2013-04-03 11:25 -------- d-----w- c:\windows\ERUNT 2013-04-03 11:24 . 2013-04-03 11:49 -------- d-----w- C:\JRT 2013-04-03 08:58 . 2013-04-03 12:09 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-03-29 09:27 . 2013-03-29 09:27 -------- d-----w- c:\users\asmus\AppData\Roaming\PDF Architect 2013-03-29 08:57 . 2013-03-29 08:57 -------- d-----w- c:\program files (x86)\QNAP 2013-03-28 18:40 . 2013-03-28 18:40 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-03-28 18:40 . 2013-03-28 18:40 -------- d--h--w- c:\programdata\Common Files 2013-03-28 18:39 . 2013-03-28 18:40 -------- d-----w- c:\program files (x86)\PDF Architect 2013-03-28 18:39 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2013-03-28 18:39 . 2013-01-11 10:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll 2013-03-28 18:39 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2013-03-28 18:39 . 2013-03-28 18:41 -------- d-----w- c:\program files (x86)\PDFCreator 2013-03-28 18:39 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2013-03-28 18:39 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL 2013-03-28 18:39 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL 2013-03-19 20:38 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-14 12:47 . 2013-03-14 12:47 -------- d-----w- c:\users\asmus\AppData\Roaming\Corel 2013-03-14 12:14 . 2013-03-14 12:14 -------- d-----w- c:\program files\Common Files\Corel 2013-03-14 12:14 . 2013-03-14 12:14 -------- d-----w- c:\program files\Common Files\Protexis 2013-03-14 12:14 . 2013-03-14 12:47 -------- d-----w- c:\programdata\Corel 2013-03-14 12:10 . 2013-03-14 12:10 -------- d-----w- c:\program files\Corel . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 09:07 . 2012-07-05 08:27 2413248 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll 2013-03-15 08:20 . 2012-07-03 15:46 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 08:20 . 2012-07-03 15:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 15:19 . 2012-07-02 15:28 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-06 08:23 . 2013-03-06 08:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-06 08:23 . 2012-09-10 09:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-06 08:23 . 2012-08-02 08:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-14 08:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 08:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 08:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-14 08:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-14 08:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 08:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-13 21:17 . 2013-02-28 08:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17 . 2013-02-28 08:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16 . 2013-02-28 08:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12 . 2013-02-28 08:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35 . 2013-02-28 08:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32 . 2013-02-28 08:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31 . 2013-02-28 08:05 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-01-13 20:22 . 2013-02-28 08:05 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20 . 2013-02-28 08:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-01-13 20:09 . 2013-02-28 08:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08 . 2013-02-28 08:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08 . 2013-02-28 08:05 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-01-13 19:59 . 2013-02-28 08:05 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-01-13 19:58 . 2013-02-28 08:05 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-01-13 19:54 . 2013-02-28 08:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53 . 2013-02-28 08:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53 . 2013-02-28 08:07 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51 . 2013-02-28 08:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-01-13 19:49 . 2013-02-28 08:05 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-01-13 19:48 . 2013-02-28 08:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46 . 2013-02-28 08:05 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-01-13 19:43 . 2013-02-28 08:05 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38 . 2013-02-28 08:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-01-13 19:38 . 2013-02-28 08:05 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-01-13 19:38 . 2013-02-28 08:05 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-01-13 19:37 . 2013-02-28 08:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-01-13 19:25 . 2013-02-28 08:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-01-13 19:24 . 2013-02-28 08:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-01-13 19:24 . 2013-02-28 08:07 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-01-13 19:20 . 2013-02-28 08:05 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-01-13 19:20 . 2013-02-28 08:05 1238528 ----a-w- c:\windows\system32\d3d10.dll 2013-01-13 19:15 . 2013-02-28 08:05 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-01-13 19:10 . 2013-02-28 08:05 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-01-13 19:02 . 2013-02-28 08:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34 . 2013-02-28 08:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32 . 2013-02-28 08:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-01-13 18:09 . 2013-02-28 08:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-01-13 17:26 . 2013-02-28 08:05 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05 . 2013-02-28 08:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISM"="c:\program files (x86)\Common Files\Intel\Intel Software Manager\ism2.exe" [2012-10-08 694752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-08-10 115560] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-12-23 347792] . c:\users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\asmus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled Dropbox.lnk - c:\users\asmus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled OpenVPN Connect.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe [2011-12-27 55296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072] R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-12-27 24064] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-07-03 54824] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-07-03 35104] R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe [2009-08-24 544768] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-17 1432400] R3 RDID1057;UA-1EX;c:\windows\system32\Drivers\rdwm1057.sys [2012-12-11 158592] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\programdata\HandSetService\HuaweiHiSuiteService64.exe [2012-05-03 200032] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208] S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2012-12-18 127120] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-12-04 125504] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-20 342704] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-18 30720] . . Inhalt des "geplante Tasks" Ordners . 2013-04-05 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job - c:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-07-04 01:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\asmus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = backspace.unibw-hamburg.de:3128 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\asmus\AppData\Roaming\Mozilla\Firefox\Profiles\qkil8hio.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: 2013-03-28 19:39; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-04-06 11:17:19 ComboFix-quarantined-files.txt 2013-04-06 09:17 ComboFix2.txt 2013-04-05 19:13 ComboFix3.txt 2013-04-04 12:35 . Vor Suchlauf: 13 Verzeichnis(se), 25.712.431.104 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 25.504.313.344 Bytes frei . - - End Of File - - A7651E92254AB36ADFE408F90C160D20 |
Themen zu snap.do entfernung |
7-zip, antivirus, application/pdf:, battle.net, bonjour, browser, converter, desktop, error, extensioninstallforcelist, flash player, format, google, iexplore.exe, install.exe, internet, internet browser, internet explorer, logfile, malware, mozilla, mp3, office 2007, plug-in, registrierungsdatenbank, registry, rundll, security, server, snap.do malware, software, svchost.exe, swvupdater, symantec, tracker, visual studio, windows |